|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
Computer Freezes constantly for a short moment-Moved by MURF
Well, I've had some strange issues this past week.
Last weekend I was away at a friends cabin, and when I got home I had a couple errors on my computer. I'm notoriously bad for leaving my laptop on when I leave, but I've practically done it since I've owned it for like 2 years now. Anyways, I forget what the errors said, I didn't think it was much of an issue. But the computer when I left it was just on desktop. When I returned, the 2 errors were on the blue startup screen where you select your Users (where you can switch users to start computer etc). Except no users shown and all was available was the blue screen background. I had to force shut down and restarted up. Brings me up to error computer wasn't properly shut down etc. It refused to start. Eventually after running scans and tests the computer finally turned on. But it ran so slow. I've done a few other things, but as you can tell I don't know much about computers. I've got it to run normal for the most part, except every so often the whole computer basically freezes. All programs stop responding, including the internet (but the connection is not lost). It keeps happening and I don't know whats causing it. I haven't done anything different on the computer, I just came back to this and this is what happened. I've run scans, nothing really found. Can you give me an idea of where to start or what to try to fix the issue. What ideas do you have that could be causing this and what should I check. Or if you got more questions I'll answer as best as possible. I'll attempt anything to fix it but please be detailed on what I need to do, I'm not your smartest computer guy so I'll need some help. Anyways, look forward to hearing some replies and hopefully we can figure this out. And I'd like to point out that my computer ran great until I came back and saw it like this. It wasn't slow, it didn't freeze like this. It's definitely a new issue and I didn't do anything differently to cause it, I came back to it like this. Hopefully that helps. EDIT: I forgot to mention I've been having an issue with CTRL ALT DEL as well. I'm getting errors sometimes as well, but it has worked periodically. Maybe that will help pinpoint the problem. Here is error message when pressing CTRL ALT DEL Failure to Display Security and Shut Down Options The logon process was unable to display security and logon options when Ctrl + Alt + Delete was pressed. If the operating system does not respond press esc or restart the computer by using the power switch. Last edited by tclupp04; March 3rd, 2013 at 08:43 PM. |
#2
|
||||
|
||||
Was it connected to the Internet while away? That is maybe a wireless connection? Maybe picked up some malware/spyware.
1. Check what is starting with Windows; START > Search type msconfig, above double click msconfig Go to the Start-Up TAB, this will show you what programs are starting with Windows and run in the Background. A check box means its starting. Most you will be unfamiliar with and some you may recognize. Most do not need to start with Windows (these are shortcuts and when you un-check you are not eliminating the program itself). Many softwares put an entry to start with Windows and can be disabled (un-check the box); examples; Adobe Real Player Quick Time Acrobat Look thru the list do you see anything suprizes; Post it and we can tell yet. svchost is normal and you may see several of them. 2. Next need to check your system files to see if any got corrupted;
|
#3
|
|||
|
|||
Those are the startup programs. I'll try your other suggestions now as well. Those pics of course didn't work so here is a link http://s1338.beta.photobucket.com/us...tml?sort=3&o=0 Let me know if you have trouble seeing them (there should be 2) |
#4
|
|||
|
|||
Scan results also seemed good. Took a SS of that as well its on that link.
Any more suggestions? Ideas? |
#5
|
||||
|
||||
A couple you can uncheck:
uTorrent could be the culprit (if you download files using the Torrent you can start it rather then having it run in the background) Stop It WDDMSTatus.exe (will use CPU a lot- mainly used for an external drive and will send query's out). Stop it Windows Live Messenger (unless you use it a lot) Adobe Acrobat (Stop it) Adobe Reader (Stop it) RimmbbLaunchAgent (This RIMBBLaunchAgent.exe file is part of the Research in Motion (RIMM) driver files) do you use? When you uncheck then hit apply, reboot and a warning will come up (maybe) that tells you what you did, check the box "Don't show this". When you uncheck items, you are not removing the program just a shortcut, so the programs are still there to use either from All Programs, Icon's on your desk top or they will automatically start when you try to use them..i.e., Adobe Reader will open when you click on a PDF file. |
#6
|
|||
|
|||
All done, still seeing lags.
In terms for the External Harddrive. I do use it and stream with PS3 Media server. What affect will it have not being on at startup. All of these programs were on startup before I had this issue, so I'm guessing the problem is something else. Thanks for help so far, let me know if you think of anything else to try |
#7
|
||||
|
||||
Need to check for Malware/Spyware. I am moving this thread over there, they will make sure your not infected. Please be patience as they are busy.
|
#8
|
||||
|
||||
Thanks Murf and hello tclupp04,
I suspect rootkit activity. Let's get a detailed look at things. If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool. And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types" To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed. ------- Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please. ----------- Click here and download the installer for Gmer to your desktop, then click that file to run Gmer. Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. ----------- Download RogueKiller from here to your desktop. Close all open programs Remember to right click -> run as administrator, and click the downloaded file. Wen RogueKiller finises it's opening scan, press the Scan button.. A RKreport.txt will be created in the same location as the RogueKiller file. If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again. Please post the contents of the RKreport.txt. |
#9
|
|||
|
|||
First Scan done OTL:
Here is the info: OTL Extras logfile created on: 3/3/2013 7:20:47 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.84 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 50.22% Memory free 7.68 Gb Paging File | 5.36 Gb Available in Paging File | 69.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 182.69 Gb Free Space | 61.31% Space Free | Partition Type: NTFS Drive E: | 1862.98 Gb Total Space | 1666.07 Gb Free Space | 89.43% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{03D4C12D-F9C0-4CD0-B11A-C64DBFFA7094}" = rport=137 | protocol=17 | dir=out | app=system | "{1C06039A-E380-41B6-B575-B6903E3F9F62}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{23D085DC-9DFB-4410-94A5-BC03B687AA5C}" = rport=138 | protocol=17 | dir=out | app=system | "{41E9D785-D9C1-416F-9187-6325EEF42846}" = rport=139 | protocol=6 | dir=out | app=system | "{445CF599-CBB6-44F0-A9E1-A3AAE0E9357B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{47E901F4-5717-44E6-BE90-539350C79906}" = lport=138 | protocol=17 | dir=in | app=system | "{5EF74D79-566F-488F-89BF-C8A6A2925FCB}" = lport=2869 | protocol=6 | dir=in | app=system | "{604C044D-83E0-4447-ADED-78921ABDA4B5}" = rport=445 | protocol=6 | dir=out | app=system | "{617083F8-62F7-4332-B862-42C7E97E2640}" = lport=139 | protocol=6 | dir=in | app=system | "{657DA41D-CCC8-487A-A292-B5E291A14EB9}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer | "{6D5E995C-BCA5-423E-A70A-BABC0081C13C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{793E64E4-198C-4020-AD56-D83514DC6DC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{799F5BE8-3B9F-422E-91BD-BF562A36F3CC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{80072CD8-766A-48F9-8966-3CB647C55334}" = lport=10243 | protocol=6 | dir=in | app=system | "{8011C6ED-DF4F-41B8-86CD-E207F8375CCD}" = lport=445 | protocol=6 | dir=in | app=system | "{8616F3AC-8E0A-445D-8988-07EBDC96967F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{90746530-8B27-452C-A6AD-599596906CAE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{99653E05-CC9C-46B1-BC5F-B8D7E90FD318}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{9A9796F9-E40F-41D4-A18D-C76A3979AA79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AD0D4102-A603-4723-AE0B-CDED3CB39489}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ADF18B12-E223-4702-BA8A-B51703DFBA94}" = lport=2869 | protocol=6 | dir=in | app=system | "{B6124D03-5627-4B0C-AEAC-7724747922DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BBA8D2B5-1CF2-4E0D-8B20-1AC4136E1546}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CCCD2C7A-78B1-4B7F-A117-30488716671F}" = lport=137 | protocol=17 | dir=in | app=system | "{D460C792-417D-4CB6-92DC-11066A242519}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery | "{D4A09DA4-139C-484F-A123-F96A9DB2FC2E}" = lport=2869 | protocol=6 | dir=in | app=system | "{D54A1F47-72F6-4DB9-B311-BD283F1C0EB2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{DC590D52-C67D-4F32-861F-878E16526FD9}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{E54D0962-3974-4F7D-949C-E549F2868327}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E997D964-D10D-464D-A4D6-1F6EDEA3A3D7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EE361784-1D2E-49E6-B77F-534451A2C602}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F0E544AF-6548-42F6-94A3-2B479C3E6096}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{FC429452-7187-4D84-889F-867F0FE082F7}" = rport=10243 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules] "{0992B8F6-6FB2-4B60-9B83-5EB28B05F596}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{0E9ABC17-1B3C-40DB-B377-F34EB5251BAB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | "{103E4A07-4AB2-4C83-A76F-27F90FE6F535}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{12775DC9-6922-410C-96D5-83E2588E6FA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | "{198FF24C-5E92-4597-B39F-2DA83633B97A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{19C5D810-F1AE-4D6C-9C36-0E7C42572C92}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{1D3E1771-A5E6-4948-9B0F-AF30A10C4B05}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{269CF2FD-2DBC-4AD7-9F4A-86506EBB7E16}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{28BDA0A4-FE59-420C-BFD2-C4AD30598ADD}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{37F19C97-2CDF-4EDE-9599-5B6C16237374}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{43C0DEC9-762A-431B-ADD9-B95C3F6AA9EF}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{445A33F4-4CBA-483A-B126-5386BC1F0849}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{4A893CDE-058F-42B7-BD70-5DF2A4678ACE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{4AB9BC57-AECA-42F0-B274-6CEAB529C38B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4B949020-A224-4F30-8756-785B03697C72}" = protocol=17 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{4BD94908-78DF-446D-9AA0-2FD967B855CD}" = protocol=17 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "{4D520082-C3DE-411F-896E-959A8A5990A0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{52BFB2B2-E5DF-40B3-A80D-5232B938F6D0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{54E7C19D-C6B4-4EA4-BF1A-88DE09913D69}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{55C77155-7E2F-4983-8321-42DD794BF157}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{572365B0-E04B-4F8F-B1A8-9513818F4427}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\launcher.exe | "{5D72A3F2-F91A-4EED-9479-EF3FAADEBFCE}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{6428017C-11ED-49B7-A4DF-9B5DBB564DF4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{666B208E-5FF1-40FA-A0F7-913D0F3CA2DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{6AD7FD3F-6D02-4D4A-8EC2-995727ACC2C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6E9037CE-FCAE-440D-BD4D-823E67D3C788}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{77025098-A275-4124-8C66-4B3D8A70A28D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8ADF7F23-EC81-4D9F-BF1F-F99B715EF66A}" = protocol=6 | dir=out | app=system | "{981E190C-668F-4EB7-BC77-B9C52CEFAE5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{98F12A91-1F3E-4B17-92D0-244C46012B83}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v - demo\civilizationv.exe | "{9B2FD671-92B1-4621-8E09-C60477262894}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{9F06A070-A49B-4EBA-9B9A-1F69C652F005}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{A2638BC9-515E-46DB-B493-0C9C7955C847}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | "{A4CFDD59-6755-4733-BFC6-0147D3019025}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{A62575B5-160E-42EA-9896-055FB9315AF6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{A89C82CA-D666-49D0-8700-8C8900DB200B}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{AA91A052-8CE5-4D79-ADAE-B3DB38F36493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{AC5D3D26-AF5B-4AAC-84A9-31A128FA2C55}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{AC8FC33C-63DE-49A7-B5B4-896BA811F795}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B190BFAB-3875-4937-9D89-18FBCCF4796F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B4877CF1-D443-47FC-9D25-DF34BE872C36}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{BDE93C2E-30E4-4F7E-8922-621A3E9CDBAE}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{C40B00AE-F677-4FF8-A974-B5393D24B6F4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C4492E2D-62FF-40F2-B694-1EF6E7BE6519}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "{C9D9DE98-7859-47AE-9838-27A9EE0B8998}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{D054C607-9319-4B6A-B319-97B2FA58DEA0}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\google\google talk plugin\googletalkplugin.exe | "{D24FED31-5ADF-4514-8B27-44358A9DC75B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D8348EBC-5C7E-476A-9EE4-9D31F6B8BDA6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{E719F2ED-E4E3-4401-8308-C38EE8C69540}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8A44025-2688-479D-AF83-093FDB715C04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EB9177AE-D6E3-40CF-ADF1-6E53E0F9FC67}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F015EFAF-C488-4954-B411-05409CF43E9E}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{F0420EC0-104C-441E-BE0D-D6B7147E81F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F3047874-66CB-4F7B-82A6-A39F25A53452}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{F340F3AE-6786-4993-8CF7-F94CE83DA6E8}" = protocol=6 | dir=in | app=c:\program files (x86)\limewire\limewire.exe | "{FB0BF854-D9FC-493E-BBDF-FCADC56BCE41}" = protocol=6 | dir=in | app=c:\program files (x86)\research in motion\blackberry desktop\rim.desktop.exe | "TCP Query User{593ABDB2-2611-4978-B233-93CE3ECF9468}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{59CC707D-0ACA-47D0-8BBD-57911423ABA4}C:\program files (x86)\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | "TCP Query User{7311C866-AAB6-4B76-8BBB-D01C6D13300B}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "TCP Query User{CF048908-AC17-47B6-BAFE-DD6E554840D5}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "TCP Query User{DC02263D-69CB-40D5-BB7B-12F0D1F34984}C:\program files (x86)\tibiacast\tibiacast client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tibiacast\tibiacast client.exe | "UDP Query User{019C1C7C-2DC0-4401-8545-D8D3D2DF9282}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{268C09FC-0A51-4C2E-9ACF-63180430B668}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | "UDP Query User{6BA7562C-8A07-459B-B434-39062F84BEC2}C:\program files (x86)\tibiacast\tibiacast client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tibiacast\tibiacast client.exe | "UDP Query User{C74356B2-AEEF-45C7-B13E-56D084BEF467}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | "UDP Query User{DAC4305D-8320-4D33-957C-938138A36074}C:\program files (x86)\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire\frostwire.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support "{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes "{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{0932F3C9-7425-472D-8FAC-A2F975F2F857}" = XenoBot "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0C5B0695-1D62-4E01-A888-F814949D30D1}" = Tibiacast "{12B4121D-5221-4AFC-9EDC-63B0CA139856}_is1" = ***ast 2.11 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217011FF}" = Java 7 Update 11 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39DA0EDF-90DB-401C-911E-D9FD21198375}" = Tibiacast "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5BEBD7F0-5544-3B4C-8D15-7154AA35BEA2}" = Google Talk Plugin "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{96B20C36-4F3E-4CA2-8583-FB2999E16A6E}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9650 smartphone "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor "armadacustomtoolbarwsyahoo" = Armada Custom Toolbar - WS Yahoo "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FrostWire" = FrostWire 4.21.6 "Governor of Poker 2" = Governor of Poker 2 "iLivid" = iLivid "InstallShield_{B9ECA41B-55CC-4654-B6B5-6731D009EC69}" = NTI Backup Now EZ "LimeWire" = LimeWire 5.5.16 "MP3 Rocket" = MP3 Rocket "PokerStars" = PokerStars "Portforward Static IP Address" = Portforward Static IP Address 1.0.45 "PricePeep" = PricePeep for Google Chrome "PS3 Media Server" = PS3 Media Server "Searchqu 406 MediaBar" = Windows iLivid Toolbar "ST6UNST #1" = Recorder "Steam App 65900" = Sid Meier's Civilization V - Demo "Tibia Testserver_is1" = Tibia Testserver "Tibia_is1" = Tibia "TMIPC" = Tibia MULTI-ip changer "TuneUpMedia" = TuneUp Companion 2.4.2 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4102973813-1585531810-747460057-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 3/1/2013 7:53:59 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4102973813-1585531810-747460057-1000.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4102973813-1585531810-747460057-1000.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 3/3/2013 5:52:03 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: WMIADAP.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc789 Faulting module name: WMIADAP.EXE, version: 6.1.7600.16385, time stamp: 0x4a5bc789 Exception code: 0xc0000006 Fault offset: 0x0000000000019d3c Faulting process id: 0x728 Faulting application start time: 0x01ce18590911dbb8 Faulting application path: \\?\C:\Windows\system32\wbem\WMIADAP.EXE Faulting module path: \\?\C:\Windows\system32\wbem\WMIADAP.EXE Report Id: 949ba9cf-844c-11e2-9b75-00262230a9e3 Error - 3/3/2013 5:52:03 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_wuauserv, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp: 0x4ec4aa8e Exception code: 0xc0000006 Fault offset: 0x000000000003cb98 Faulting process id: 0x3b8 Faulting application start time: 0x01ce18584d382448 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 949bd0df-844c-11e2-9b75-00262230a9e3 Error - 3/3/2013 5:52:03 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c9db Exception code: 0xc0000006 Fault offset: 0x00000000000a2f60 Faulting process id: 0x374 Faulting application start time: 0x01ce18584d310027 Faulting application path: C:\Windows\System32\svchost.exe Faulting module path: c:\windows\system32\sysmain.dll Report Id: 949bf7ef-844c-11e2-9b75-00262230a9e3 Error - 3/3/2013 5:52:06 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe_DPS, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: diagperf.dll, version: 6.1.7601.17514, time stamp: 0x4ce7c5cc Exception code: 0xc0000006 Fault offset: 0x0000000000027be0 Faulting process id: 0x4ac Faulting application start time: 0x01ce185851081878 Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\system32\diagperf.dll Report Id: 96f84754-844c-11e2-9b75-00262230a9e3 Error - 3/3/2013 5:52:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\wuaueng.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\wuaueng.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 3/3/2013 5:52:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\diagperf.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\diagperf.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 3/3/2013 5:52:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\wbem\WMIADAP.exe for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program WMI Reverse Performance Adapter Maintenance Utility because of this error. Program: WMI Reverse Performance Adapter Maintenance Utility File: C:\Windows\System32\wbem\WMIADAP.exe The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 3/3/2013 5:52:07 PM | Computer Name = Owner-PC | Source = Application Error | ID = 1005 Description = Windows cannot access the file C:\Windows\System32\sysmain.dll for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\System32\sysmain.dll The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error - 3/3/2013 5:59:45 PM | Computer Name = Owner-PC | Source = SecurityCenter | ID = 3 Description = The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus, AntiSpyware and Firewall. Error - 3/3/2013 6:00:15 PM | Computer Name = Owner-PC | Source = Schedule | ID = 0 Description = [ OSession Events ] Error - 8/10/2010 6:19:10 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash. Error - 11/28/2010 10:48:54 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. Error - 8/19/2011 6:13:22 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash. Error - 12/31/2011 9:12:08 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9 seconds with 0 seconds of active time. This session ended with a crash. Error - 7/22/2012 9:11:54 AM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. Error - 3/3/2013 9:30:14 PM | Computer Name = Owner-PC | Source = atapi | ID = 262155 Description = The driver detected a controller error on \Device\Ide\IdePort1. < End of report > |
#10
|
|||
|
|||
OTL logfile created on: 3/3/2013 7:20:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Owner\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.84 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 50.22% Memory free 7.68 Gb Paging File | 5.36 Gb Available in Paging File | 69.73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 182.69 Gb Free Space | 61.31% Space Free | Partition Type: NTFS Drive E: | 1862.98 Gb Total Space | 1666.07 Gb Free Space | 89.43% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/03/03 19:20:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe PRC - [2013/01/29 21:51:15 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\javaw.exe PRC - [2012/09/19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe PRC - [2012/09/19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe PRC - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe PRC - [2011/09/23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe PRC - [2011/04/08 12:48:04 | 000,231,592 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe ========== Modules (No Company Name) ========== MOD - [2013/02/27 09:49:35 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_60 2_171.dll MOD - [2013/02/20 23:23:44 | 000,459,728 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\ppGoogleNaClPluginChrome.dll MOD - [2013/02/20 23:23:42 | 004,050,896 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\pdf.dll MOD - [2013/02/20 23:22:51 | 000,596,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\libglesv2.dll MOD - [2013/02/20 23:22:50 | 000,124,368 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\libegl.dll MOD - [2013/02/20 23:22:48 | 001,552,848 | ---- | M] () -- C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\ffmpegsumo.dll MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/02/27 09:49:35 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/01/18 05:49:14 | 000,541,608 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/09/19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV - [2012/09/19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup) SRV - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService) SRV - [2011/09/23 21:51:22 | 000,045,592 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 17:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/08/28 09:33:48 | 000,292,400 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/06/10 15:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/05/05 16:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2009/05/05 16:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2009/03/01 22:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2007/11/09 04:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchT erms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchT erms} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2438727 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406 IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E B8 8C 23 99 32 CB 01 [binary data] IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes,DefaultScope = {6356468F-5C9D-4ACE-9E62-B2E2A0ABC796} IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo.com/search?fr=vmn&type=adrevmedia-armadacustomtoolbarwsyahoo-1_0-ya-ch&q={searchTerms} IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{6356468F-5C9D-4ACE-9E62-B2E2A0ABC796}: "URL" = http://search.avg.com/?d=4e424375&i=23&tp=chrome&q={searchTerms}&lng={la nguage}&nt=1 IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://www.searchqu.com/web?src=ieb&appid=119&systemid=406&sr=0&q={searchT erms} IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A69}: "URL" = http://search.bearshare.com/web?src=ieb&systemid=2&q={searchTerms} IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&cti d=CT2438727 IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4102973813-1585531810-747460057-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_60 2_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_60 2_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npg oogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npo 1d.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npg tpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21. 135\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21. 135\npGoogleUpdate3.dll (Google Inc.) [2010/08/03 15:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2010/08/03 15:25:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\ mozswing@mozswing.org ========== Chrome ========== CHR - default_search_provider: Web Search (Enabled) CHR - default_search_provider: search_url = http://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchT erms} CHR - default_search_provider: suggest_url = CHR - homepage: http://www.yahoo.ca/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\Applica tion\25.0.1364.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_20 2_235.dll CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfme joahla\12.0.0.2161_0\plugins/avgnpss.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npg oogletalk.dll CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npg tpo3dautoplugin.dll CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Owner\AppData\Local\Google\Update\1.3.21. 111\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2.5_1\ CHR - Extension: AT_Rampage_v2 = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknkimpcfkpmmikggddpidpmal jigegp\3\ CHR - Extension: Google Search = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.19_1\ CHR - Extension: Gmail = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\7_1\ O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2:64bit: - BHO: (SearchCore for Browsers) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Armada Custom Toolbar - WS Yahoo) - {e9304219-15a8-464f-b6a1-97559bdc9a98} - C:\Program Files (x86)\armadacustomtoolbarwsyahoo\armadacustomtoolb arX.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - No CLSID value found. O3 - HKLM\..\Toolbar: (Armada Custom Toolbar - WS Yahoo) - {e9304219-15a8-464f-b6a1-97559bdc9a98} - C:\Program Files (x86)\armadacustomtoolbarwsyahoo\armadacustomtoolb arX.dll () O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security)) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\PS3 Media Server (2).lnk = C:\Program Files (x86)\PS3 Media Server\PMS.exe (PS3 Media Server) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\***astDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\***astDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\***astDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\***astDrv.dll (Initex) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\***astDrv.dll (Initex) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\***astDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\***astDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\***astDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\***astDrv.dll (Initex) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\***astDrv.dll (Initex) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinner.com/games/v47...m/skillgam.cab (Reg Error: Key error.) O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary...r.cab56986.cab (Reg Error: Key error.) O16 - DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} http://www.worldwinner.com/games/v53...s/wwhearts.cab (Reg Error: Key error.) O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary...n.cab56986.cab (Reg Error: Key error.) O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.) O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/lau...0/iewwload.cab (Reg Error: Key error.) O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinner.com/games/v46...y/monopoly.cab (Reg Error: Key error.) O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary...t.cab56907.cab (Reg Error: Key error.) O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinner.com/games/v45.../mysterypi.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.11.2) O16 - DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} http://www.worldwinner.com/games/v44...ol/golfsol.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary...r.cab56986.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.100.254 192.168.100.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{1CA052EF-E6F5-4E21-8B04-F7FF5F808548}: DhcpNameServer = 192.168.100.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{305688D1-7686-4D29-A57F-207DCE2CC91B}: DhcpNameServer = 192.168.100.254 192.168.100.254 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\gopher - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/03/03 14:11:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3A2841FA-EA86-4282-9148-9894FF11BC34} [2013/03/02 12:30:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D23E81DE-1913-4519-9F7A-896E20EC6E3D} [2013/03/02 10:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/03/02 10:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/03/02 10:44:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/03/01 18:18:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{3B72E5D6-BF9A-4F2F-AEE0-06DA5F443DA8} [2013/02/27 03:22:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{09051B78-D27E-4E82-84C4-FD0948B68214} [2013/02/27 03:00:33 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll [2013/02/27 03:00:32 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll [2013/02/27 03:00:32 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll [2013/02/27 03:00:32 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll [2013/02/27 03:00:31 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll [2013/02/27 03:00:31 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll [2013/02/27 03:00:29 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/02/27 03:00:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:29 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013/02/27 03:00:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:29 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013/02/27 03:00:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:29 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013/02/27 03:00:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:29 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013/02/27 03:00:28 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/02/27 03:00:28 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2013/02/27 03:00:27 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2013/02/27 03:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013/02/27 03:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:27 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll [2013/02/27 03:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:27 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll [2013/02/27 03:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll [2013/02/27 03:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:27 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll [2013/02/27 03:00:26 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013/02/27 03:00:26 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2013/02/27 03:00:26 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013/02/27 03:00:26 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/02/27 03:00:26 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2013/02/27 03:00:26 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/02/27 03:00:26 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll [2013/02/27 03:00:26 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/02/27 03:00:26 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/02/27 03:00:25 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/02/27 03:00:25 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/02/27 03:00:25 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013/02/27 03:00:25 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll [2013/02/25 08:20:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{FF3C1F7A-533E-44D3-9346-EB40E0A534AD} [2013/02/24 22:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013/02/24 21:29:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2013/02/24 21:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/24 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Programs [2013/02/24 21:22:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\CRE [2013/02/24 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{53778BBC-1896-46DA-B45E-FF24BF6D1014} [2013/02/24 19:34:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DBF00EF4-E764-413C-A8E8-5E27171A7501} [2013/02/24 19:09:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{52298DE6-5114-447D-9D08-5B3324DBCA04} [2013/02/22 22:12:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D1AAC20-5E09-43BF-9D18-14FF8F1EDD7E} [2013/02/14 20:55:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DA48AAC7-FD21-4EE7-BDD1-7CB29EFABAD9} [2013/02/13 03:33:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{CD712BE6-226E-4B82-8FAD-6A62DE8B9553} [2013/02/13 03:01:24 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 03:01:24 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 03:01:23 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 03:01:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 03:01:23 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 03:01:22 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 03:01:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 03:01:22 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 03:01:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 03:01:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 03:01:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 03:01:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 03:01:17 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 03:01:17 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 03:01:17 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/13 02:41:27 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013/02/13 02:41:26 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013/02/13 02:41:25 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013/02/13 02:41:10 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/13 02:41:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/13 02:41:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/13 02:41:09 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/13 02:41:09 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/13 02:41:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/13 02:40:59 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013/02/11 16:58:40 | 000,079,464 | ---- | C] (Initex) -- C:\Windows\SysNative\***astDrv.dll [2013/02/11 16:58:40 | 000,072,296 | ---- | C] (Initex) -- C:\Windows\SysWow64\***astDrv.dll [2013/02/11 16:58:40 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SPORDER.DLL [2013/02/11 16:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\***ast [2013/02/11 16:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\***ast [2013/02/10 10:01:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6474B125-34CA-4C7B-B6D6-5713B0D0A5AB} [2013/02/02 11:40:27 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0567FAD8-9562-4A9D-9390-F0981C0241DB} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/03/03 15:51:58 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/03 15:44:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/03 15:44:09 | 3092,938,752 | -HS- | M] () -- C:\hiberfil.sys [2013/03/03 15:23:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102973813-1585531810-747460057-1000UA.job [2013/03/03 14:02:13 | 000,007,601 | ---- | M] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg [2013/03/03 13:31:16 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4102973813-1585531810-747460057-1000Core.job [2013/03/03 02:34:05 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/03 02:34:05 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/02 12:43:42 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/03/02 12:43:42 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/03/02 12:43:30 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/03/02 10:47:12 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/02/27 09:49:35 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/27 09:49:35 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 16:37:46 | 000,002,364 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk [2013/02/25 06:55:52 | 572,344,243 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/02/24 23:16:13 | 000,132,554 | ---- | M] () -- C:\Users\Owner\Documents\cc_20130224_231536.reg [2013/02/24 22:43:58 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/02/13 03:30:33 | 000,413,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/03/02 10:47:12 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/03/02 10:46:52 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/02/25 06:55:52 | 572,344,243 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013/02/24 23:15:43 | 000,132,554 | ---- | C] () -- C:\Users\Owner\Documents\cc_20130224_231536.reg [2013/02/24 22:43:58 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/12/26 23:57:24 | 000,007,601 | ---- | C] () -- C:\Users\Owner\AppData\Local\Resmon.ResmonCfg [2011/10/28 20:17:01 | 000,005,073 | ---- | C] () -- C:\ProgramData\trsuvqoh.elh [2011/05/02 20:00:32 | 000,000,129 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences2.dat [2011/05/02 19:59:38 | 000,000,034 | ---- | C] () -- C:\Users\Owner\jagex_runescape_preferences.dat [2011/03/31 04:48:38 | 000,005,632 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/17 23:54:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\cls id\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc8 7-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA 9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free Part 2 of OTL Scan [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CD B-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\cl sid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > |
#11
|
|||
|
|||
Gmer Scan:
GMER 2.1.19115 - http://www.gmer.net Rootkit scan 2013-03-03 19:57:35 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK3255GSX rev.FG011M 298.09GB Running: c7oq4cv1.exe; Driver: C:\Users\Owner\AppData\Local\Temp\kgloapow.sys ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe[2440] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[4032] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[580] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074ba1465 2 bytes [BA, 74] .text C:\Program Files (x86)\Java\jre7\bin\javaw.exe[2104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074ba14bb 2 bytes [BA, 74] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [4024:3888] 000007fefaee2a7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D3 6E972-E325-11CE-BFC1-08002BE10318}\{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}\Connection@Name isatap.{755319F1-C2CE-4892-8465-BC6346368E2F} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}?\Device\{7E9A857A-3523-471E-BC55-3BA9CBFEA25A}?\Device\{D6C81F98-E965-4F5D-9FB9-F26A3F7A3D4F}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}"?"{7E9A857A-3523-471E-BC55-3BA9CBFEA25A}"?"{D6C81F98-E965-4F5D-9FB9-F26A3F7A3D4F}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d3 6e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}?\Device\TCPIP6TUNNEL_{7E9A857A-3523-471E-BC55-3BA9CBFEA25A}?\Device\TCPIP6TUNNEL_{D6C81F98-E965-4F5D-9FB9-F26A3F7A3D4F}? Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Pa rameters\Isatap\{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}@InterfaceName isatap.{755319F1-C2CE-4892-8465-BC6346368E2F} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Pa rameters\Isatap\{6BC7AF3B-FCE0-4986-A55C-53E4574DC573}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Epoch2@Epoch 4858 ---- EOF - GMER 2.1 ---- |
#12
|
|||
|
|||
And final report:
RogueKiller V8.5.2 [Feb 23 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Owner [Admin rights] Mode : Scan -- Date : 03/03/2013 20:01:34 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK3255GSX ATA Device +++++ --- User --- [MBR] 5017f0642c58cdba2a228297a005d9ab [BSP] 4ae4a03ea2905ff62ac7699e79034b21 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 305143 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: WD My Book 1140 USB Device +++++ --- User --- [MBR] 826c768e1d647d67f8545950a13d16a5 [BSP] 717dd44c70d9301a3f6f6f49130ee44d : Windows XP MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907696 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1]_S_03032013_02d2001.txt >> RKreport[1]_S_03032013_02d2001.txt |
#13
|
||||
|
||||
Only adware/search hijacker stuff so far, but those can impact things as well.
Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change". iLivid - Adware, spyware, search hijacker. Anti-phishing Domain Advisor - Adware, spyware, search hijacker. Armada Custom Toolbar - WS Yahoo - Adware, spyware, search hijacker. PricePeep for Google Chrome - Adware. TuneUp Companion 2.4.2 - By the looks of these reviews, this thing's a piece of junk. --------------- Reboot. Then download AdwCleaner by Xplode onto your desktop.
|
#14
|
|||
|
|||
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\DataMngr_Toolbar Key Found : HKCU\Software\ilivid Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Found : HKCU\Software\Softonic Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\Software\AVG Secure Search Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.e xe Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9} Key Found : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI3 2 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANC S Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASA PI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASM ANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_R ASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_R ASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Sear chqu_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Sear chqu_RASMANCS Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1B730 ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44B61 9BC-3D2B-4990-AA4F-9AA366921792} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5 F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Searchqu 406 MediaBar Key Found : HKLM\SOFTWARE\Classes\CLSID\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115} Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87} Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515} Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792} Key Found : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{9D717F81-9148-4F12-8568-69135F087DB0} Key Found : HKU\S-1-5-21-4102973813-1585531810-747460057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-4102973813-1585531810-747460057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} Key Found : HKU\S-1-5-21-4102973813-1585531810-747460057-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] ***** [Internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16464 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchqu.com/406 -\\ Google Chrome v25.0.1364.97 File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.59] : search_url = "hxxp://www.searchqu.com/web?src=crb&appid=119&systemid=406&sr=0&q={searchT erms}", ************************* AdwCleaner[R1].txt - [6875 octets] - [03/03/2013 22:17:08] ########## EOF - C:\AdwCleaner[R1].txt - [6935 octets] ########## |
#15
|
||||
|
||||
The earlier error logs still smack of rootkit activity, so we'll need to check that further.
Open AdwCleaner, and click the Uninstall button to have it remove itself. ---------- Be sure to continue to temporarily disable any protective software when running the scan tools we use here. Download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive. A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
Computer freezes up constantly | JasonW | Windows XP | 8 | January 21st, 2012 05:46 AM |
Computer Constantly Freezes | muxidarkchild | Hardware | 3 | August 30th, 2006 09:02 PM |
My mouse freezes- Moved by Murf from XP | momostarkie | Malware Removal | 4 | March 6th, 2006 07:38 PM |
New Computer - Short periodic freezes | pikkle | Windows XP | 5 | October 1st, 2004 10:40 PM |
My computer freezes constantly! | cmillar | Windows XP | 4 | January 19th, 2003 10:09 PM |
All times are GMT +1. The time now is 06:12 AM.