Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkits discovered...need assistance (logs attached)


  • Please log in to reply
17 replies to this topic

#1 art_vandelay

art_vandelay

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 17 August 2013 - 11:23 AM

Hello.

 

I've been working with another BC expert here on helping with a persistent BSOD issue, which seems to be resolved now. However, in running ESET scanner, the expert noticed evidence of rootkits and suggested I create a separate case for that. 

 

On another note, the computer does seem to be running quite slow whenever I click on Start and then type something into Windows search...the icon circles forever and then doesn't yield any results. A

 

Additionally, I frequently am getting an error when browsing the internet (using IE).  "Unable to find locale data files. Please reinstall."

 

Below is the DDS log, and I've attached Attach.txt.  Thank you very much for your help.

 

Best,

 

art_vandelay.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16496
Run by Lindholm at 9:09:49 on 2013-08-17
.
============== Running Processes ================
.
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={FA7DE810-C26F-11E2-97BB-002564007D9E}
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Trusted Zone: google.com
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} - hxxp://71.227.145.16/UltraMJCamX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://www.silvermt.com/activex/AMC.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} - hxxp://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EFA115CF-8A60-44F7-92CD-B3CF9D03067B} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\npchrome_frame.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\browseui.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Updater By SweetPacks: {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} -
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-mPolicies-Explorer: NoDrives = dword:0
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - LocalServer32 - <no file>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - LocalServer32 - <no file>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R? !SASCORE;SAS Core Service
R? 29727479;29727479
R? 96002041;96002041
R? AERTFilters;Andrea RT Filters Service
R? akguwdcm;akguwdcm
R? Andbus;LGE Android Platform Composite USB Device
R? AndDiag;LGE Android Platform USB Serial Port
R? AndGps;LGE Android Platform USB GPS NMEA Port
R? ANDModem;LGE Android Platform USB Modem
R? BBSvc;Bing Bar Update Service
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DockLoginService;Dock Login Service
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety Service
R? gupdate1c9fea6c2fe4600;Google Update Service (gupdate1c9fea6c2fe4600)
R? PerfHost;Performance Counter DLL Host
R? PxHlpa64;PxHlpa64
R? SkypeUpdate;Skype Updater
R? UMVPFSrv;UMVPFSrv
R? USBAAPL64;Apple Mobile USB Driver
R? wlcrasvc;Windows Live Mesh remote connections service
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? FontCache;Windows Font Cache Service
S? LVRS64;Logitech RightSound Filter Driver
S? LVUVC64;Logitech Webcam 250(UVC)
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-08-16 22:27:44 78185248 ----a-w- C:\Windows\System32\mrt.exe
2013-08-10 11:15:02 899584 ----a-w- C:\MicrosoftFixit50535.msi
2013-06-13 00:00:16 709632 ----a-w- C:\Windows\is-8TG5D.exe
2013-06-12 07:08:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 07:08:39 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-29 06:15:56 17829376 ----a-w- C:\Windows\System32\mshtml.dll
2013-05-29 05:50:31 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-05-29 05:43:16 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-05-29 05:36:04 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-05-29 05:33:15 237056 ----a-w- C:\Windows\System32\url.dll
2013-05-29 05:31:32 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-05-29 05:29:56 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-05-29 05:29:05 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-05-29 05:29:02 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-05-29 05:27:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-05-29 05:27:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-05-29 05:25:46 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-05-29 05:18:27 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-05-29 01:56:15 12333568 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-05-29 01:50:14 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-05-29 01:48:09 9738752 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:30 1104384 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-05-29 01:41:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-05-29 01:40:26 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-05-29 01:38:29 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-05-29 01:37:15 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-05-29 01:35:56 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-05-29 01:35:00 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-05-29 01:33:39 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-05-29 01:33:32 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-05-29 01:29:36 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
.
============= FINISH:  9:11:15.54 ===============
 

Attached Files


Edited by art_vandelay, 17 August 2013 - 11:26 AM.


BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 21 August 2013 - 03:52 PM

Hi art_vandelay
 

However, in running ESET scanner, the expert noticed evidence of rootkits and suggested I create a separate case for that.

I took a look at that thread and those files had been in the TDSSKiller quarantine folder since last September.
They should have been removed along with the programs that created them.

I also see from the DDS reports that you haven't installed another AV yet.
That's the first job and then we'll start on what else is showing in the reports.

Step 1
You need to install an antivirus program as soon as you can and run a complete scan of the computer:Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

If choosing Avira, don't allow any Toolbars to be installed


Step 2
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3
If you have a copy of Otl on your system, please right click on the Otl icon and select delete.
  • Download OTL to your desktop.
    right click on the link and select 'Save Link/Target As'.

    if you have problems, try this download link:
    OTL
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check
.

.
Otllatest.png

Now copy the lines in bold below.

netsvcs
msconfig
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\*
%USERPROFILE%\..|smtmp;true;true;true /FP
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
    .
  • Click the Run Scan button.

    runscan.png
  • Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.
In your next reply, please submit:
JRT.txt
and both reports from Otl.


Thanks.

unite1.png


#3 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 21 August 2013 - 09:09 PM

"I took a look at that thread and those files had been in the TDSSKiller quarantine folder since last September.
They should have been removed along with the programs that created them."

 

Question:  Should I delete those files and programs as you mentioned or will the steps you outlined eliminate those?

 

Thanks.
 



#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 22 August 2013 - 12:29 AM

Hi art_vandelay

Those files in question have already been deleted by Eset, so nothing to worry about there.
We will remove the programs at the end of this thread, along with any we use this time.
Just follow the steps above for now.

Thanks.

unite1.png


#5 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 24 August 2013 - 10:01 PM

OK, I installed Avira and ran a full scan.  There didn't appear to be anything that it could not remove.  It listed two "hidden objects". 

 

Now, when I tried to run JRT I had a few issues.  I disabled Avira, and chose "Run as Adminstrator", however...

 

#1:  When it got to the "Checking Modules" part, an error appeared underneath this, It said "Server Execution Failed".  From there it went onto Checking Processes, Services, Files, Folders with apparently no issues. 

 

#2:  When it got to "Checking Registry", I continued to get Windows Popup errors saying "Registry Console Tool Has Stopped Working". I would hit Close Program and then it would immediately pop up again.  Only thing I could do was "X-out" of the JRT program. 

 

 

Here is the log of the Avira scan.

 

Thanks.

 

 

Avira Free Antivirus
Report file date: Saturday, August 24, 2013  09:08

The program is running as an unrestricted full version.
Online services are available.

Licensee        : Avira Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows ™ Vista Home Premium
Windows version : (Service Pack 2)  [6.0.6002]
Boot mode       : Normally booted
Username        : Lindholm
Computer name   : MARINERS

Version information:
BUILD.DAT       : 13.0.0.3885    54851 Bytes    8/1/2013 14:44:00
AVSCAN.EXE      : 13.6.0.1722   634936 Bytes   8/24/2013 15:53:31
AVSCANRC.DLL    : 13.6.0.1550    52280 Bytes   8/24/2013 15:53:31
LUKE.DLL        : 13.6.0.1550    65080 Bytes   8/24/2013 15:54:14
AVSCPLR.DLL     : 13.6.0.1712    92216 Bytes   8/24/2013 15:53:31
AVREG.DLL       : 13.6.0.1550   247864 Bytes   8/24/2013 15:53:29
avlode.dll      : 13.6.2.1704   449592 Bytes   8/24/2013 15:53:26
avlode.rdf      : 13.0.1.40      26825 Bytes   8/24/2013 15:55:13
VBASE000.VDF    : 7.11.70.0   66736640 Bytes    4/4/2013 15:51:28
VBASE001.VDF    : 7.11.74.226  2201600 Bytes   4/30/2013 15:51:35
VBASE002.VDF    : 7.11.80.60   2751488 Bytes   5/28/2013 15:51:44
VBASE003.VDF    : 7.11.85.214  2162688 Bytes   6/21/2013 15:51:50
VBASE004.VDF    : 7.11.91.176  3903488 Bytes   7/23/2013 15:52:02
VBASE005.VDF    : 7.11.91.177     2048 Bytes   7/23/2013 15:52:02
VBASE006.VDF    : 7.11.91.178     2048 Bytes   7/23/2013 15:52:03
VBASE007.VDF    : 7.11.91.179     2048 Bytes   7/23/2013 15:52:03
VBASE008.VDF    : 7.11.91.180     2048 Bytes   7/23/2013 15:52:03
VBASE009.VDF    : 7.11.91.181     2048 Bytes   7/23/2013 15:52:03
VBASE010.VDF    : 7.11.91.182     2048 Bytes   7/23/2013 15:52:03
VBASE011.VDF    : 7.11.91.183     2048 Bytes   7/23/2013 15:52:03
VBASE012.VDF    : 7.11.91.184     2048 Bytes   7/23/2013 15:52:04
VBASE013.VDF    : 7.11.92.32    156160 Bytes   7/24/2013 15:52:04
VBASE014.VDF    : 7.11.92.147   168960 Bytes   7/25/2013 15:52:05
VBASE015.VDF    : 7.11.93.93    419328 Bytes   7/28/2013 15:52:06
VBASE016.VDF    : 7.11.93.170  1403392 Bytes   7/29/2013 15:52:10
VBASE017.VDF    : 7.11.94.31    222208 Bytes   7/31/2013 15:52:11
VBASE018.VDF    : 7.11.94.141   273408 Bytes    8/3/2013 15:52:12
VBASE019.VDF    : 7.11.94.203   200192 Bytes    8/4/2013 15:52:13
VBASE020.VDF    : 7.11.95.8    1925632 Bytes    8/5/2013 15:52:19
VBASE021.VDF    : 7.11.95.81    203776 Bytes    8/6/2013 15:52:20
VBASE022.VDF    : 7.11.95.175   148480 Bytes    8/7/2013 15:52:20
VBASE023.VDF    : 7.11.95.248  1224192 Bytes    8/9/2013 15:52:24
VBASE024.VDF    : 7.11.96.43    861184 Bytes   8/10/2013 15:52:27
VBASE025.VDF    : 7.11.97.50   1084416 Bytes   8/19/2013 15:52:30
VBASE026.VDF    : 7.11.97.133   369664 Bytes   8/21/2013 15:52:31
VBASE027.VDF    : 7.11.97.251   274432 Bytes   8/24/2013 15:52:32
VBASE028.VDF    : 7.11.97.252     2048 Bytes   8/24/2013 15:52:33
VBASE029.VDF    : 7.11.97.253     2048 Bytes   8/24/2013 15:52:33
VBASE030.VDF    : 7.11.97.254     2048 Bytes   8/24/2013 15:52:33
VBASE031.VDF    : 7.11.98.18     36352 Bytes   8/24/2013 15:52:33
Engine version  : 8.2.12.110
AEVDF.DLL       : 8.1.3.4       102774 Bytes   8/24/2013 15:52:48
AESCRIPT.DLL    : 8.1.4.144     512382 Bytes   8/24/2013 15:52:48
AESCN.DLL       : 8.1.10.4      131446 Bytes   8/24/2013 15:52:48
AESBX.DLL       : 8.2.16.26    1245560 Bytes   8/24/2013 15:52:50
AERDL.DLL       : 8.2.0.128     688504 Bytes   8/24/2013 15:52:47
AEPACK.DLL      : 8.3.2.24      749945 Bytes   8/24/2013 15:52:46
AEOFFICE.DLL    : 8.1.2.76      205181 Bytes   8/24/2013 15:52:45
AEHEUR.DLL      : 8.1.4.572    6115706 Bytes   8/24/2013 15:52:44
AEHELP.DLL      : 8.1.27.4      266617 Bytes   8/24/2013 15:52:37
AEGEN.DLL       : 8.1.7.12      442743 Bytes   8/24/2013 15:52:36
AEEXP.DLL       : 8.4.1.52      299383 Bytes   8/24/2013 15:52:50
AEEMU.DLL       : 8.1.3.2       393587 Bytes   8/24/2013 15:52:35
AECORE.DLL      : 8.1.32.0      201081 Bytes   8/24/2013 15:52:35
AEBB.DLL        : 8.1.1.4        53619 Bytes   8/24/2013 15:52:34
AVWINLL.DLL     : 13.6.0.1550    23608 Bytes   8/24/2013 15:47:59
AVPREF.DLL      : 13.6.0.1550    48184 Bytes   8/24/2013 15:53:29
AVREP.DLL       : 13.6.0.1550   175672 Bytes   8/24/2013 15:53:29
AVARKT.DLL      : 13.6.0.1626   258104 Bytes   8/24/2013 15:53:11
AVEVTLOG.DLL    : 13.6.0.1550   164920 Bytes   8/24/2013 15:53:16
SQLITE3.DLL     : 3.7.0.1       394824 Bytes   8/24/2013 15:54:43
AVSMTP.DLL      : 13.6.0.1550    59960 Bytes   8/24/2013 15:53:33
NETNT.DLL       : 13.6.0.1550    13368 Bytes   8/24/2013 15:54:24
RCIMAGE.DLL     : 13.4.0.360   4782880 Bytes   8/24/2013 15:48:02
RCTEXT.DLL      : 13.6.0.1624    65080 Bytes   8/24/2013 15:48:02

Configuration settings for the scan:
Jobname.............................: Scan for Rootkits and active malware
Configuration file..................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: Complete
Deviating risk categories...........: +GAME,

Start of the scan: Saturday, August 24, 2013  09:08

Starting search for hidden objects.
Error in ARK library
Hidden driver
Hidden driver

The scan of running processes will be started:
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '65' Module(s) have been scanned
Scan process 'svchost.exe' - '95' Module(s) have been scanned
Scan process 'svchost.exe' - '43' Module(s) have been scanned
Scan process 'SLsvc.exe' - '28' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'svchost.exe' - '90' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'MSCamS64.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '74' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '74' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '22' Module(s) have been scanned
Scan process 'svchost.exe' - '28' Module(s) have been scanned
Scan process 'Dwm.exe' - '37' Module(s) have been scanned
Scan process 'Explorer.EXE' - '146' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '71' Module(s) have been scanned
Scan process 'unsecapp.exe' - '34' Module(s) have been scanned
Scan process 'iexplore.exe' - '120' Module(s) have been scanned
Scan process 'iexplore.exe' - '128' Module(s) have been scanned
Scan process 'GoogleToolbarUser_32.exe' - '74' Module(s) have been scanned
Scan process 'avguard.exe' - '84' Module(s) have been scanned
Scan process 'avshadow.exe' - '35' Module(s) have been scanned
Scan process 'sched.exe' - '61' Module(s) have been scanned
Scan process 'avcenter.exe' - '109' Module(s) have been scanned
Scan process 'avscan.exe' - '97' Module(s) have been scanned
Scan process 'vssvc.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '34' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'winlogon.exe' - '38' Module(s) have been scanned
Scan process 'services.exe' - '40' Module(s) have been scanned
Scan process 'lsass.exe' - '65' Module(s) have been scanned
Scan process 'lsm.exe' - '30' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting to scan executable files (registry):
The registry was scanned ( '5004' files ).

 

End of the scan: Saturday, August 24, 2013  09:49
Used time: 41:11 Minute(s)

The scan has been done completely.

      0 Scanned directories
   7387 Files were scanned
      0 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
   7387 Files not concerned
     58 Archives were scanned
      0 Warnings
      0 Notes
     46 Objects were scanned with rootkit scan
      2 Hidden objects were found

 

 



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 25 August 2013 - 06:10 AM

Hi art_vandelay

Please run OTL and post the 2 reports.
That may give us a better insight to things.

Thanks

unite1.png


#7 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 25 August 2013 - 06:56 AM

Here is OTL.Txt

 

OTL logfile created on: 8/25/2013 4:40:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lindholm\Desktop\Spyware Crap
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 49.49% Memory free
8.15 Gb Paging File | 5.85 Gb Available in Paging File | 71.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 290.28 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.49 Gb Free Space | 56.61% Space Free | Partition Type: NTFS
 
Computer Name: MARINERS | User Name: Lindholm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Lindholm\Desktop\Spyware Crap\OTL.scr (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe ()
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (MSCamSvc) -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\DRIVERS\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (ANDModem) -- C:\Windows\SysNative\DRIVERS\lgandmodem64.sys (LG Electronics Inc.)
DRV:64bit: - (AndDiag) -- C:\Windows\SysNative\DRIVERS\lganddiag64.sys (LG Electronics Inc.)
DRV:64bit: - (AndGps) -- C:\Windows\SysNative\DRIVERS\lgandgps64.sys (LG Electronics Inc.)
DRV:64bit: - (Andbus) -- C:\Windows\SysNative\DRIVERS\lgandbus64.sys (LG Electronics Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation                                            )
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys (SingleClick Systems)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (VX3000) -- C:\Windows\SysNative\DRIVERS\VX3000.sys (Microsoft Corporation)
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={FA7DE810-C26F-11E2-97BB-002564007D9E}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = F7 48 2A 01 40 67 26 4D 9D D6 18 19 E7 E1 FA 12  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/21 11:24:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_4w.com/Plugin: C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@GamingWonderland.com/Plugin: C:\Program Files (x86)\GamingWonderland\bar\1.bin\NPgtStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/08/21 11:24:34 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\Lindholm\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lindholm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Lindholm\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/02/13 10:42:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\GamingWonderland\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4wffxtbr@Retrogamer_4w.com: C:\Program Files (x86)\Retrogamer_4w\bar\1.bin
 
[2011/09/17 07:39:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lindholm\AppData\Roaming\Mozilla\Extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10045&barid={B2D50289-BFDE-11E2-BACE-002564007D9E}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Retrogamer Installer Plugin Stub (Enabled) = C:\Program Files (x86)\Retrogamer_4wEI\Installr\2.bin\NP4wEISB.dll
CHR - plugin: 3DVIA player (Enabled) = C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lindholm\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Citrix Online Web Deployment Plugin 1.0.0.104 (Enabled) = C:\Users\Lindholm\AppData\Local\Citrix\Plugins\104\npappdetector.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Users\Lindholm\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Updater By SweetPacks = C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.583_0\
 
O1 HOSTS File: ([2012/07/21 13:19:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\npchrome_frame.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files (x86)\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([local] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([maps] * in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://71.227.145.16/UltraMJCamX.cab (UltraMJCamX Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://www.silvermt.com/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFA115CF-8A60-44F7-92CD-B3CF9D03067B}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\gcf - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Lindholm\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lindholm\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/21 03:38:26 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Dell Remote Access.lnk - c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe - (Macrovision Corporation)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Lindholm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Program Files\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig:64bit - StartUpFolder: C:^Users^Lindholm^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Lindholm\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AmazonMP3DownloaderHelper - hkey= - key= - C:\Users\Lindholm\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe ()
MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: B2C_AGENT - hkey= - key= - C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
MsConfig:64bit - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig:64bit - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
MsConfig:64bit - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: GoToMeeting - hkey= - key= - C:\Program Files (x86)\Citrix\GoToMeeting\1082\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
MsConfig:64bit - StartUpReg: HotKeysCmds - hkey= - key= - C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: HP Update 5370C - hkey= - key= - C:\sj666\hpupdate.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: hpppta - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: LifeCam - hkey= - key= - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig:64bit - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: Microsoft Default Manager - hkey= - key= - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Monitor - hkey= - key= - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
MsConfig:64bit - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: swg - hkey= - key= - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig:64bit - StartUpReg: VX3000 - hkey= - key= - C:\Windows\vVX3000.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: x3watch - hkey= - key= - C:\Program Files (x86)\X3watch\x3watch.exe (Tiger Green Productions LLC)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/24 12:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/08/24 09:04:48 | 000,000,000 | ---D | C] -- C:\Users\Lindholm\AppData\Roaming\Avira
[2013/08/24 08:57:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013/08/24 08:57:21 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/08/24 08:57:21 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/08/24 08:57:21 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/08/24 08:57:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013/08/24 08:57:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2013/08/16 20:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/12 01:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011/04/21 09:01:53 | 001,062,984 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Lindholm\gotomypc_540.exe
[2009/12/13 11:56:19 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Lindholm\gotomypc_438.exe
[2009/08/24 20:12:48 | 008,653,312 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Lindholm\AppData\Roaming\DataSafeDotNet.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/25 04:17:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/25 04:17:05 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/24 12:48:30 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/24 12:38:22 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/24 12:24:27 | 000,768,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/24 12:24:27 | 000,648,692 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/24 12:24:27 | 000,122,548 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/24 12:16:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/24 12:16:17 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013/08/24 12:16:15 | 4258,324,480 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/24 08:55:12 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013/08/24 08:55:12 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013/08/24 08:55:12 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013/08/18 14:57:16 | 000,000,732 | ---- | M] () -- C:\Users\Lindholm\AppData\Local\d3d9caps64.dat
[2013/08/18 13:19:33 | 642,426,788 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/08/16 16:44:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/10 10:59:41 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/10 04:15:02 | 000,899,584 | ---- | M] () -- C:\MicrosoftFixit50535.msi
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/24 12:48:30 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/08/18 14:59:17 | 4258,324,480 | -HS- | C] () -- C:\hiberfil.sys
[2013/08/10 04:34:47 | 000,899,584 | ---- | C] () -- C:\MicrosoftFixit50535.msi
[2013/06/12 17:00:16 | 000,709,632 | ---- | C] () -- C:\Windows\is-8TG5D.exe
[2013/04/22 19:10:18 | 000,000,015 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\X-Plane_drm.prf
[2013/04/22 19:09:20 | 000,000,080 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\X-Plane Installer.prf
[2013/02/07 00:01:08 | 000,000,732 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\d3d9caps64.dat
[2012/09/20 19:24:35 | 000,060,304 | ---- | C] () -- C:\Users\Lindholm\g2mdlhlpx.exe
[2012/07/21 13:03:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/21 13:03:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/21 13:03:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/21 13:03:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/21 13:03:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/21 04:17:22 | 000,232,536 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\census.cache
[2012/07/21 04:17:04 | 000,158,133 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\ars.cache
[2012/07/21 04:11:17 | 000,000,036 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\housecall.guid.cache
[2012/03/05 17:19:18 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/03/02 21:30:37 | 000,763,208 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/26 21:22:57 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012/01/26 21:22:57 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/10/27 14:08:29 | 000,001,940 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/11/11 18:38:25 | 000,000,373 | ---- | C] () -- C:\Users\Lindholm\Pictures - Shortcut.lnk
[2009/07/02 22:32:56 | 000,001,356 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\d3d9caps.dat
[2009/06/06 13:07:13 | 000,117,760 | ---- | C] () -- C:\Users\Lindholm\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2003/12/07 04:13:32 | 000,077,596 | ---- | C] () -- C:\Users\Lindholm\MKBats.ttf
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWow64\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2009/11/27 23:00:06 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Amazon
[2013/06/30 10:08:08 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Canon
[2010/04/23 15:07:09 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/01 22:42:18 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Dropbox
[2012/04/25 22:16:03 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Softland
[2012/04/16 18:42:56 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\TaxCut
[2010/05/04 14:33:17 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Unity
[2010/07/17 09:29:27 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\Windows Live Writer
[2009/07/27 20:47:35 | 000,000,000 | ---D | M] -- C:\Users\Lindholm\AppData\Roaming\x3watch
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.* >
[2012/07/21 11:53:02 | 000,026,333 | ---- | M] () -- C:\AdwCleaner[R1].txt
[2012/10/24 13:57:22 | 000,000,949 | ---- | M] () -- C:\AdwCleaner[R2].txt
[2013/05/21 16:43:06 | 000,007,544 | ---- | M] () -- C:\AdwCleaner[R3].txt
[2013/07/07 12:17:17 | 000,002,319 | ---- | M] () -- C:\AdwCleaner[R4].txt
[2012/07/21 12:53:55 | 000,016,296 | ---- | M] () -- C:\AdwCleaner[S1].txt
[2013/05/18 09:38:59 | 000,001,009 | ---- | M] () -- C:\AdwCleaner[S2].txt
[2013/05/21 16:43:40 | 000,005,122 | ---- | M] () -- C:\AdwCleaner[S3].txt
[2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009/05/22 19:16:17 | 000,004,379 | RH-- | M] () -- C:\dell.sdr
[2013/08/24 12:16:15 | 4258,324,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/02 20:01:00 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2011/08/24 20:27:01 | 000,000,374 | -H-- | M] () -- C:\IPH.PH
[2010/06/22 13:18:58 | 000,000,004 | ---- | M] () -- C:\KLSA.DAT
[2013/06/30 10:31:18 | 000,000,000 | ---- | M] () -- C:\Log.txt
[2013/08/10 04:15:02 | 000,899,584 | ---- | M] () -- C:\MicrosoftFixit50535.msi
[2013/08/24 12:16:11 | 276,967,423 | -HS- | M] () -- C:\pagefile.sys
[2012/07/20 19:56:21 | 000,561,439 | ---- | M] () -- C:\PCO.docx
[2011/02/20 13:18:30 | 000,000,446 | ---- | M] () -- C:\rkill.log
[2013/06/25 22:14:21 | 000,090,170 | ---- | M] () -- C:\stub.log
[2012/08/13 14:48:53 | 000,118,428 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_13.08.2012_14.47.18_log.txt
[2012/10/24 14:17:26 | 000,122,512 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_24.10.2012_14.16.43_log.txt
[2012/10/30 10:43:13 | 000,122,516 | ---- | M] () -- C:\TDSSKiller.2.8.13.0_30.10.2012_10.42.26_log.txt
[2012/12/03 09:36:46 | 000,122,900 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_03.12.2012_08.35.54_log.txt
[2012/11/09 09:34:20 | 000,240,476 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_09.11.2012_08.33.15_log.txt
[2012/12/16 00:43:30 | 000,121,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_15.12.2012_23.42.53_log.txt
[2012/12/18 08:32:56 | 000,122,804 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_18.12.2012_07.32.21_log.txt
[2013/01/31 17:08:47 | 000,121,534 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_31.01.2013_16.08.20_log.txt
[2013/04/17 10:48:53 | 000,123,204 | ---- | M] () -- C:\TDSSKiller.2.8.16.0_17.04.2013_10.48.10_log.txt
[2012/08/23 11:39:25 | 000,123,272 | ---- | M] () -- C:\TDSSKiller.2.8.7.0_23.08.2012_11.36.33_log.txt
[2012/09/03 09:34:13 | 000,122,160 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_03.09.2012_09.33.33_log.txt
[2012/09/03 09:40:04 | 000,119,038 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_03.09.2012_09.37.30_log.txt
[2012/09/03 09:41:34 | 000,119,038 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_03.09.2012_09.41.00_log.txt
[2012/12/03 09:34:48 | 000,000,358 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_03.12.2012_08.34.45_log.txt
[2012/12/03 09:35:28 | 000,000,358 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_03.12.2012_08.35.26_log.txt
[2013/03/04 22:18:47 | 000,126,064 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_04.03.2013_21.17.18_log.txt
[2013/03/04 22:29:09 | 000,123,264 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_04.03.2013_21.22.43_log.txt
[2012/09/04 20:59:04 | 000,122,290 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_04.09.2012_20.57.16_log.txt
[2012/10/04 08:36:19 | 000,121,240 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_04.10.2012_08.35.45_log.txt
[2012/09/05 22:29:20 | 000,120,630 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_05.09.2012_22.25.30_log.txt
[2013/02/07 00:10:40 | 000,121,554 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_06.02.2013_23.10.15_log.txt
[2012/11/09 09:32:25 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_09.11.2012_08.32.22_log.txt
[2012/11/09 09:32:42 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_09.11.2012_08.32.39_log.txt
[2012/11/12 19:19:56 | 000,121,240 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_12.11.2012_18.19.17_log.txt
[2012/12/13 19:55:13 | 000,124,394 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_13.12.2012_18.54.26_log.txt
[2012/12/16 00:28:04 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_15.12.2012_23.27.56_log.txt
[2012/12/16 00:28:53 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_15.12.2012_23.28.50_log.txt
[2013/04/17 10:47:47 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_17.04.2013_10.47.45_log.txt
[2012/12/18 08:31:50 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_18.12.2012_07.31.47_log.txt
[2013/05/21 16:40:30 | 000,121,932 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_21.05.2013_16.39.53_log.txt
[2012/10/24 13:57:05 | 000,240,496 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_24.10.2012_13.55.50_log.txt
[2012/10/24 13:59:21 | 000,242,772 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_24.10.2012_13.57.58_log.txt
[2012/10/24 14:15:48 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_24.10.2012_14.15.40_log.txt
[2012/10/24 14:16:23 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_24.10.2012_14.16.15_log.txt
[2012/09/25 15:36:49 | 000,000,156 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_25.09.2012_15.36.49_log.txt
[2012/09/25 16:00:09 | 000,122,160 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_25.09.2012_15.58.15_log.txt
[2012/09/25 16:04:17 | 000,033,708 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_25.09.2012_16.02.16_log.txt
[2012/10/30 10:41:50 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_30.10.2012_10.41.47_log.txt
[2013/01/31 17:07:38 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_31.01.2013_16.07.31_log.txt
[2013/01/31 17:07:57 | 000,000,352 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_31.01.2013_16.07.56_log.txt
 
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\system32\*.exe /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %PROGRAMFILES%\* >
[2008/01/20 20:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012/03/26 23:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012/03/26 23:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012/03/26 23:33:45 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/05/28 19:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013/05/28 19:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\PROGRAM FILES (X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE" [2013/08/15 20:21:43 | 000,829,392 | ---- | M] (Google Inc.)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/26 23:33:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/26 23:33:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/26 23:33:24 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/05/28 19:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013/05/28 19:24:32 | 000,757,400 | ---- | M] (Microsoft Corporation)
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 545 bytes -> C:\Users\Lindholm\Documents\Job Application.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

 

 

Here is Extras.Txt:

 

OTL Extras logfile created on: 8/25/2013 4:40:22 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Lindholm\Desktop\Spyware Crap
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 49.49% Memory free
8.15 Gb Paging File | 5.85 Gb Available in Paging File | 71.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.71 Gb Total Space | 290.28 Gb Free Space | 64.40% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.49 Gb Free Space | 56.61% Space Free | Partition Type: NTFS
 
Computer Name: MARINERS | User Name: Lindholm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = CF 99 27 9A 30 E0 CC 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02342A70-45B6-4E73-8BFA-EA774704CBBC}" = lport=138 | protocol=17 | dir=in | app=system |
"{063EA624-4DDD-4DF8-BAB6-027F7EC24325}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2E61F603-A60B-4C78-92EE-5F98F15D6440}" = rport=139 | protocol=6 | dir=out | app=system |
"{40AB8127-2ED8-420A-96C5-DC0EF2A02B48}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4B9ABC8C-C132-4AD1-8B48-A9B8DF52097B}" = lport=137 | protocol=17 | dir=in | app=system |
"{576F814A-7B4D-4729-A853-2F664ACD42C0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{68C3A25E-28DA-4A2F-9C5A-C5610969130C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{68F9DB19-167F-4D70-B3CC-F9F7304A9668}" = lport=139 | protocol=6 | dir=in | app=system |
"{69379FFC-C321-4DB5-9D9C-1E8CFF444E0C}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C8AF039-E4BA-4500-88D1-662546AADBB4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B0AE3AAE-E95D-4266-9966-DEA232F89740}" = rport=138 | protocol=17 | dir=out | app=system |
"{CBC7F47E-CDE7-4709-B2C8-FDBB387E8C34}" = rport=137 | protocol=17 | dir=out | app=system |
"{E2B89961-0028-42FC-B115-C2E0A9650AC6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E9CCDC25-7DF5-4015-BEB9-AD6C82006F87}" = lport=445 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016CC03F-D25A-419B-B560-CF5F2E4CFF69}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{04A21A5A-4927-4093-BDFB-A95CFBD6BD96}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{08E72AE5-14D8-4660-A918-1401FEBCC206}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{0B99C51C-A992-46F8-A4A6-8CAF1CC6DE46}" = dir=in | app=c:\program files (x86)\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{0C452BAC-7CFC-4161-8C49-BD2CB0A163E2}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{0EB81F0E-56C4-46B4-A41B-9D15DF9F9256}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{11C9D386-21CD-431A-B988-AE8C3E4F0D99}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{12CF8264-7CBD-4112-929B-016E34C873F7}" = protocol=6 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{192436FD-6341-4867-BF3B-F4AF4518FEE7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1C4BF9C3-218A-45CB-A020-A9D53BCA500E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2A9C1332-A382-4FE1-9E07-3E5EF76B5F1A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2ACE2BC5-D24D-49A1-81E0-5D02311D9EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe |
"{2D68B059-32AC-43A7-BE3A-DC11E6DD7914}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{362B516C-A45C-44EF-A51C-0A41493383E5}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{3B37D268-DE9E-40DD-AED0-9105DD159723}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3B5FD07E-F805-4E40-BD98-ABB5F7D10104}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3FF1A960-9FA8-462B-875A-E9E6C02E046F}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{4A3DC33D-9B11-41F5-B34A-646C72DD6F08}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{5A28796A-03CA-46CE-A1F7-E3A782C48401}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe |
"{62907419-5E70-476C-B95F-68B7B05CD7A9}" = protocol=17 | dir=in | app=c:\program files (x86)\aim\aim.exe |
"{6526B688-F7B3-43E0-8300-B7A00096D3BD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E3F2D7A-713C-4677-927F-134F3E3747F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7519525F-AA33-4579-A19B-1DC6FE8E8C03}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{7656A656-5268-4CD8-99BC-82FA07EC2A78}" = protocol=6 | dir=in | app=c:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe |
"{7AEC7D1E-5D7D-4913-B5A2-3EE2AC77D29D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7D8964AC-7F7C-4F35-856E-E3F3C25EB907}" = protocol=17 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{820B9592-422C-4501-97F9-21AD374E85DF}" = protocol=17 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{892DEA57-7549-4BA3-A4E0-28FBD059D33F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A16292F-CBCE-4C5A-A8E5-4E656DC5C340}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{8F3CF473-6537-4B47-8555-C02A90B7B7DF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{90465D58-2CAF-49C6-9E5F-CA6C222D4E0F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{93AADB7A-08AB-4D3A-8DCB-365617BC5549}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{A06BB6A2-ECA2-40E2-8AB1-3A6F05CEEEDF}" = protocol=17 | dir=in | app=c:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe |
"{A231DB44-925C-47B9-BF81-3D126C282314}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{A31B2A45-A9AD-4B5A-9F11-59E319CC1527}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{A5DEA0AD-26D6-4068-8A80-428305237E57}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\toolbarupdate.exe |
"{A81C65D8-E176-4DBA-B794-94D9040B92AB}" = protocol=6 | dir=in | app=c:\program files (x86)\dogpile bundle toolbar\troubleshooter.exe |
"{A8B6A86E-283C-4523-9316-98CAF497D5D9}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{B32E3365-20B1-47E7-8348-7BBCB8518FD4}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{BC74BBA6-A5E4-42B1-BA2B-909DF531AC76}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{BDDB4278-FA65-4A48-AC34-FC67DAAB6022}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C13D0617-4A0D-4608-93C1-B830CA9241FE}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{C2F83379-B7B5-4434-A3B3-24B9A09DB147}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB0E633-B73B-4623-930E-4A09F87E038F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3F5B950-4C79-41D2-AAB8-1CE6580E655C}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{DB8D2605-7547-463E-A7CE-2900A2A53092}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{E9E17B6E-6BB7-4247-980D-2A11660160E3}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{EA90458E-9132-4638-A2C8-242F1F853680}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFC56E76-6E2B-4716-832F-DD436C83E94B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FA193457-15E9-49A6-9C47-62318F0B3017}" = protocol=6 | dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{FEF1BE27-7DA4-449F-B96A-25BAA4C755CD}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{1A058540-C169-483C-83B6-57645BA73E54}C:\users\lindholm\desktop\x-plane 10 demo\x-plane.exe" = protocol=6 | dir=in | app=c:\users\lindholm\desktop\x-plane 10 demo\x-plane.exe |
"TCP Query User{21B1AC71-3C58-482F-B852-52A277C8BF44}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{424CDBA6-8211-4EAF-AB95-9EE2291FE732}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{46283C82-B5F0-40FF-BF75-6B44C533BC34}C:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{50472829-AFB6-409B-BFC4-2813B2A92BE6}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{5FF4D991-C13F-419E-9B25-DCAB15384206}C:\users\lindholm\desktop\x-plane 10 demo\x-plane-32bit.exe" = protocol=6 | dir=in | app=c:\users\lindholm\desktop\x-plane 10 demo\x-plane-32bit.exe |
"TCP Query User{63B75518-ECDF-428A-B525-DCD81E6EC7FB}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"TCP Query User{79992567-2C81-47E6-B56C-FD091E2749CC}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{82FD767F-2E18-4C81-8538-A6CC5FBD1CBE}C:\program files (x86)\gametap web player\bin\release\gametapplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gametap web player\bin\release\gametapplayer.exe |
"TCP Query User{9A91C0DD-8DA2-48AF-BEF8-BBE5B35416B0}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{DCD315C2-38D2-439D-A985-4C0DB37D1527}C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe" = protocol=6 | dir=in | app=c:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe |
"UDP Query User{0FACA521-A741-44AD-BD35-F5FE024F95DB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{1D1C86C7-7CBD-4173-9605-24C57852AD37}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{1E01F802-F112-40DE-958D-C378754C1611}C:\users\lindholm\desktop\x-plane 10 demo\x-plane.exe" = protocol=17 | dir=in | app=c:\users\lindholm\desktop\x-plane 10 demo\x-plane.exe |
"UDP Query User{3231FD53-5968-4623-A090-A6080AAE138D}C:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\lindholm\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4EBE56E4-48E9-4415-9D96-543591206CCA}C:\users\lindholm\desktop\x-plane 10 demo\x-plane-32bit.exe" = protocol=17 | dir=in | app=c:\users\lindholm\desktop\x-plane 10 demo\x-plane-32bit.exe |
"UDP Query User{61F82946-73C8-4687-81CF-E40007328531}C:\program files (x86)\gametap web player\bin\release\gametapplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gametap web player\bin\release\gametapplayer.exe |
"UDP Query User{8F88C0C5-98A5-4AB4-A55D-C693F7AFCF33}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{951E2DA6-A066-4C52-AA44-496E6D699DAB}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{C8CCABD5-E4BC-4E0C-AAC0-7AF5AFD338CC}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{E6E9337D-F39E-4918-8B85-F1E33594DB7B}C:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe" = protocol=17 | dir=in | app=c:\users\lindholm\appdata\local\temp\g2_943\g2viewer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series" = Canon MP560 series MP Drivers
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel
"{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1" = Updater By SweetPacks 2.0.0.583
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012)
"CCleaner" = CCleaner
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WNLT" = IB Updater Service
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D1EC4DD-5EE8-4CA0-A4DE-3BA029C55DFA}" = H&R Block Basic + Efile 2011
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{423D8FBE-EC52-40FD-B2A0-8C9C8F973FD7}" = Microsoft Research AutoCollage 2008 version 1.1
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}" = H&R Block Basic + Efile 2009
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F9D1B35B-60DD-44F9-8FAF-29CD7CBD4BF3}" = LeapFrog Connect
"{FADE9056-420F-4F03-A0A9-74CBBAE29BBF}" = LeapFrog Leapster2 Plugin
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AXIS Media Control SDK_is1" = AXIS Media Control SDK 6.0.2
"Canon MP560 series User Registration" = Canon MP560 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FBackup 4_is1" = FBackup 4
"Google Chrome" = Google Chrome
"Google Chrome Frame" = Google Chrome Frame
"Google Updater" = Google Updater
"HP PrecisionScan Pro" = HP PrecisionScan Pro
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"NetDevil_LEGO_Universe_is1" = LEGO Universe
"Scan-To-Web" = HP Scan-to-Web Wizard
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"The Weather Channel Screensaver" = The Weather Channel Screensaver
"UPCShell" = LeapFrog Connect
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.18
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 5.4.0.1082
"UnityWebPlayer" = Unity Web Player
"WinDirStat" = WinDirStat 1.1.2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 8/24/2013 10:41:26 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0xf74, application start time 0x01cea13c983df4f0.
 
Error - 8/24/2013 10:41:48 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0x3cc, application start time 0x01cea13ca56d52b0.
 
Error - 8/24/2013 10:41:52 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0xd74, application start time 0x01cea13ca7d5d6d0.
 
Error - 8/24/2013 10:41:54 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0x7f4, application start time 0x01cea13ca908e830.
 
Error - 8/24/2013 10:41:56 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0xd1c, application start time 0x01cea13caa3bf990.
 
Error - 8/24/2013 10:42:16 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0x7b0, application start time 0x01cea13cb63845f0.
 
Error - 8/24/2013 10:43:13 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0xd1c, application start time 0x01cea13cd7ce2c70.
 
Error - 8/24/2013 10:43:35 PM | Computer Name = MARINERS | Source = Application Error | ID = 1000
Description = Faulting application reg.exe, version 6.0.6002.18005, time stamp 0x49e0196d,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x74e6a57d,  process id 0x2ec, application start time 0x01cea13ce5024cf0.
 
Error - 8/24/2013 10:55:00 PM | Computer Name = MARINERS | Source = Windows Search Service | ID = 3013
Description =
 
Error - 8/24/2013 10:55:00 PM | Computer Name = MARINERS | Source = Windows Search Service | ID = 3013
Description =
 
[ System Events ]
Error - 8/18/2013 5:12:14 PM | Computer Name = MARINERS | Source = DCOM | ID = 10005
Description =
 
Error - 8/18/2013 5:12:18 PM | Computer Name = MARINERS | Source = DCOM | ID = 10005
Description =
 
Error - 8/18/2013 5:18:12 PM | Computer Name = MARINERS | Source = Service Control Manager | ID = 7032
Description =
 
Error - 8/18/2013 6:00:42 PM | Computer Name = MARINERS | Source = Service Control Manager | ID = 7026
Description =
 
Error - 8/18/2013 6:08:41 PM | Computer Name = MARINERS | Source = DCOM | ID = 10010
Description =
 
Error - 8/24/2013 11:56:05 AM | Computer Name = MARINERS | Source = DCOM | ID = 10010
Description =
 
Error - 8/24/2013 3:18:06 PM | Computer Name = MARINERS | Source = Service Control Manager | ID = 7026
Description =
 
Error - 8/24/2013 3:29:19 PM | Computer Name = MARINERS | Source = DCOM | ID = 10010
Description =
 
Error - 8/24/2013 3:38:57 PM | Computer Name = MARINERS | Source = DCOM | ID = 10010
Description =
 
Error - 8/24/2013 3:50:15 PM | Computer Name = MARINERS | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 

 



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 25 August 2013 - 09:02 AM

Hi art_vandelay

Just a quick question before i continue.......
How are you installing your programs?
Do you use the 'Express' install option or the 'Custom' install option.?
The reason i ask is that there are two different Program Files folders on Windows 64-bit systems: "Program Files" and "Program Files (x86)". 64-bit applications are automatically installed into the "Program Files" folder while 32- bit applications go to the folder "Program Files (x86)".
But everything you install seems to get installed to "Program Files (x86)".

unite1.png


#9 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 25 August 2013 - 10:04 AM

When you refer to "programs", do you mean ones specifically related to this case like Avira, etc, or in general?   With Avira I did custom so as to not install the toolbars, etc.  In general however honestly I never give installation much thought and most likely simply choose the defaults unless I know the application will also install a number of "free" widgets like browser search windows, etc that I know I do not want.



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 25 August 2013 - 11:12 AM

When you refer to "programs", do you mean ones specifically related to this case like Avira, etc, or in general?

Just Programs in general..... it's just most seem to be in the 32bit folder and not in the 64bit folder.


Step 1
Double click on OTL to run it.
Copy the lines in the codebox below. (make sure that :Otl is on the first line and that you include all of the Commands section )
:otl
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10045&barid={FA7DE810-C26F-11E2-97BB-002564007D9E}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
FF - HKLM\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin: C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\NP4wStub.dll File not found
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay Games\nplplaypop.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
O2:64bit: - BHO: (Updater By SweetPacks) - {C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD} - C:\Program Files\Updater By SweetPacks\Extension64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://www.silvermt.com/activex/AMC.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} http://www.avataritag.com/app/plugin/DFusionHomeWebPlugIn.Installer.exe (Reg Error: Key error.)
MsConfig:64bit - StartUpReg: MobileDocuments - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: MSC - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Skytel - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SUPERAntiSpyware - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= -  File not found
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:0CFF5F08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Files
ipconfig /flushdns /c

:commands
[emptytemp]
[purity]
[RESETHOSTS]


  • Return to OTL,
  • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.

    scan-fix.png
  • Click the red Run Fix button.

    runfixbutton.png
  • OTL will reboot your system once the fix has completed.
  • After the reboot, you may need to double click OTL to launch the program and retrieve the log.
Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

if you lose the report, there will be a copy here:
C:\_OTL\MovedFiles



Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 7 Update 25 and save it to your desktop.
  • Scroll down to where it says "Java SE 7 Update 25".
  • Click the "Download JRE" button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 3
If you still have Adwcleaner on your system, please remove it now.
Right click on the icon and select delete.
Now let's get a fresh copy:

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
In your next reply, please submit:
Otl fix report
AdwCleaner search report


Thanks.

unite1.png


#11 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 26 August 2013 - 12:04 AM

OK, OTL crashed on me at least once while it was running so I put the log file from each of the THREE times I ran it.  Uninstalled/re-installed Java no problem.  With Uninstalled adwcleaner and re-downloaded.

 

I'm not sure if adwcleaner ran completely or not, but it has been hours since I clicked on the Scan button.  It never said "complete", or popped up a log message.  If you look at the app, it still says "Pending.  Please uncheck elements you don't want to remove."  but there is nothing checked.  I did click on the "report" link to get the report, which I posted the results of below.

 

The biggest issue I'm still experiencing with this machine is the slowness in anything file-related.  Whether it's clicking on the start button, "my computer", or "Save As"...everything related to files and file searches is unbelievably slow.  I think I saw something in one of the log files about there being an issue with Windows Search, so maybe that is something.  Thanks again for help.

 

 

 

OTL Fix #1:

 

Files\Folders moved on Reboot...
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6NWBQY7\postmessageRelay[2].htm moved successfully.
File\Folder C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6NWBQY7\rootkits-discoveredneed-assistance-logs-attached[1].htm not found!
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6NWBQY7\xd_arbiter[3].htm moved successfully.
File\Folder C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY5ALW94\fastbutton[1].htm not found!
File\Folder C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CY5ALW94\like[2].htm not found!
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2CQ1ES9F\xd_arbiter[3].htm moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

OTL Fix #2:

All processes killed
========== OTL ==========
Error: No service named !SASCORE was found to stop!
Service\Driver key !SASCORE not found.
File  C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\npDisplayEngine\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MobileDocuments\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MSC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Skytel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SUPERAntiSpyware\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WMPNSCFG\ not found.
Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
Unable to delete ADS C:\ProgramData\TEMP:0CFF5F08 .
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lindholm\Desktop\Spyware Crap\cmd.bat deleted successfully.
C:\Users\Lindholm\Desktop\Spyware Crap\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lindholm
->Temp folder emptied: 48216 bytes
->Temporary Internet Files folder emptied: 5753843 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124302791 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 180324 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 127938581 bytes
RecycleBin emptied: 53961814 bytes
 
Total Files Cleaned = 298.00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 08252013_114747

Files\Folders moved on Reboot...
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1SP124L\fastbutton[1].htm moved successfully.
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R1SP124L\rootkits-discoveredneed-assistance-logs-attached[1].htm moved successfully.
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OTZRWPLJ\like[1].htm moved successfully.
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW0125ZL\postmessageRelay[1].htm moved successfully.
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW0125ZL\xd_arbiter[1].htm moved successfully.
C:\Users\Lindholm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IW0125ZL\xd_arbiter[2].htm moved successfully.
C:\Windows\temp\fla427E.tmp moved successfully.
File\Folder C:\Windows\temp\flaFEE9.tmp not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\1202577_DA_OTY5OTEyMzM[1].mp4 moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsapi_2[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsapi_3[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCA0PSCJ3.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCA5ZP040.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCACJTJYI.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCAF9S0R8.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCALW0M0M.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCAQSCLRZ.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adsCAWFPGLC.js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\AdServerServlet[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[4].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[5].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adServer[6].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adserv_17753[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\adserv_17753[2].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\net[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\new-pestaurant-serves-customers-crickets-worms-and-scorpions_0[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\newjump1[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\newjump1[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\newjump1[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\newjump1[4].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\newjump1[5].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\news[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\NLF030[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\node[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\node[2].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\nosmoking[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\nr-100[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\OAD_Comscore_NoID[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Opera_House[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\ova-jw[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\ova[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\p-01-0VIaSjnOLg[1].gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\p-01-0VIaSjnOLg[2].gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\p181q5ogpc130l1qb61mal1emo1b164[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\parent_sports_70143[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\pc[1] not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\pd[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\pediatrician_18191[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\pibiview[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\pinit[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Pix-1x1CA0ZWCER.gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Pix-1x1CA15SC73.gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Pix-1x1CA1IZ90H.gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Pix-1x1CA23BVRR.gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vip_72[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vip_72[2].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitinview[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitinview[2].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitinview[3].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitinview[4].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitormatch[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visitormatch[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visit[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visit[2].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visit[3].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\visit[4].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vitaminas-y-endroga[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\volumeHandle[1].png not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vpixel[1].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vpixel[2].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\vpixel[3].htm not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\watch_as3-vflFUe8yq[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\wc[1].txt not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\wedding-1-300x199[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\weight_18256[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\why-fashion-designer-vivienne-westwood-protesting[1].jpg not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\widgets[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\xc_QQ9rZ9Si[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\xd.2.4.17.1.min[1].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\xrefid[1].gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\xrefid[2].gif not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Xumo[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\Xumo[2].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\yumeSC[1].swf not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0QON16E\yume_ad_library[1].swf not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\1151105509@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\120176127@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\1686392574@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\1909018872@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\406534564@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DX22SKKD\830243242@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEH08MSL\2010233640@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEH08MSL\ba[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AEH08MSL\os-landing-female[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37ZDGCMQ\1175703679@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37ZDGCMQ\1377456244[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37ZDGCMQ\1377456244[2].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37ZDGCMQ\513547359@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\37ZDGCMQ\591987662@x96[1].htm moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

OTL Fix #3:

All processes killed
========== OTL ==========
Error: No service named !SASCORE was found to stop!
Service\Driver key !SASCORE not found.
File  C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Retrogamer_4w.com/Plugin\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\npDisplayEngine\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Starting removal of ActiveX control {4F29DE54-5EB7-4D76-B610-A86B5CD2A234}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F29DE54-5EB7-4D76-B610-A86B5CD2A234}\ not found.
Starting removal of ActiveX control {DE625294-70E6-45ED-B895-CFFA13AEB044}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE625294-70E6-45ED-B895-CFFA13AEB044}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MobileDocuments\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MSC\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Skytel\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SUPERAntiSpyware\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\WMPNSCFG\ not found.
Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
Unable to delete ADS C:\ProgramData\TEMP:0CFF5F08 .
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Lindholm\Desktop\Spyware Crap\cmd.bat deleted successfully.
C:\Users\Lindholm\Desktop\Spyware Crap\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Lindholm
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 5000100 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8895299 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 102531091 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 111.00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
 
OTL by OldTimer - Version 3.2.69.0 log created on 08252013_172341

Files\Folders moved on Reboot...
C:\Windows\temp\fla2EA0.tmp moved successfully.
C:\Windows\temp\flaAB01.tmp moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\1181023805@x15[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\1210017684@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\1842678013@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\1923512629@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\if[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YOWV3NSB\ZAPSegments@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\11046209565@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\1200143794@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\12141063432@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\1342682193@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\364311303@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\3PDPHandler[1].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\3PDPHandler[2].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\589297989@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\675898709@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\828588670@x94[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\if[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TQ8WU4MR\ps[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\1073676742@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\11724530801@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\1198863948@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\148015282@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\1690848885@Top1[1].js moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\3PDPHandler[5].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\707923763@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\8748673897@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\931955160@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\cc_af[1].js moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\cdsad[1].js moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\healthy-bbq-steak-chicken[1].htm moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\os-landing-male[1].htm scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\x71[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CJO8URIK\ZAPSegments@x96[3].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\1477990639@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\1809513692@x23[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\1961140949@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\3PDPHandler[10].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\3PDPHandler[3].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\3PDPHandler[5].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\3PDPHandler[7].gif moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\731707299@x96[1].htm moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\adoapn_AppNexusDemoActionTag_1[1].htm moved successfully.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\ba[1].htm scheduled to be moved on reboot.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\28JM8HHF\x71[1].htm moved successfully.
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

Text of AdwCleaner[R0].txt

 

# AdwCleaner v3.001 - Report created 25/08/2013 at 20:26:01
# Updated 24/08/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\Spyware Crap\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found C:\Program Files\PC Optimizer Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\iWon_5k
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{130A3F48-89CB-4EE1-88CC-76D25A5A3BAE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32272B5A-0B32-4C54-9E7B-3BF25AF566A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{543E73AC-0743-4592-A91F-D943FB0C1125}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{566A8145-9476-4615-95AE-5966651670CC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{58C93435-04CC-4CC3-8519-6A8FD403EA68}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5FDF0490-AF67-495B-921D-2257A38ED9FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{70809736-9F62-444C-9F72-A198B4E61B86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{795B1212-0909-4C2F-A6A2-A26CCAF6D82C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7D43CEC4-4610-4847-94F2-A9F0B6C049C4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F8AD3E1-DE57-4FBC-B928-47D6395A0EA9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF5A2478-AE74-4A39-AC55-D10B999CAE44}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B4F0C972-0E1A-4083-9A7E-054DEE447DA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E4351982-882F-46A6-B843-C789689473F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F523D9A7-E4FD-4BF7-A63A-7E8C93DFA073}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBC56FEF-B890-414E-9ED6-0909E5075291}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD44FF38-75AB-4AF8-85B6-37E64A6D42DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C1C2024-BE02-4011-92CA-B6E1E333C010}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DF0ADF8-A019-48E9-A1A9-5FC523A3B4D8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE17D239-0B9D-425C-AA3A-E402C42C015A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{130A3F48-89CB-4EE1-88CC-76D25A5A3BAE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{543E73AC-0743-4592-A91F-D943FB0C1125}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{566A8145-9476-4615-95AE-5966651670CC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{70809736-9F62-444C-9F72-A198B4E61B86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A13CC898-9CA9-4578-9629-B328422FF014}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FBC56FEF-B890-414E-9ED6-0909E5075291}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Found : [x64] HKLM\SOFTWARE\WNLT
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [4wffxtbr@Retrogamer_4w.com]

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : search_url

*************************

AdwCleaner[R0].txt - [7137 octets] - [25/08/2013 20:26:01]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7197 octets] ##########



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 26 August 2013 - 03:30 AM

Hi art_vandelay
 

OTL crashed on me at least once while it was running so I put the log file from each of the THREE times I ran it.

There is a known issue sometimes when MBAM is installed.
A workaround is to uninstall MBAM and then reinstall afterwards.
But as you finally got the fix to run, it doesn't matter now.
 

I'm not sure if adwcleaner ran completely or not, but it has been hours since I clicked on the Scan button. It never said "complete", or popped up a log message. If you look at the app, it still says "Pending. Please uncheck elements you don't want to remove." but there is nothing checked. I did click on the "report" link to get the report, which I posted the results of below.

Sorry about that.
Xplode has just released a new version of AdwCleaner, which i didn't find out about until late last night.
So you obviously had the latest version, which is run slightly different than the previous version.
You are right that the report doesn't show until you click on 'Report'.
I changed my speeches last night but had already given you the instructions for the older version.
 

everything related to files and file searches is unbelievably slow. I think I saw something in one of the log files about there being an issue with Windows Search, so maybe that is something.

The 'Source = Windows Search Service | ID = 3013' error is quite common on Vista.
It may be a corrupt file....we'll see if any of the default files are missing or corrupt.
Some just turn the service off as they don't need the search facility on a regular basis.


Step 1
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...(make sure that everything is ticked/selected)
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
click Start >> All Programs >> Accessories, right-click Command Prompt, and then click Run as administrator.
If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
Type the following command, and then press the ENTER key on your keyboard:
sfc /scannow
(Don't for get that there is a space between the 'c' and the '/ )
The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.
You may be asked for the installation disc, so have it ready if you have one.


In your next reply, please submit:
New Adwcleaner report (after the 'Clean')
and let me know if the System File Checker found any problems.


Thanks

Edited by Starbuck, 26 August 2013 - 03:50 AM.

unite1.png


#13 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 28 August 2013 - 12:38 AM

Just like before I'm not sure if the adwcleaner is not running or not finding anything to remove.  I click the scan button, and it goes thru a few different checks and then gets to a point where it simply says "Pending. Please uncheck elements you don't want to remove." but there is nothing checked. It then stays on this screen all night long with no results.  I tried running this in regular and in safe mode, with the same results.  I did click on the "report" link to get the report, which I posted the results of below.

 

I did the sfc /scannow, which did result in a few things that could not be fixed.  I uploaded the zipped .log file from that instruction to box.com

 

https://app.box.com/s/1pgzy2ex6skee8saapr9

 

Results of adwcleaner:

 

# AdwCleaner v3.001 - Report created 26/08/2013 at 20:59:02
# Updated 24/08/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\Spyware Crap\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7309 octets] - [25/08/2013 20:26:01]
AdwCleaner[R1].txt - [712 octets] - [26/08/2013 20:59:02]
AdwCleaner[S0].txt - [7434 octets] - [25/08/2013 22:05:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [831 octets] ##########

 

 

 

# AdwCleaner v3.001 - Report created 26/08/2013 at 21:29:15
# Updated 24/08/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\Spyware Crap\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7309 octets] - [25/08/2013 20:26:01]
AdwCleaner[R1].txt - [910 octets] - [26/08/2013 20:59:02]
AdwCleaner[R2].txt - [771 octets] - [26/08/2013 21:29:15]
AdwCleaner[S0].txt - [7434 octets] - [25/08/2013 22:05:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [890 octets] ##########

 

 

 

 

# AdwCleaner v3.001 - Report created 26/08/2013 at 23:47:38
# Updated 24/08/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Lindholm - MARINERS
# Running from : C:\Users\Lindholm\Desktop\Spyware Crap\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Lindholm\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [7309 octets] - [25/08/2013 20:26:01]
AdwCleaner[R1].txt - [910 octets] - [26/08/2013 20:59:02]
AdwCleaner[R2].txt - [969 octets] - [26/08/2013 21:29:15]
AdwCleaner[R3].txt - [830 octets] - [26/08/2013 23:47:39]
AdwCleaner[S0].txt - [7434 octets] - [25/08/2013 22:05:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [949 octets] ##########



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 3,788 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:12:48 PM

Posted 28 August 2013 - 03:04 PM

Hi art_vandelay

Well the AdwCleaner report is clear, which is good.
So everything in the report has been removed.

That zipped .log file is enormous.... a bit too much information there.
How is the system running now?
Any problems still?

unite1.png


#15 art_vandelay

art_vandelay
  • Topic Starter

  • Members
  • 49 posts
  • OFFLINE
  •  
  • Local time:04:48 AM

Posted 28 August 2013 - 03:28 PM

Hi art_vandelay

Well the AdwCleaner report is clear, which is good.
So everything in the report has been removed.

That zipped .log file is enormous.... a bit too much information there.
How is the system running now?
Any problems still?

 

 

Seems to be a bit better.  However, there is still an issue with overall machine slowness when it comes to file search, file browsing, etc.  It does seem to be better after running the sfc instruction.  Is there a way to identify what components were not repaired that doesn't involve an enormous log file?

 

Also, at least 50% of the time the machine will boot to the default user for some reason (different desktop and no internet connectivity) and then the machine will need to be rebooted.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users