Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to run lots of applications, such as Java applets and opening PDFs


  • This topic is locked This topic is locked
18 replies to this topic

#1 brucewig

brucewig

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 29 April 2013 - 03:58 PM

Hi,

 

I've been having lots of trouble with many common applications.  I cannot run Java applets in my browser (neither IE nor Chrome), I can't open Adobe Acrobat Reader.  Also, my computer frequently flashes a quick blue screen and the computer shuts off.

 

I opened up a topic on this forum.  When reinstalling Java and Adobe Acrobat Reader didn't work, 

I was instructed to consult the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.

 

While following the preparation guide, I seemed to be unable to turn on Windows Firewall.  I posted the error messages I received in the topic I opened up  (http://www.bleepingcomputer.com/forums/t/490694/java-and-windows-media-player-problems/).  I was instructed to proceed with DDS.

 

When I ran DDS, I originally ran with both "dds.txt" and "attach.txt" checked.  When I do this, the program hangs where it says "please wait..."  I waited at least 30 minutes, and it was still handing.

 

When I run DDS with only attach.txt checked, it completes and I get a log file.  Here is that log file;

 

---------------------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2010 8:46:35 PM
System Uptime: 4/19/2013 11:35:31 PM (233 hours ago)
.
Motherboard: Dell Inc. |  | 0HN7XN
Processor: Intel® Core™2 Duo CPU     E7600  @ 3.06GHz | CPU | 3059/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 244.668 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 190 GiB total, 27.519 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 4/16/2013 6:00:11 PM - Windows Update
RP136: 4/20/2013 6:42:13 PM - Removed Adobe Reader X (10.1.0).
RP137: 4/20/2013 6:45:18 PM - Installed Java 7 Update 21
RP138: 4/23/2013 6:00:13 PM - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Advanced System Protector
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
calibre
Cobian Backup 11 Gravity
DCP32MMWrapper
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ESET Online Scanner v3
FileZilla Client 3.5.3
Gemalto
Google Chrome
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 17
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
NVIDIA Drivers
OpenOffice.org 3.4.1
Picasa 3
PowerDVD DX
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Wizards
SO32MMWrapper
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
4/23/2013 6:01:07 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2813170).
.
==== End Of File ===========================
 

Please advise on how to continue.   Thanks!



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:11 PM

Posted 04 May 2013 - 04:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/493060 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 07 May 2013 - 04:48 PM

Hi,

 

As stated above, my computer no longer runs Java applets in my browser window, and can no longer display .pdf documents using Adobe Acrobat reader.  I have reinstalled both Java and Adobe Acrobat, but that didn't help.

 

In addition, the computer often shuts itself off.  A blue screen quickly flashes and displays a message that says something like "Windows has encountered an error and is shutting down to avoid damage to your computer."  This frequently happens immediately after reboot, and sometimes the reboots act strangely; for example once I was unable to access my desktop.

 

Windows Media Player is also acting strangely.  It loops forever saying it is downloading information for unkown album.  Right now it is not doing it because I shut off the updating features.  When it's on, the updating features don't even work.

 

Below is the most recent run of DDS, with the "attach.txt" option chosen.  When I try to also run with "dds.txt" chosen, the program just hangs saying "please wait."  I waited for over 30 minutes, and nothing happened.

 

Thanks for the help!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/8/2010 8:46:35 PM
System Uptime: 5/1/2013 2:09:24 PM (147 hours ago)
.
Motherboard: Dell Inc. |  | 0HN7XN
Processor: Intel® Core™2 Duo CPU     E7600  @ 3.06GHz | CPU | 3059/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 283 GiB total, 241.698 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 190 GiB total, 31.518 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP135: 4/16/2013 6:00:11 PM - Windows Update
RP136: 4/20/2013 6:42:13 PM - Removed Adobe Reader X (10.1.0).
RP137: 4/20/2013 6:45:18 PM - Installed Java 7 Update 21
RP138: 4/23/2013 6:00:13 PM - Windows Update
RP139: 4/30/2013 6:00:12 PM - Windows Update
RP140: 4/30/2013 6:53:31 PM - Windows Update
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.02)
Advanced System Protector
BioAPI Framework
Broadcom NetXtreme-I Netlink Driver and Management Installer
calibre
Cobian Backup 11 Gravity
DCP32MMWrapper
Dell Backup and Recovery Manager
Dell Control Point
Dell ControlPoint Security Manager
Dell Edoc Viewer
Dell Embassy Trust Suite by Wave Systems
Dell Security Device Driver Pack
Document Manager Lite
EMBASSY Security Center
EMBASSY Security Setup
ESC Home Page Plugin
ESET Online Scanner v3
FileZilla Client 3.5.3
Gemalto
Google Chrome
Java 7 Update 21
Java Auto Updater
Java™ 6 Update 17
Java™ SE Development Kit 7 Update 3
JavaFX 2.0.3
JavaFX 2.0.3 SDK
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NTRU TCG Software Stack
NVIDIA Drivers
OpenOffice.org 3.4.1
Picasa 3
PowerDVD DX
Preboot Manager
Private Information Manager
Realtek High Definition Audio Driver
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE 10.3
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Wizards
SO32MMWrapper
Trusted Drive Manager
UPEK TouchChip Fingerprint Reader
Wave Infrastructure Installer
Wave Support Software
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
5/1/2013 2:10:30 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  fyvs
5/1/2013 2:10:30 PM, Error: Service Control Manager [7001]  - The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:  The operation completed successfully.
4/30/2013 7:40:49 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
4/30/2013 7:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/30/2013 7:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/30/2013 7:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/30/2013 7:40:48 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/30/2013 7:40:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/30/2013 7:40:41 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/30/2013 7:38:21 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache fyvs NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
4/30/2013 7:38:20 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
4/30/2013 6:53:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2813170).
4/30/2013 6:23:55 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000008e (0xc0000005, 0x82c62114, 0x9fcdfaec, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 043013-49592-01.
4/30/2013 6:20:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x00000050 (0xfffffff8, 0x00000000, 0x82c67550, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 043013-40763-01.
4/30/2013 6:17:33 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
4/30/2013 6:17:33 PM, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
4/30/2013 6:17:33 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/30/2013 6:17:03 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
.
==== End Of File ===========================
 



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 12 May 2013 - 09:03 AM

Greetings brucewig and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

I notice you are not following this topic. Please be sure to click Follow this topic near the upper right hand portion of the screen.

Thank you for your patience thus far. Please run the following programs for me.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Farbar Recovery Scan Tool (FRST) in Normal or Safe Mode

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Attach.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL log
  • Extra log
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 14 May 2013 - 01:56 AM

Hi Gary,

 

Thanks for the help--please call me Bruce.

 

Here is the OTL log:

 

OTL logfile created on: 5/14/2013 2:40:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 44.92% Memory free
6.49 Gb Paging File | 4.06 Gb Available in Paging File | 62.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 240.75 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive E: | 189.87 Gb Total Space | 31.52 Gb Free Space | 16.60% Space Free | Partition Type: FAT32
 
Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/14 02:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
PRC - [2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2013/01/03 22:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/08 21:48:57 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2009/11/12 12:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/26 18:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/08/14 14:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/07/27 14:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/23 23:32:30 | 000,282,480 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\3.0.40624.0\Silverlight.Configuration.exe
PRC - [2009/06/11 23:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2013/04/09 20:10:19 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/04/09 19:33:25 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/04/09 19:33:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/04/09 19:33:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/04/09 19:33:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/04/09 19:33:03 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/04/09 19:32:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/11/12 02:44:33 | 000,390,144 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/04 18:43:47 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/03/04 18:43:47 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/07/27 14:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 14:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 15:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/11 03:35:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 14:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pcldws.sys -- (fyvs)
DRV - [2009/09/04 13:35:00 | 002,747,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/27 14:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/26 18:01:00 | 009,777,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/20 08:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 13:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 16:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{422B43F1-8601-49D3-9051-457981D93595}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wargameroom.com/
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012/03/19 21:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2012/03/19 22:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1ds6cq78.default\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002&barid={E984C565-7229-11E1-8984-002564C48480}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
 
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll ()
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{613AD6BB-F17D-466E-A0CC-942107A53BD6}: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,049,648 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/14 02:39:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/04/29 15:31:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bruce\Desktop\dds.com
[2013/04/29 13:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2013/04/21 14:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/04/21 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/04/21 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/04/21 14:11:41 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Systweak
[2013/04/21 14:11:40 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/04/20 19:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/04/20 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/20 18:46:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/20 18:46:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/20 18:46:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/20 18:42:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/19 16:29:30 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\JavaRa-2.0
[2013/04/19 15:41:03 | 000,760,335 | ---- | C] (Farbar) -- C:\Users\Bruce\Desktop\MiniToolBox.exe
[2013/04/16 18:01:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/16 18:01:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/16 18:01:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/16 18:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/16 18:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/16 18:01:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/16 18:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/16 18:00:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/05 15:45:50 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bruce\tdsskiller.exe
[2012/03/06 19:45:57 | 088,210,392 | ---- | C] (Oracle Corporation) -- C:\Users\Bruce\jdk-7u3-windows-i586.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/14 02:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/05/14 02:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000UA.job
[2013/05/13 23:43:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000Core1ce279446effa99.job
[2013/05/08 14:56:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 14:56:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 21:45:04 | 000,000,907 | ---- | M] () -- C:\Windows\KEDITW.INI
[2013/05/01 14:15:49 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/01 14:15:49 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/01 14:13:15 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\AppData\Local\WavXMapDrive.bat
[2013/05/01 14:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 14:09:30 | 2615,382,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/30 18:23:10 | 236,261,939 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/29 15:31:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bruce\Desktop\dds.com
[2013/04/21 14:11:53 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/20 19:01:21 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/19 16:29:06 | 000,135,237 | ---- | M] () -- C:\Users\Bruce\Desktop\JavaRa-2.0.zip
[2013/04/19 15:47:32 | 000,613,083 | ---- | M] () -- C:\Users\Bruce\Desktop\AdwCleaner.exe
[2013/04/19 15:41:22 | 000,760,335 | ---- | M] (Farbar) -- C:\Users\Bruce\Desktop\MiniToolBox.exe
[2013/04/16 18:30:07 | 000,308,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/04/29 16:39:17 | 000,000,907 | ---- | C] () -- C:\Windows\KEDITW.INI
[2013/04/21 14:11:53 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/21 14:11:52 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/04/20 19:01:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/20 19:01:21 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/19 16:29:04 | 000,135,237 | ---- | C] () -- C:\Users\Bruce\Desktop\JavaRa-2.0.zip
[2013/04/19 15:47:29 | 000,613,083 | ---- | C] () -- C:\Users\Bruce\Desktop\AdwCleaner.exe
[2012/04/06 01:08:22 | 000,000,667 | ---- | C] () -- C:\Users\Bruce\Bruce - Shortcut.lnk
[2010/12/08 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\AppData\Local\WavXMapDrive.bat
 
========== ZeroAccess Check ==========
 
[2012/11/21 20:54:54 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

-------------------------------------------------------

 

Here is the Extras log:

 

OTL Extras logfile created on: 5/14/2013 2:40:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.25 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 44.92% Memory free
6.49 Gb Paging File | 4.06 Gb Available in Paging File | 62.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 240.75 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive E: | 189.87 Gb Total Space | 31.52 Gb Free Space | 16.60% Space Free | Partition Type: FAT32
 
Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{11DB380B-48CF-46EA-8B03-51874E2733C9}" = Dell Control Point
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{2E98C5B7-D64C-4D7E-BFC3-A7D078569F28}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3237887D-8AC4-4C27-BDF4-57D7CB0351D6}" = SO32MMWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java™ SE Development Kit 7 Update 3
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{71084075-ABA7-48BC-9733-F56A9ABD184D}" = DCP32MMWrapper
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{79B520D5-CE72-4661-A054-804BC3412516}" = Wave Infrastructure Installer
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DD67529-BA26-4D12-97A8-3853D0C4B67D}" = Dell Backup and Recovery Manager
"{90120000-0017-0000-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer 2007
"{90120000-0017-0000-0000-0000000FF1CE}_SharePointDesigner_{37180755-CA2B-40AD-9637-89FB0CE7CB36}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-0017-0409-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (English) 2007
"{90120000-0017-0409-0000-0000000FF1CE}_SharePointDesigner_{E3FED5B9-29D7-42E7-B10D-88AFEAF470F0}" = Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SharePointDesigner_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SharePointDesigner_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SharePointDesigner_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SharePointDesigner_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C3FA63E2-AFD3-41FD-B48F-1D942CC71943}" = UPEK TouchChip Fingerprint Reader
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}" = calibre
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CobBackup11" = Cobian Backup 11 Gravity
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.5.3
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SharePointDesigner" = Microsoft Office SharePoint Designer 2007
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2011915119-3138510129-4040441681-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/11/2013 10:09:47 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: Flash11e.ocx, version: 11.1.102.55, time
 stamp: 0x4eaf89fc  Exception code: 0xc0000005  Fault offset: 0x0016cdc1  Faulting process
 id: 0x1798  Faulting application start time: 0x01ce36bd07796bba  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11e.ocx
Report
 Id: 772699ab-a2b1-11e2-b00c-002564c48480
 
Error - 4/11/2013 10:22:47 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: jscript9.dll, version: 9.0.8112.16470, time
 stamp: 0x510c8a28  Exception code: 0xc0000005  Fault offset: 0x000b90f1  Faulting process
 id: 0xf88  Faulting application start time: 0x01ce36be3fa6cf92  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\System32\jscript9.dll
Report
 Id: 4803b44a-a2b3-11e2-b00c-002564c48480
 
Error - 4/11/2013 10:47:23 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: jscript9.dll, version: 9.0.8112.16470, time
 stamp: 0x510c8a28  Exception code: 0xc0000005  Fault offset: 0x000b90f1  Faulting process
 id: 0x10b8  Faulting application start time: 0x01ce36c010ad6b2b  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\System32\jscript9.dll
Report
 Id: b7aeb042-a2b6-11e2-b00c-002564c48480
 
Error - 4/11/2013 11:08:23 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: jscript9.dll, version: 9.0.8112.16470, time
 stamp: 0x510c8a28  Exception code: 0xc0000005  Fault offset: 0x000b90f1  Faulting process
 id: 0xd88  Faulting application start time: 0x01ce36c380529afb  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\System32\jscript9.dll
Report
 Id: a6afd8e5-a2b9-11e2-b00c-002564c48480
 
Error - 4/11/2013 11:16:41 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: Flash11e.ocx, version: 11.1.102.55, time
 stamp: 0x4eaf89fc  Exception code: 0xc0000005  Fault offset: 0x0016cdc1  Faulting process
 id: 0x88c  Faulting application start time: 0x01ce36c66f393692  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11e.ocx
Report
 Id: cfc1a3c1-a2ba-11e2-b00c-002564c48480
 
Error - 4/11/2013 11:33:11 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: jscript9.dll, version: 9.0.8112.16470, time
 stamp: 0x510c8a28  Exception code: 0xc0000005  Fault offset: 0x000b90f1  Faulting process
 id: 0x15e4  Faulting application start time: 0x01ce36c7985a91dc  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\System32\jscript9.dll
Report
 Id: 1db99c99-a2bd-11e2-b00c-002564c48480
 
Error - 4/11/2013 11:45:42 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc100  Faulting module name: Flash11e.ocx, version: 11.1.102.55, time
 stamp: 0x4eaf89fc  Exception code: 0xc0000005  Fault offset: 0x00117d30  Faulting process
 id: 0xed8  Faulting application start time: 0x01ce36c9e6413911  Faulting application
 path: C:\Windows\system32\svchost.exe  Faulting module path: C:\Windows\system32\Macromed\Flash\Flash11e.ocx
Report
 Id: dd2c5541-a2be-11e2-b00c-002564c48480
 
Error - 4/11/2013 3:46:41 PM | Computer Name = Bruce-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 on line 2.  Invalid Xml syntax.
 
Error - 4/11/2013 5:57:24 PM | Computer Name = Bruce-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16470 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1574    Start
 Time: 01ce36fdbc789263    Termination Time: 50    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 4/12/2013 6:45:00 PM | Computer Name = Bruce-PC | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "c:\program files\microsoft\search
 enhancement pack\search helper\searchhelper.dll".Error in manifest or policy file
 "c:\program files\microsoft\search enhancement pack\search helper\searchhelper.dll"
 on line 2.  Invalid Xml syntax.
 
[ System Events ]
Error - 8/11/2012 10:46:50 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
Error - 8/18/2012 12:02:56 AM | Computer Name = Bruce-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:01:31 AM on ?8/?18/?2012 was unexpected.
 
Error - 8/18/2012 12:02:58 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
Error - 8/18/2012 6:41:10 AM | Computer Name = Bruce-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:39:49 AM on ?8/?18/?2012 was unexpected.
 
Error - 8/18/2012 6:41:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
Error - 8/21/2012 6:28:11 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
Error - 8/28/2012 4:40:29 PM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
 service which failed to start because of the following error:   %%0
 
 
< End of report >

 

------------------------------------

 

Now the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-05-2013
Ran by Bruce (administrator) on 14-05-2013 02:50:30
Running from C:\Users\Bruce\Desktop
Windows 7 Professional (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corp.) C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Dell Inc.) C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
(Broadcom Corporation) C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Microsoft) C:\dell\DBRM\Reminder\DbrmTrayicon.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Microsoft Corporation) c:\Program Files\Microsoft Silverlight\3.0.40624.0\Silverlight.Configuration.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
() C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\cscript.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Farbar) C:\Users\Bruce\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe [2691072 2009-08-26] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [13789728 2009-06-26] (NVIDIA Corporation)
HKLM\...\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12 [184320 2009-06-03] (Wave Systems Corp.)
HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [134656 2009-07-27] (Wave Systems Corp.)
HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [656384 2009-06-11] (Dell Inc.)
HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [15872 2009-08-14] (Broadcom Corporation)
HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM\...\Run: [DBRMTray] C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [203776 2009-11-12] (Microsoft)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [DBRMTray] C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2009-10-18] (Microsoft)
HKCU\...\Run: [Google Update] "C:\Users\Bruce\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-03-05] (Google Inc.)
HKCU\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [3883856 2009-07-26] (Microsoft Corporation)
HKCU\...\Run: [Adobe] rundll32.exe "C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll",DllRegisterServerW [390144 2012-11-12] ()
HKCU\...\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -update activex [247968 2011-12-08] (Adobe Systems, Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wargameroom.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {422B43F1-8601-49D3-9051-457981D93595} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU -&Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130

Chrome:
=======
CHR DefaultSearchURL: (SweetIM Search) - http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002&barid={E984C565-7229-11E1-8984-002564C48480}
CHR DefaultSuggestURL: (SweetIM Search) -       "suggest_url": ""
CHR Plugin: (Shockwave Flash) - C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java™ Platform SE 7 U3) - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)

========================== Services (Whitelisted) =================

S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1019904 2009-06-03] (Wave Systems Corp.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()
R2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1622016 2009-06-11] (Wave Systems Corp.)

==================== Drivers (Whitelisted) ====================

S3 Blfp; C:\Windows\System32\DRIVERS\basp.sys [84992 2009-05-11] (Broadcom Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHDA.sys [2747424 2009-09-04] (Realtek Semiconductor Corp.)
R0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [200192 2009-07-27] (Wave Systems Corp.)
S0 fyvs; System32\drivers\pcldws.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-14 02:50 - 2013-05-14 02:50 - 00000000 ____D C:\FRST
2013-05-14 02:49 - 2013-05-14 02:49 - 01317219 ____A (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2013-05-14 02:45 - 2013-05-14 02:45 - 00054208 ____A C:\Users\Bruce\Desktop\OTL.Txt
2013-05-14 02:45 - 2013-05-14 02:45 - 00037064 ____A C:\Users\Bruce\Desktop\Extras.Txt
2013-05-14 02:39 - 2013-05-14 02:39 - 00602112 ____A (OldTimer Tools) C:\Users\Bruce\Desktop\OTL.exe
2013-04-30 18:23 - 2013-04-30 18:23 - 00152184 ____A C:\Windows\Minidump\043013-49592-01.dmp
2013-04-30 18:21 - 2013-04-30 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Systweak
2013-04-30 18:21 - 2013-04-30 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Systweak
2013-04-30 18:20 - 2013-04-30 18:20 - 00152280 ____A C:\Windows\Minidump\043013-40763-01.dmp
2013-04-29 16:39 - 2013-05-07 21:45 - 00000907 ____A C:\Windows\KEDITW.INI
2013-04-29 16:39 - 2013-05-07 17:02 - 00009814 ____A C:\Users\Bruce\Desktop\attach.txt
2013-04-29 15:31 - 2013-04-29 15:31 - 00688992 ____R (Swearware) C:\Users\Bruce\Desktop\dds.com
2013-04-29 13:50 - 2013-04-29 13:50 - 00000000 ____D C:\Program Files\Cobian Backup 11
2013-04-24 05:44 - 2013-04-12 09:58 - 01210728 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-21 14:11 - 2013-04-28 17:09 - 00000000 ____D C:\Users\Bruce\AppData\Roaming\Systweak
2013-04-21 14:11 - 2013-04-21 14:11 - 00001165 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-04-21 14:11 - 2013-04-21 14:11 - 00000000 ____D C:\ProgramData\Systweak
2013-04-21 14:11 - 2013-04-21 14:11 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-04-21 14:11 - 2012-12-10 12:01 - 00018360 ____A (Systweak Inc., (www.systweak.com)) C:\Windows\System32\roboot.exe
2013-04-21 14:11 - 2012-07-25 12:03 - 00017136 ____A C:\Windows\System32\sasnative32.exe
2013-04-20 19:01 - 2013-04-20 19:01 - 00001991 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-20 19:01 - 2013-04-20 19:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-04-20 18:46 - 2013-04-20 18:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-20 18:46 - 2013-04-04 05:35 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2013-04-20 18:46 - 2013-04-04 05:30 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2013-04-20 18:46 - 2013-04-04 05:29 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2013-04-20 18:45 - 2013-04-20 18:46 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-19 23:36 - 2013-04-19 23:36 - 00152280 ____A C:\Windows\Minidump\041913-80090-01.dmp
2013-04-19 23:31 - 2013-04-19 23:31 - 00152280 ____A C:\Windows\Minidump\041913-58968-01.dmp
2013-04-19 16:29 - 2013-04-19 16:29 - 00135237 ____A C:\Users\Bruce\Desktop\JavaRa-2.0.zip
2013-04-19 16:29 - 2013-04-19 16:29 - 00000000 ____D C:\Users\Bruce\Desktop\JavaRa-2.0
2013-04-19 15:56 - 2013-04-19 15:56 - 00152280 ____A C:\Windows\Minidump\041913-55161-01.dmp
2013-04-19 15:48 - 2013-04-19 15:48 - 00003801 ____A C:\AdwCleaner[S2].txt
2013-04-19 15:47 - 2013-04-19 15:47 - 00613083 ____A C:\Users\Bruce\Desktop\AdwCleaner.exe
2013-04-19 15:43 - 2013-04-19 15:44 - 00023867 ____A C:\Users\Bruce\Desktop\Result.txt
2013-04-19 15:41 - 2013-04-19 15:41 - 00760335 ____A (Farbar) C:\Users\Bruce\Desktop\MiniToolBox.exe
2013-04-16 18:01 - 2013-02-21 23:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-16 18:01 - 2013-02-21 23:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-16 18:01 - 2013-02-21 23:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-04-16 18:01 - 2013-02-21 23:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-16 18:01 - 2013-02-21 23:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-16 18:01 - 2013-02-21 23:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-04-16 18:01 - 2013-02-21 23:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-04-16 18:01 - 2013-02-21 23:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-16 18:01 - 2013-02-21 23:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-16 18:01 - 2013-02-21 23:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-16 18:01 - 2013-02-21 23:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-04-16 18:01 - 2013-02-21 23:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-16 18:00 - 2013-02-22 00:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-16 18:00 - 2013-02-21 23:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-16 18:00 - 2013-02-21 23:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-16 18:00 - 2013-02-21 23:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

==================== One Month Modified Files and Folders ========

2013-05-14 02:50 - 2013-05-14 02:50 - 00000000 ____D C:\FRST
2013-05-14 02:49 - 2013-05-14 02:49 - 01317219 ____A (Farbar) C:\Users\Bruce\Desktop\FRST.exe
2013-05-14 02:49 - 2010-12-10 19:25 - 00000000 ____D C:\Bruce
2013-05-14 02:45 - 2013-05-14 02:45 - 00054208 ____A C:\Users\Bruce\Desktop\OTL.Txt
2013-05-14 02:45 - 2013-05-14 02:45 - 00037064 ____A C:\Users\Bruce\Desktop\Extras.Txt
2013-05-14 02:39 - 2013-05-14 02:39 - 00602112 ____A (OldTimer Tools) C:\Users\Bruce\Desktop\OTL.exe
2013-05-14 02:30 - 2012-03-19 21:05 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000UA.job
2013-05-14 02:21 - 2009-07-14 00:55 - 01193970 ____A C:\Windows\WindowsUpdate.log
2013-05-13 23:43 - 2013-03-23 03:01 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000Core1ce279446effa99.job
2013-05-10 17:49 - 2012-03-19 20:14 - 00000000 ____D C:\Users\Bruce\AppData\Roaming\FileZilla
2013-05-08 14:56 - 2009-07-14 00:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-08 14:56 - 2009-07-14 00:34 - 00014256 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 21:45 - 2013-04-29 16:39 - 00000907 ____A C:\Windows\KEDITW.INI
2013-05-07 17:02 - 2013-04-29 16:39 - 00009814 ____A C:\Users\Bruce\Desktop\attach.txt
2013-05-01 14:15 - 2010-03-04 18:37 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-01 14:13 - 2012-03-19 21:13 - 00000000 ____D C:\Users\Bruce\Tracing
2013-05-01 14:13 - 2010-12-08 21:47 - 00000000 ____A C:\Users\Bruce\AppData\Local\WavXMapDrive.bat
2013-05-01 14:10 - 2009-07-14 00:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-01 14:10 - 2009-07-14 00:39 - 00022221 ____A C:\Windows\setupact.log
2013-04-30 18:23 - 2013-04-30 18:23 - 00152184 ____A C:\Windows\Minidump\043013-49592-01.dmp
2013-04-30 18:23 - 2012-11-09 14:37 - 236261939 ____A C:\Windows\MEMORY.DMP
2013-04-30 18:23 - 2012-11-09 14:37 - 00000000 ____D C:\Windows\Minidump
2013-04-30 18:21 - 2013-04-30 18:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Systweak
2013-04-30 18:21 - 2013-04-30 18:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Systweak
2013-04-30 18:20 - 2013-04-30 18:20 - 00152280 ____A C:\Windows\Minidump\043013-40763-01.dmp
2013-04-30 18:12 - 2010-03-04 20:31 - 00028950 ____A C:\Windows\PFRO.log
2013-04-29 15:31 - 2013-04-29 15:31 - 00688992 ____R (Swearware) C:\Users\Bruce\Desktop\dds.com
2013-04-29 13:50 - 2013-04-29 13:50 - 00000000 ____D C:\Program Files\Cobian Backup 11
2013-04-28 17:09 - 2013-04-21 14:11 - 00000000 ____D C:\Users\Bruce\AppData\Roaming\Systweak
2013-04-21 14:11 - 2013-04-21 14:11 - 00001165 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-04-21 14:11 - 2013-04-21 14:11 - 00000000 ____D C:\ProgramData\Systweak
2013-04-21 14:11 - 2013-04-21 14:11 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-04-20 19:04 - 2011-07-22 17:22 - 00000000 ____D C:\ProgramData\Adobe
2013-04-20 19:01 - 2013-04-20 19:01 - 00001991 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-04-20 19:01 - 2013-04-20 19:01 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-04-20 19:01 - 2011-07-22 17:22 - 00000000 ____D C:\Program Files\Adobe
2013-04-20 18:46 - 2013-04-20 18:46 - 00000000 ____D C:\Program Files\Common Files\Java
2013-04-20 18:46 - 2013-04-20 18:45 - 00003903 ____A C:\Windows\System32\jupdate-1.7.0_21-b11.log
2013-04-20 18:46 - 2010-03-04 18:37 - 00000000 ____D C:\Program Files\Java
2013-04-19 23:36 - 2013-04-19 23:36 - 00152280 ____A C:\Windows\Minidump\041913-80090-01.dmp
2013-04-19 23:31 - 2013-04-19 23:31 - 00152280 ____A C:\Windows\Minidump\041913-58968-01.dmp
2013-04-19 16:29 - 2013-04-19 16:29 - 00135237 ____A C:\Users\Bruce\Desktop\JavaRa-2.0.zip
2013-04-19 16:29 - 2013-04-19 16:29 - 00000000 ____D C:\Users\Bruce\Desktop\JavaRa-2.0
2013-04-19 15:56 - 2013-04-19 15:56 - 00152280 ____A C:\Windows\Minidump\041913-55161-01.dmp
2013-04-19 15:48 - 2013-04-19 15:48 - 00003801 ____A C:\AdwCleaner[S2].txt
2013-04-19 15:47 - 2013-04-19 15:47 - 00613083 ____A C:\Users\Bruce\Desktop\AdwCleaner.exe
2013-04-19 15:44 - 2013-04-19 15:43 - 00023867 ____A C:\Users\Bruce\Desktop\Result.txt
2013-04-19 15:41 - 2013-04-19 15:41 - 00760335 ____A (Farbar) C:\Users\Bruce\Desktop\MiniToolBox.exe
2013-04-16 19:07 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\rescache
2013-04-16 18:30 - 2009-07-14 00:33 - 00308432 ____A C:\Windows\System32\FNTCACHE.DAT

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176
C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@
C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L
C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U

Other Malware:
===========
C:\Users\Bruce\jdk-7u3-windows-i586.exe
C:\Users\Bruce\tdsskiller.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-02 23:28] - [2012-09-06 12:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E

 

Last Boot: 2013-04-30 21:41

 

==================== End Of Log ============================

 

-------------------------------------------------

 

Finally, the addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-05-2013
Ran by Bruce at 2013-05-14 02:50:49 Run:
Running from C:\Users\Bruce\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe AIR (Version: 2.7.0.19530)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader XI (11.0.02) (Version: 11.0.02)
Advanced System Protector (Version: 2.1.1000.10844)
BioAPI Framework (Version: 1.0.1)
Broadcom NetXtreme-I Netlink Driver and Management Installer (Version: 12.25.02)
calibre (Version: 0.9.9)
Cobian Backup 11 Gravity
DCP32MMWrapper (Version: 1.6.334.60)
Dell Backup and Recovery Manager (Version: 1.2.1)
Dell Control Point (Version: 1.6.334.60)
Dell ControlPoint Security Manager (Version: 1.6.334.60)
Dell Edoc Viewer (Version: 1.0.0)
Dell Embassy Trust Suite by Wave Systems (Version: 03.04.00.063)
Dell Security Device Driver Pack (Version: 1.3.039)
Document Manager Lite (Version: 06.09.00.121)
EMBASSY Security Center (Version: 03.09.00.092)
EMBASSY Security Setup (Version: 03.09.00.102)
ESC Home Page Plugin (Version: 03.04.00.029)
ESET Online Scanner v3
FileZilla Client 3.5.3 (Version: 3.5.3)
Gemalto (Version: 01.01.00.0000)
Google Chrome (Version: 26.0.1410.64)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 17 (Version: 6.0.170)
Java™ SE Development Kit 7 Update 3 (Version: 1.7.0.30)
JavaFX 2.0.3 (Version: 2.0.3)
JavaFX 2.0.3 SDK (Version: 2.0.3)
Junk Mail filter update (Version: 14.0.8089.726)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office Proof (English) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6213.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Office SharePoint Designer 2007 (Version: 12.0.6215.1000)
Microsoft Office SharePoint Designer 2007 Service Pack 1 (SP1)
Microsoft Office SharePoint Designer MUI (English) 2007 (Version: 12.0.6215.1000)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 3.0.40624.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NTRU TCG Software Stack (Version: 2.1.29)
NVIDIA Drivers (Version: 1.4)
OpenOffice.org 3.4.1 (Version: 3.41.9593)
Picasa 3 (Version: 3.8)
PowerDVD DX (Version: 8.3.5424)
Preboot Manager (Version: 02.09.00.071)
Private Information Manager (Version: 06.04.00.047)
Realtek High Definition Audio Driver (Version: 6.0.1.5871)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE 10.3 (Version: 10.3)
Roxio Creator DE 10.3 (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.2)
Roxio Update Manager (Version: 6.0.0)
Security Wizards (Version: 01.07.00.016)
SO32MMWrapper (Version: 1.6.334.60)
Trusted Drive Manager (Version: 3.1.0.116)
UPEK TouchChip Fingerprint Reader (Version: 1.1.0)
Wave Infrastructure Installer (Version: 07.00.21.0000)
Wave Support Software (Version: 05.10.00.046)
Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5) (Version: 01/07/2008 1.0.1.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Toolbar (Version: 14.0.8064.206)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)

==================== Restore Points  =========================

16-04-2013 22:00:11 Windows Update
20-04-2013 22:42:13 Removed Adobe Reader X (10.1.0).
20-04-2013 22:45:18 Installed Java 7 Update 21
23-04-2013 22:00:13 Windows Update
30-04-2013 22:00:12 Windows Update
30-04-2013 22:53:31 Windows Update
07-05-2013 22:00:11 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2013 00:15:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: java.exe, version: 7.0.210.11, time stamp: 0x515d68ea
Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time stamp: 0x4eeaf834
Exception code: 0xc0000005
Fault offset: 0x00009b60
Faulting process id: 0x760
Faulting application start time: 0xjava.exe0
Faulting application path: java.exe1
Faulting module path: java.exe2
Report Id: java.exe3

Error: (05/09/2013 00:13:17 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16476 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 874

Start Time: 01ce4c32811dc8fa

Termination Time: 92

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/07/2013 06:00:12 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetVolumeComponents.  hr = 0x80073bc3, The requested system device cannot be found.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {cb1099e0-1915-47a5-993b-72d8ccb3477d}

Error: (05/02/2013 08:54:16 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (05/01/2013 02:20:28 PM) (Source: Application Error) (User: )
Description: Faulting application name: java.exe, version: 7.0.210.11, time stamp: 0x515d68ea
Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time stamp: 0x4eeaf834
Exception code: 0xc0000005
Fault offset: 0x00009b60
Faulting process id: 0x1a90
Faulting application start time: 0xjava.exe0
Faulting application path: java.exe1
Faulting module path: java.exe2
Report Id: java.exe3

Error: (05/01/2013 02:20:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: java.exe, version: 7.0.210.11, time stamp: 0x515d68ea
Faulting module name: msvcrt.dll, version: 7.0.7600.16930, time stamp: 0x4eeaf834
Exception code: 0xc0000005
Fault offset: 0x00009b60
Faulting process id: 0x15e8
Faulting application start time: 0xjava.exe0
Faulting application path: java.exe1
Faulting module path: java.exe2
Report Id: java.exe3

Error: (05/01/2013 02:13:25 PM) (Source: Wave TCG Client Services) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Error: (04/30/2013 07:51:02 PM) (Source: Wave TCG Client Services) (User: )
Description: The NTRU TSS is not running, Wave Software is unable to communicate to TPM

Error: (04/30/2013 06:53:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine ConvertStringSidToSid(S-1-5-21-2011915119-3138510129-4040441681-1000.bak).  hr = 0x80070539, The security ID structure is invalid.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: Shadow Copy Optimization Writer
   Writer Class Id: {4dc3bdd4-ab48-4d07-adb0-3bee2926fd7f}
   Writer Name: Shadow Copy Optimization Writer
   Writer Instance ID: {5a76bd64-6b19-4ac2-b1a0-fb7556a40223}

Error: (04/30/2013 06:53:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IVssAsrWriterBackup::GetVolumeComponents.  hr = 0x80073bc3, The requested system device cannot be found.
.

Operation:
   OnIdentify event
   Gathering Writer Data

Context:
   Execution Context: ASR Writer
   Writer Class Id: {be000cbe-11fe-4426-9c58-531aa6355fc4}
   Writer Name: ASR Writer
   Writer Instance ID: {af127e14-b32f-472a-9030-86410a25b5d2}

System errors:
=============
Error: (05/07/2013 06:00:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 (KB2813170).

Error: (05/01/2013 02:10:30 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
fyvs

Error: (05/01/2013 02:10:30 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/30/2013 07:50:38 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
fyvs

Error: (04/30/2013 07:50:37 PM) (Source: Service Control Manager) (User: )
Description: The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (04/30/2013 07:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/30/2013 07:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/30/2013 07:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/30/2013 07:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/30/2013 07:40:49 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-05-14 02:49:53.952
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-14 02:49:53.912
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-09 12:17:43.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-09 12:17:43.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-09 12:11:05.093
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-09 12:11:05.050
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-08 03:17:04.792
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-08 03:17:04.742
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-08 03:07:03.004
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2013-05-08 03:07:02.961
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 3325.63 MB
Available physical RAM: 1467.87 MB
Total Pagefile: 6649.54 MB
Available Pagefile: 4360.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.57 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:240.69 GB) NTFS
Drive e: () (Fixed) (Total:189.87 GB) (Free:31.52 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: BB35CE84)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: 9503C6AB)
Partition 1: (Not Active) - (Size=190 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Hope you can make sense of this.  :-)   Thanks!

 

Bruce



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 14 May 2013 - 02:56 PM

Hi Bruce,

It is nice to meet you. I really appreciate your patience.

Can you tell me if you intentionally installed Advanced System Protector? Sometimes that program is installed without a user's knowledge.

I have several things for you to do for me but first I must advise you of the following.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
PRC - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2012/11/12 02:44:33 | 000,390,144 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pcldws.sys -- (fyvs)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/11/21 20:54:54 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
:Commands
[emptyjava]
[emptyflash]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • OTL log
  • How is your computer running? Any noticeable difference?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 16 May 2013 - 06:58 PM

Hi Gary,

 

I ran all three programs: the logs are below.  I still cannot run Java applets nor open .pdfs

 

A few notes:

 

After I ran AdwCleaner and my computer rebooted, I got the following error message:

"Java™ Platform SE binary has stopped working"

 

When I clicked on "Show Problem Details" I got the following:

 

Problem signature:
  Problem Event Name:   APPCRASH
  Application Name:     java.exe
  Application Version:  7.0.210.11
  Application Timestamp:        515d68ea
  Fault Module Name:    msvcrt.dll
  Fault Module Version: 7.0.7600.16930
  Fault Module Timestamp:       4eeaf834
  Exception Code:       c0000005
  Exception Offset:     00009b60
  OS Version:   6.1.7600.2.0.0.256.48
  Locale ID:    1033
  Additional Information 1:     593e
  Additional Information 2:     593e194003beaf29d4590fd9c630fd47
  Additional Information 3:     0220
  Additional Information 4:     0220eb744f9e05664a1ce1bc5a980103

-----------------------------

After running JRT, I noticed that file extensions were being hidden in my folders.  I usually have it so that I can see all file name extensions.

 

Here are the results for AdwCleaner:

# AdwCleaner v2.301 - Logfile created 05/16/2013 at 17:50:55
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Professional  (32 bits)
# User : Bruce - BRUCE-PC
# Boot Mode : Normal
# Running from : C:\Users\Bruce\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector

***** [Registry] *****

Key Deleted : HKLM\Software\Classes\Installer\Features\54A306F2659DB694185B057D28249467
Key Deleted : HKLM\Software\Classes\Installer\Products\54A306F2659DB694185B057D28249467
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\54A306F2659DB694185B057D28249467

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Bruce\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.26] : keyword = "search.sweetim.com",
Deleted [l.30] : search_url = "hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002&barid=[...]

*************************

AdwCleaner[S1].txt - [4588 octets] - [10/10/2012 16:45:08]
AdwCleaner[S2].txt - [3801 octets] - [19/04/2013 15:48:42]
AdwCleaner[S3].txt - [1494 octets] - [16/05/2013 17:50:55]

########## EOF - C:\AdwCleaner[S3].txt - [1554 octets] ##########

-----------------

Now, the log file for JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Professional x86
Ran by Bruce on Thu 05/16/2013 at 18:29:17.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?

   Val Name      Type   Value Data
   ========      ====   ==========
    Adobe    REG_SZ    rundll32.exe "C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll",DllRegisterServerW

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak

 

~~~ Files

Successfully deleted: [File] "C:\Windows\system32\roboot.exe"

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\systweak"
Successfully deleted: [Folder] "C:\Users\Bruce\AppData\Roaming\systweak"

 

~~~ Chrome

Dumping contents of C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default
C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default\aadidegedddbdgdcgbdcdgdddegcdeda
C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default\aadidegedddbdgdcgbdcdgdddegcdeda\background.js
C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default\aadidegedddbdgdcgbdcdgdddegcdeda\ContentScript.js
C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default\aadidegedddbdgdcgbdcdgdddegcdeda\manifest.json

Successfully deleted: [Folder] C:\Users\Bruce\appdata\local\Google\Chrome\User Data\Default\Default [Default Extension 1.0]

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/16/2013 at 18:31:31.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------

OTL logfile created on: 5/14/2013 2:40:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Bruce\Desktop
 Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 44.92% Memory free
6.49 Gb Paging File | 4.06 Gb Available in Paging File | 62.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.40 Gb Total Space | 240.75 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive E: | 189.87 Gb Total Space | 31.52 Gb Free Space | 16.60% Space Free | Partition Type: FAT32

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/14 02:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
PRC - [2013/04/04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\javaw.exe
PRC - [2013/01/03 22:59:29 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/13 10:57:02 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2012/08/13 10:57:02 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2011/12/08 21:48:57 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2009/11/12 12:55:30 | 000,203,776 | ---- | M] (Microsoft) -- C:\dell\DBRM\Reminder\DbrmTrayicon.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/26 18:49:00 | 002,691,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe
PRC - [2009/08/14 14:30:56 | 000,015,872 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/07/27 14:18:02 | 000,134,656 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:16 | 000,126,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
PRC - [2009/07/13 21:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/23 23:32:30 | 000,282,480 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Silverlight\3.0.40624.0\Silverlight.Configuration.exe
PRC - [2009/06/11 23:46:46 | 000,656,384 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2013/04/09 20:10:19 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll
MOD - [2013/04/09 19:33:25 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
MOD - [2013/04/09 19:33:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
MOD - [2013/04/09 19:33:07 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
MOD - [2013/04/09 19:33:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
MOD - [2013/04/09 19:33:03 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
MOD - [2013/04/09 19:32:58 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2012/11/12 02:44:33 | 000,390,144 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll
MOD - [2012/08/10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/08/10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll
MOD - [2012/01/08 09:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/04 18:43:47 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Status Lib\1.6.320.13950__f25c74fcad379103\Status Lib.dll
MOD - [2010/03/04 18:43:47 | 000,008,192 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\StatusInterfaces\1.6.320.13949__4ca2a925deedf37d\StatusInterfaces.dll
MOD - [2009/07/27 14:15:32 | 000,249,856 | ---- | M] () -- C:\Windows\System32\wxvault.dll
MOD - [2009/06/03 14:07:50 | 000,010,752 | ---- | M] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
MOD - [2008/11/12 15:24:40 | 000,004,608 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\TspPopup_ENU.dll

========== Services (SafeList) ==========

SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/11 03:35:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/11 20:43:08 | 001,622,016 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/06/03 14:15:24 | 001,019,904 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 15:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pcldws.sys -- (fyvs)
DRV - [2009/09/04 13:35:00 | 002,747,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTDVHDA.sys -- (IntcAzAudAddService)
DRV - [2009/07/27 14:17:56 | 000,200,192 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/06/26 18:01:00 | 009,777,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/20 08:34:56 | 000,273,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x)
DRV - [2009/05/11 13:55:12 | 000,084,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\basp.sys -- (Blfp)
DRV - [2008/06/04 16:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PBADRV.sys -- (PBADRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{422B43F1-8601-49D3-9051-457981D93595}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wargameroom.com/
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

[2012/03/19 21:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\Extensions
[2012/03/19 22:04:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bruce\AppData\Roaming\Mozilla\SeaMonkey\Profiles\1ds6cq78.default\extensions

========== Chrome  ==========

CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=4.0002002&barid={E984C565-7229-11E1-8984-002564C48480}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bruce\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bruce\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.30.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll ()
O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 10.21.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{613AD6BB-F17D-466E-A0CC-942107A53BD6}: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,049,648 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,649,864 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2012/10/10 19:00:10 | 000,567,944 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/14 02:39:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/04/29 15:31:17 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bruce\Desktop\dds.com
[2013/04/29 13:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 11
[2013/04/21 14:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/04/21 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/04/21 14:11:52 | 000,000,000 | ---D | C] -- C:\Program Files\Advanced System Protector
[2013/04/21 14:11:41 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Systweak
[2013/04/21 14:11:40 | 000,018,360 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2013/04/20 19:01:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/04/20 18:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/04/20 18:46:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/04/20 18:46:11 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/04/20 18:46:11 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/04/20 18:42:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/19 16:29:30 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\JavaRa-2.0
[2013/04/19 15:41:03 | 000,760,335 | ---- | C] (Farbar) -- C:\Users\Bruce\Desktop\MiniToolBox.exe
[2013/04/16 18:01:03 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/16 18:01:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/16 18:01:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/16 18:01:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/16 18:01:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/04/16 18:01:00 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/04/16 18:01:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/16 18:00:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/10/05 15:45:50 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bruce\tdsskiller.exe
[2012/03/06 19:45:57 | 088,210,392 | ---- | C] (Oracle Corporation) -- C:\Users\Bruce\jdk-7u3-windows-i586.exe

========== Files - Modified Within 30 Days ==========

[2013/05/14 02:39:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2013/05/14 02:30:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000UA.job
[2013/05/13 23:43:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2011915119-3138510129-4040441681-1000Core1ce279446effa99.job
[2013/05/08 14:56:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/08 14:56:38 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 21:45:04 | 000,000,907 | ---- | M] () -- C:\Windows\KEDITW.INI
[2013/05/01 14:15:49 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/01 14:15:49 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/01 14:13:15 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\AppData\Local\WavXMapDrive.bat
[2013/05/01 14:09:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 14:09:30 | 2615,382,016 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/30 18:23:10 | 236,261,939 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/04/29 15:31:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bruce\Desktop\dds.com
[2013/04/21 14:11:53 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/20 19:01:21 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/19 16:29:06 | 000,135,237 | ---- | M] () -- C:\Users\Bruce\Desktop\JavaRa-2.0.zip
[2013/04/19 15:47:32 | 000,613,083 | ---- | M] () -- C:\Users\Bruce\Desktop\AdwCleaner.exe
[2013/04/19 15:41:22 | 000,760,335 | ---- | M] (Farbar) -- C:\Users\Bruce\Desktop\MiniToolBox.exe
[2013/04/16 18:30:07 | 000,308,432 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/04/29 16:39:17 | 000,000,907 | ---- | C] () -- C:\Windows\KEDITW.INI
[2013/04/21 14:11:53 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/21 14:11:52 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe
[2013/04/20 19:01:21 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/20 19:01:21 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/04/19 16:29:04 | 000,135,237 | ---- | C] () -- C:\Users\Bruce\Desktop\JavaRa-2.0.zip
[2013/04/19 15:47:29 | 000,613,083 | ---- | C] () -- C:\Users\Bruce\Desktop\AdwCleaner.exe
[2012/04/06 01:08:22 | 000,000,667 | ---- | C] () -- C:\Users\Bruce\Bruce - Shortcut.lnk
[2010/12/08 21:47:17 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\AppData\Local\WavXMapDrive.bat

========== ZeroAccess Check ==========

[2012/11/21 20:54:54 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 16 May 2013 - 07:27 PM

Hi Bruce,

It looks like we did not run the OTL fix properly. Did you click on the Run Fix button after copying and pasting the information in the textbox? 


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 17 May 2013 - 03:17 PM

Hi Gary,

 

I thought I ran it correctly.  Should I try it again?

 

Bruce



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 17 May 2013 - 05:19 PM

Yes, we need to run it again. I am going to modify it just a bit. Please do this.

===================================================

Run OTL Fix
--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
PRC - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2013/05/07 15:44:10 | 000,006,656 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
MOD - [2012/11/12 02:44:33 | 000,390,144 | ---- | M] () -- C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\pcldws.sys -- (fyvs)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-2011915119-3138510129-4040441681-1000..\Run: [Adobe] C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll ()
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/11/21 20:54:54 | 000,002,048 | -HS- | M] () -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L
[2012/10/29 00:43:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U
[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
:files
C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp
:Commands
[emptyjava]
[emptyflash]
[emptytemp]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 18 May 2013 - 03:29 AM

Hi Gary,

 

I ran OTL again with the new parameters.  Here's the log file:

 

All processes killed
========== OTL ==========
No active process named nsFEBF.tmp was found!
Error: No service named fyvs was found to stop!
Service\Driver key fyvs not found.
File System32\drivers\pcldws.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_USERS\S-1-5-21-2011915119-3138510129-4040441681-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2011915119-3138510129-4040441681-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe not found.
File C:\Users\Bruce\AppData\Local\Diagnostics\Adobe\cupoouux.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\@ not found.
Folder C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\L\ not found.
Folder C:\$Recycle.Bin\S-1-5-18\$8dc559b60c0b7dddccfd67578824d176\U\ not found.
File C:\Windows\assembly\Desktop.ini not found.
========== FILES ==========
C:\Users\Bruce\AppData\Local\Temp\nskE584.tmp\nsFEBF.tmp moved successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Bruce
->Java cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bruce
->Flash cache emptied: 3038 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Bruce
->Temp folder emptied: 36363789 bytes
->Temporary Internet Files folder emptied: 402488123 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 47510077 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1314060 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1104701589 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 288415574 bytes
 
Total Files Cleaned = 1,794.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05182013_041929

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\hsperfdata_Bruce\4576 not found!
C:\Users\Bruce\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3CTF4VT\like[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3CTF4VT\xd_arbiter[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R3CTF4VT\xd_arbiter[2].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O3TTHHVM\like[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E9JD1694\xd_arbiter[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7347LY7Y\unable-to-run-lots-of-applications-such-as-java-applets-and-opening-pdfs[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IN0C41T\index[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4IN0C41T\si[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RXW5QRS\fastbutton[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RXW5QRS\unable-to-run-lots-of-applications-such-as-java-applets-and-opening-pdfs[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3RXW5QRS\xd_arbiter[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IUSFMCP\971703897[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IUSFMCP\chat[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IUSFMCP\fastbutton[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3IUSFMCP\push[1].htm moved successfully.
C:\Windows\temp\fla1068.tmp moved successfully.
C:\Windows\temp\fla2EFB.tmp moved successfully.
C:\Windows\temp\fla388D.tmp moved successfully.
C:\Windows\temp\fla420B.tmp moved successfully.
C:\Windows\temp\fla4D3B.tmp moved successfully.
C:\Windows\temp\fla6459.tmp moved successfully.
C:\Windows\temp\fla8869.tmp moved successfully.
C:\Windows\temp\flaAB8.tmp moved successfully.
C:\Windows\temp\flaB9FD.tmp moved successfully.
C:\Windows\temp\flaC9B5.tmp moved successfully.
C:\Windows\temp\flaD8.tmp moved successfully.
C:\Windows\temp\flaE929.tmp moved successfully.
C:\Windows\temp\flaF7E4.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 18 May 2013 - 09:43 AM

Hi Bruce,

It looks like you did in fact run it properly the first time but the report produced didn't show any verification of the modifications.

Shall I assume you are still experiencing the same issues?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 18 May 2013 - 05:05 PM

Hi Gary,

 

I am still having the problems.  Perhaps now a reinstall of Java and Adobe might fix things (in the past, it didn't)?

 

Bruce



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,782 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:11 PM

Posted 18 May 2013 - 06:08 PM

Hi Bruce,

Yes, please do that, but I would like you to do so with the below program.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
Java
Adobe
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did the program(s) uninstall properly?
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 brucewig

brucewig
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:07:11 PM

Posted 20 May 2013 - 12:30 AM

Hi Gary,

 

I ran Revo Uninstaller and it seemed to work OK.  I can't tell whether the computer is working OK without re-installing Adobe Reader and Java.  Should I do that?  Where's the best place to download the software?

Bruce






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users