Author Topic: [Inactive] Tried repairs, now slower start-up...Help, it's a friend's PC  (Read 7785 times)

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #15 on: December 26, 2013, 03:24:21 PM »
* Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:
Do not mouseclick combofix''s window while it''s running. That may cause it to stall

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #16 on: December 26, 2013, 04:14:22 PM »
Hmmm, I used RevoUninstaller-Advanced to remove IOBIT Surf Protection, SpyBot and SuperAntiSpyware, instead to turning them off, but now I had pop up the new hardware thingy, but when I went and checked SystemInfo, all I found in Problem Devices is: Problem Device=Not Available, Root\Legacy_SASUTIL\0000.

Also I don't know how to turn off Microsoft Security Essentials for the ComboFix scan, or do I need to?

Waiting upon your reply before starting Combo...
Joan in Reno

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #17 on: December 26, 2013, 05:31:48 PM »
I saw Bleeping Computer had a M$ Security Essentials Remover, should I use it before running Combo?

Thanks,
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #18 on: December 26, 2013, 08:04:20 PM »
Open MSE -> click Settings and under real-time protection -> uncheck the option Turn ON real-time protection

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #19 on: December 26, 2013, 10:53:07 PM »
Here's the ComboFix.txt, what's next?

Thanks,
Joan in Reno

ComboFix 13-12-26.01 - Owner 12/26/2013  20:26:42.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.1436 [GMT -8:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\offitems.log
c:\windows\system32\Cache
c:\windows\system32\Cache\121220b9ac74a303.fb
c:\windows\system32\Cache\12f1678e41c1c640.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3cd4468e35f597c1.fb
c:\windows\system32\Cache\3da3b6c5d5a33235.fb
c:\windows\system32\Cache\46d65f2aff6bf562.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\7207bdf8da6eb630.fb
c:\windows\system32\Cache\83dc1cd17364caa6.fb
c:\windows\system32\Cache\923a155c2491eec9.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\9f7971fbdb4d122d.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cb164ba7f983b7fd.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dab6fe7a0f2500bb.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\ece5d121f72439b1.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DEFAULTTABSEARCH
.
.
(((((((((((((((((((((((((   Files Created from 2013-11-27 to 2013-12-27  )))))))))))))))))))))))))))))))
.
.
2013-12-26 20:19 . 2013-12-04 02:57   7760024   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C69C35A4-168C-4B50-BFE6-87AB4C202198}\mpengine.dll
2013-12-24 18:21 . 2013-12-24 18:21   --------   d-----w-   c:\program files\iPod
2013-12-24 18:20 . 2013-12-24 18:23   --------   d-----w-   c:\program files\iTunes
2013-12-24 18:20 . 2013-12-24 18:23   --------   d-----w-   c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-24 18:07 . 2013-12-24 18:07   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2013-12-24 16:40 . 2013-12-24 16:41   --------   d-----w-   c:\program files\7-Zip
2013-12-24 16:10 . 2013-12-24 16:10   --------   d-----w-   c:\windows\ERUNT
2013-12-23 23:38 . 2013-12-04 02:57   7760024   ----a-w-   c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-23 22:30 . 2013-12-23 22:30   --------   d-----w-   c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2013-12-23 22:06 . 2013-12-23 22:06   388096   ----a-r-   c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-12-23 22:06 . 2013-12-23 22:06   --------   d-----w-   c:\program files\Trend Micro
2013-12-23 03:02 . 2013-12-23 03:02   --------   d-----w-   c:\documents and settings\Owner\LocalLow
2013-12-23 02:40 . 2013-12-23 02:57   --------   d-----w-   c:\documents and settings\All Users\Application Data\HitmanPro
2013-12-22 23:53 . 2013-12-24 19:56   --------   d-----w-   C:\AdwCleaner
2013-12-22 19:36 . 2013-12-22 19:37   --------   d-----w-   C:\5e0dc50bb1cabd6ea65ffe990a69f3
2013-12-22 18:05 . 2013-12-22 19:36   --------   d-----w-   c:\program files\Microsoft Silverlight
2013-12-22 18:05 . 2010-04-28 15:44   54760   ----a-w-   c:\windows\system32\drivers\fssfltr_tdi.sys
2013-12-22 18:04 . 2013-12-22 18:04   --------   d-----w-   c:\program files\Microsoft
2013-12-22 18:04 . 2013-12-22 18:04   --------   d-----w-   c:\program files\Windows Live SkyDrive
2013-12-22 18:03 . 2013-12-22 18:05   --------   d-----w-   c:\program files\Windows Live
2013-12-22 18:03 . 2013-12-22 18:03   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2013-12-22 17:58 . 2013-12-22 17:58   --------   d-----w-   c:\program files\Common Files\Windows Live
2013-12-21 23:39 . 2013-12-21 23:39   --------   d-sh--w-   c:\windows\system32\config\systemprofile\IETldCache
2013-12-21 23:08 . 2013-12-21 23:08   --------   d-----w-   c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2013-12-21 23:06 . 2013-12-21 23:06   --------   d-sh--w-   c:\documents and settings\Default User\IETldCache
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-24 16:34 . 2013-12-24 16:34   82944   ----a-w-   c:\windows\system32\drivers\WudfRd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   77568   ----a-w-   c:\windows\system32\drivers\WudfPf.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   4352   ----a-w-   c:\windows\system32\drivers\wmilib.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   38528   ----a-w-   c:\windows\system32\drivers\wpdusb.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   19200   ----a-w-   c:\windows\system32\drivers\WSTCODEC.SYS.bak
2013-12-24 16:34 . 2013-12-24 16:34   12032   ----a-w-   c:\windows\system32\drivers\ws2ifsl.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   83072   ----a-w-   c:\windows\system32\drivers\wdmaud.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   34560   ----a-w-   c:\windows\system32\drivers\wanarp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   25471   ----a-w-   c:\windows\system32\drivers\watv10nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   22271   ----a-w-   c:\windows\system32\drivers\watv06nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11935   ----a-w-   c:\windows\system32\drivers\wadv11nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11871   ----a-w-   c:\windows\system32\drivers\wadv09nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   81664   ----a-w-   c:\windows\system32\drivers\videoprt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   52352   ----a-w-   c:\windows\system32\drivers\volsnap.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   14208   ----a-w-   c:\windows\system32\drivers\wacompen.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11807   ----a-w-   c:\windows\system32\drivers\wadv07nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11295   ----a-w-   c:\windows\system32\drivers\wadv08nt.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   58112   ----a-w-   c:\windows\system32\drivers\vdmindvd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   42240   ----a-w-   c:\windows\system32\drivers\viaagp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   20992   ----a-w-   c:\windows\system32\drivers\vga.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   20608   ----a-w-   c:\windows\system32\drivers\usbuhci.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   123008   ----a-w-   c:\windows\system32\drivers\usbvideo.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   26368   ----a-w-   c:\windows\system32\drivers\usbstor.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   25856   ----a-w-   c:\windows\system32\drivers\usbprint.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   15872   ----a-w-   c:\windows\system32\drivers\usbintel.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   14976   ----a-w-   c:\windows\system32\drivers\usbscan.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   144128   ----a-w-   c:\windows\system32\drivers\usbport.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   59520   ----a-w-   c:\windows\system32\drivers\usbhub.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   5376   ----a-w-   c:\windows\system32\drivers\usbd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   32384   ----a-w-   c:\windows\system32\drivers\usbccgp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   30336   ----a-w-   c:\windows\system32\drivers\usbehci.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   25728   ----a-w-   c:\windows\system32\drivers\usbcamd2.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   25600   ----a-w-   c:\windows\system32\drivers\usbcamd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   60160   ----a-w-   c:\windows\system32\drivers\usbaudio.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   43520   ----a-w-   c:\windows\system32\drivers\usbaapl.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12928   ----a-w-   c:\windows\system32\drivers\usb8023x.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12928   ----a-w-   c:\windows\system32\drivers\usb8023.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   384768   ----a-w-   c:\windows\system32\drivers\update.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   66048   ----a-w-   c:\windows\system32\drivers\udfs.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   44672   ----a-w-   c:\windows\system32\drivers\uagp35.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12288   ----a-w-   c:\windows\system32\drivers\tunmp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   51712   ----a-w-   c:\windows\system32\drivers\tosdvd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   40840   ----a-w-   c:\windows\system32\drivers\termdd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   21896   ----a-w-   c:\windows\system32\drivers\tdtcp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   21376   ----a-w-   c:\windows\system32\drivers\tsbvcap.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   19072   ----a-w-   c:\windows\system32\drivers\tdi.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12040   ----a-w-   c:\windows\system32\drivers\tdpipe.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   361600   ----a-w-   c:\windows\system32\drivers\tcpip.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   226880   ----a-w-   c:\windows\system32\drivers\tcpip6.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   14976   ----a-w-   c:\windows\system32\drivers\tape.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   60800   ----a-w-   c:\windows\system32\drivers\sysaudio.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   56576   ----a-w-   c:\windows\system32\drivers\swmidi.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   49408   ----a-w-   c:\windows\system32\drivers\stream.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   4352   ----a-w-   c:\windows\system32\drivers\swenum.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   15232   ----a-w-   c:\windows\system32\drivers\StreamIP.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   73472   ----a-w-   c:\windows\system32\drivers\sr.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   6272   ----a-w-   c:\windows\system32\drivers\splitter.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   357888   ----a-w-   c:\windows\system32\drivers\srv.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   25344   ----a-w-   c:\windows\system32\drivers\sonydcam.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   14592   ----a-w-   c:\windows\system32\drivers\smclib.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   95424   ----a-w-   c:\windows\system32\drivers\slnthal.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   5888   ----a-w-   c:\windows\system32\drivers\smbali.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   13240   ----a-w-   c:\windows\system32\drivers\slwdmsup.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   404990   ----a-w-   c:\windows\system32\drivers\slntamr.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   40960   ----a-w-   c:\windows\system32\drivers\sisagp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   129535   ----a-w-   c:\windows\system32\drivers\slnt7554.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11136   ----a-w-   c:\windows\system32\drivers\SLIP.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11392   ----a-w-   c:\windows\system32\drivers\sfloppy.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   64512   ----a-w-   c:\windows\system32\drivers\serial.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   15744   ----a-w-   c:\windows\system32\drivers\serenum.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11904   ----a-w-   c:\windows\system32\drivers\sffdisk.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   11008   ----a-w-   c:\windows\system32\drivers\sffp_sd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   10240   ----a-w-   c:\windows\system32\drivers\sffp_mmc.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   96384   ----a-w-   c:\windows\system32\drivers\scsiport.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   79232   ----a-w-   c:\windows\system32\drivers\sdbus.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   20480   ----a-w-   c:\windows\system32\drivers\secdrv.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   166912   ----a-w-   c:\windows\system32\drivers\s3gnbm.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   4812288   ----a-w-   c:\windows\system32\drivers\RtkHDAud.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   5888   ----a-w-   c:\windows\system32\drivers\rootmdm.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   30592   ----a-w-   c:\windows\system32\drivers\rndismpx.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   30592   ----a-w-   c:\windows\system32\drivers\rndismp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   59136   ----a-w-   c:\windows\system32\drivers\rfcomm.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   57600   ----a-w-   c:\windows\system32\drivers\redbook.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   203136   ----a-w-   c:\windows\system32\drivers\rmcast.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12032   ----a-w-   c:\windows\system32\drivers\riodrv.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   12032   ----a-w-   c:\windows\system32\drivers\rio8drv.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   4224   ----a-w-   c:\windows\system32\drivers\rdpcdd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   196224   ----a-w-   c:\windows\system32\drivers\rdpdr.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   13776   ----a-w-   c:\windows\system32\drivers\recagent.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   48384   ----a-w-   c:\windows\system32\drivers\raspptp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   41472   ----a-w-   c:\windows\system32\drivers\raspppoe.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   34432   ----a-w-   c:\windows\system32\drivers\rawwan.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   175744   ----a-w-   c:\windows\system32\drivers\rdbss.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   16512   ----a-w-   c:\windows\system32\drivers\raspti.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   8832   ----a-w-   c:\windows\system32\drivers\rasacd.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   69120   ----a-w-   c:\windows\system32\drivers\psched.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   51328   ----a-w-   c:\windows\system32\drivers\rasl2tp.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   43872   ----a-w-   c:\windows\system32\drivers\pxhelp20.sys.bak
2013-12-24 16:34 . 2013-12-24 16:34   35840   ----a-w-   c:\windows\system32\drivers\processr.sys.bak
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-02 16851456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2012-09-13 204136]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1996-11-17 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE -b [1996-11-17 51984]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fliptoast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Fliptoast.lnk
backup=c:\windows\pss\Fliptoast.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\justin\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"c:\\WINDOWS\\system32\\dlcxcoms.exe"=
"c:\\Documents and Settings\\justin\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"58345:TCP"= 58345:TCP:Pando Media Booster
"58345:UDP"= 58345:UDP:Pando Media Booster
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 4:00 AM 14336]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [11/16/2013 3:48 PM 2151200]
S2 X4HSEx;X4HSEx;\??\c:\program files\Free Ride Games\X4HSEx.Sys --> c:\program files\Free Ride Games\X4HSEx.Sys [?]
S2 X4HSEx_Pr143;X4HSEx_Pr143;\??\c:\program files\Free Ride Games\X4HSEx_Pr143.Sys --> c:\program files\Free Ride Games\X4HSEx_Pr143.Sys [?]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [9/21/2012 11:08 AM 19688]
S3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 9:59 AM 206072]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ      Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-21 23:33   1210320   ----a-w-   c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 23:10]
.
2013-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-12-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005Core.job
- c:\documents and settings\justin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-21 22:02]
.
2013-12-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005UA.job
- c:\documents and settings\justin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-08-21 22:02]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 19:12]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-04 19:12]
.
2013-12-27 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-10-23 23:01]
.
2013-12-27 c:\windows\Tasks\User_Feed_Synchronization-{98475FA8-FEF2-49C0-ACCF-F537BEEE0ED5}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jasmine\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKU-Default-Run-Exetender - c:\program files\Free Ride Games\GPlayer.exe
MSConfigStartUp-Exetender - c:\program files\Free Ride Games\GPlayer.exe
AddRemove-Arcade Games_is1 - c:\program files\PageTheme\unins000.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files\Coupons\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-12-26 20:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrueSight]
"ImagePath"="\??\"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3016)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dlcxcoms.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft Office\Office\OSA.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2013-12-26  20:44:00 - machine was rebooted
ComboFix-quarantined-files.txt  2013-12-27 04:43
.
Pre-Run: 197,579,202,560 bytes free
Post-Run: 198,618,382,336 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
[spybotsd]
timeout.old=30
.
- - End Of File - - 24C7289CF98D6141721E90D411E344C9
8F558EB6672622401DA993E1E865C861

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #20 on: December 27, 2013, 08:41:24 AM »
Did that change in anyway how the computer us running?

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #21 on: December 27, 2013, 04:59:08 PM »
Very slow in the start-up steps to each person's desktop. I decided to click to check each user on the OTL quick scan.

Joan in Reno

OTL logfile created on: 12/27/2013 2:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.53% Memory free
3.84 Gb Paging File | 3.51 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 185.01 Gb Free Space | 79.46% Space Free | Partition Type: NTFS
 
Computer Name: F4E8F64AC3 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/27 14:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2013/10/23 15:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 14:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 17:07:04 | 000,537,480 | ---- | M] ( ) -- C:\WINDOWS\system32\dlcxcoms.exe
PRC - [1996/11/17 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
PRC - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/10/20 01:33:28 | 000,117,760 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlcxdrpp.dll
MOD - [1996/11/17 00:00:00 | 003,774,224 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1996/11/17 00:00:00 | 000,111,376 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
MOD - [1996/11/17 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/12/21 15:10:17 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 11:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/03 16:10:24 | 002,151,200 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/10/23 15:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/07/01 06:47:27 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 17:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\system32\dlcxcoms.exe -- (dlcx_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys -- (X4HSEx_Pr143)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Program Files\Free Ride Games\X4HSEx.Sys -- (X4HSEx)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (TrueSight)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/09/21 11:09:06 | 004,261,224 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/09/21 11:09:00 | 000,310,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2012/09/21 11:08:48 | 000,019,688 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvbusflt.sys -- (CompFilter)
DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/08/14 05:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/08/14 05:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/09/02 17:08:28 | 004,812,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2001/08/17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0A76357A-5774-EEE2-7B6E-0B75AD98372E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en
IE - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\..\SearchScopes\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: "URL" = http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}
IE - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20131118
FF - prefs.js..extensions.enabledAddons: %7B1ced4832-f06e-413f-aa14-9eb63ad40ace%7D:1.0.2
FF - prefs.js..extensions.enabledAddons: %7B1A2D0EC4-75F5-4c91-89C4-3656F6E44B68%7D:0.6.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@exent.com/npExentCtl,version=7.0.0.0: C:\Program Files\Free Ride Games\npExentCtl.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\www.exent.com/GameTreatWidget: C:\Program Files\Free Ride Games\NPGameTreatPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\Owner\Local Settings\Application Data\RobloxVersions\version-27973050fb3b494f\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Owner\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/12/23 14:30:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2013/12/23 14:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions
[2013/12/23 14:38:07 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/12/23 14:34:38 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions\en-US@dictionaries.addons.mozilla.org
[2013/12/23 14:38:07 | 000,096,207 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}.xpi
[2013/12/23 14:38:07 | 000,018,589 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}.xpi
[2013/12/23 14:33:57 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\f9do09cm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/23 14:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/23 14:29:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F9DO09CM.DEFAULT\EXTENSIONS\ADSREMOVAL@ADSREMOVAL.NET
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F9DO09CM.DEFAULT\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM
File not found (No name found) -- C:\PROGRAM FILES\IOBIT APPS TOOLBAR\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
 
O1 HOSTS File: ([2013/12/26 20:37:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {28272685-DF84-48D7-9589-F91A162B4E94} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {981E53BA-6DF4-4D99-8C33-6C398F5C139E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {28272685-DF84-48D7-9589-F91A162B4E94} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {7846AE31-BEA2-438A-8F5E-2D899361656C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {981E53BA-6DF4-4D99-8C33-6C398F5C139E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\jasmine\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290114763484 (WUWebControl Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}  (ExentInf Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A2DD734-0B02-4F87-BDAE-004C3E97F6C7}: DhcpNameServer = 192.168.50.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{855EF407-512C-414A-AFC5-80926CD3DC69}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/18 10:43:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/27 14:19:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/12/26 21:05:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Run-to-Remove-MS-AV
[2013/12/26 20:18:21 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/12/26 20:13:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/12/26 20:13:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/12/26 20:13:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/12/26 20:13:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/12/26 20:13:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/12/26 20:12:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/12/26 14:18:33 | 005,158,590 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/12/24 10:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/12/24 10:21:08 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/24 10:20:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/24 10:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/24 10:13:42 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/12/24 10:07:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2013/12/24 09:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\2zip-2
[2013/12/24 08:48:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\2zip-1
[2013/12/24 08:41:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2013/12/24 08:40:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/12/24 08:34:14 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2013/12/24 08:33:52 | 000,098,448 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2013/12/24 08:33:51 | 000,108,752 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2013/12/24 08:33:51 | 000,093,552 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2013/12/24 08:33:51 | 000,030,064 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2013/12/24 08:33:51 | 000,027,216 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2013/12/24 08:33:51 | 000,016,304 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2013/12/24 08:33:51 | 000,009,104 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2013/12/24 08:33:50 | 000,037,360 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2013/12/24 08:33:50 | 000,032,848 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2013/12/24 08:33:50 | 000,014,576 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2013/12/24 08:33:36 | 001,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys.bak
[2013/12/24 08:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RK_Quarantine
[2013/12/24 08:10:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/12/24 08:05:47 | 001,034,531 | ---- | C] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/12/24 07:50:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\tasks\ImCleanDisabled
[2013/12/24 06:33:00 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/12/23 14:53:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/12/23 14:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla
[2013/12/23 14:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2013/12/23 14:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2013/12/23 14:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/12/23 14:06:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\HiJackThis
[2013/12/23 14:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013/12/22 19:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\LocalLow
[2013/12/22 18:40:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/12/22 15:53:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/22 11:36:12 | 000,000,000 | ---D | C] -- C:\5e0dc50bb1cabd6ea65ffe990a69f3
[2013/12/22 10:07:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/12/22 10:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/12/22 10:04:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2013/12/22 10:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/12/22 10:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2013/12/22 10:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2013/12/22 10:03:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/12/22 10:03:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/12/22 09:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2013/12/21 20:06:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ProcAlyzer Dumps
[2013/12/21 15:40:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/12/21 15:08:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2013/12/21 15:08:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2013/12/21 15:08:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/27 14:28:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{98475FA8-FEF2-49C0-ACCF-F537BEEE0ED5}.job
[2013/12/27 14:27:55 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/12/27 14:19:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2013/12/27 14:17:37 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/27 14:17:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/26 21:09:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/26 21:07:00 | 000,001,002 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005UA.job
[2013/12/26 20:37:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/12/26 20:18:31 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2013/12/26 16:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/26 16:04:21 | 000,004,717 | -H-- | M] () -- C:\ffastun.ffa
[2013/12/26 16:04:20 | 004,861,952 | -H-- | M] () -- C:\ffastun0.ffx
[2013/12/26 16:04:20 | 000,598,016 | -H-- | M] () -- C:\ffastun.ffl
[2013/12/26 16:04:20 | 000,200,704 | -H-- | M] () -- C:\ffastun.ffo
[2013/12/26 15:07:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-1275210071-2052111302-839522115-1005Core.job
[2013/12/26 14:18:47 | 005,158,590 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2013/12/26 14:04:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/26 13:55:57 | 000,001,025 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/12/24 10:23:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/12/24 10:07:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/24 08:34:14 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys.bak
[2013/12/24 08:33:52 | 000,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDF_M.SYS.bak
[2013/12/24 08:33:52 | 000,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAUDFAM.SYS.bak
[2013/12/24 08:33:51 | 000,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAIFS_M.SYS.bak
[2013/12/24 08:33:51 | 000,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS.bak
[2013/12/24 08:33:51 | 000,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAOPIOM.SYS.bak
[2013/12/24 08:33:51 | 000,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLAPoolM.SYS.bak
[2013/12/24 08:33:51 | 000,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLADResM.SYS.bak
[2013/12/24 08:33:50 | 000,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABMFSM.SYS.bak
[2013/12/24 08:33:50 | 000,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLABOIOM.SYS.bak
[2013/12/24 08:33:50 | 000,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS.bak
[2013/12/24 08:33:36 | 001,684,736 | ---- | M] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys.bak
[2013/12/24 08:08:31 | 000,001,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Admin-next-steps.rtf
[2013/12/24 08:05:59 | 003,770,368 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/12/24 08:05:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Documents and Settings\Owner\Desktop\JRT.exe
[2013/12/24 06:33:09 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner\Desktop\dds.com
[2013/12/23 23:36:05 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Guest's Documents.lnk
[2013/12/23 23:28:52 | 000,000,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwCleaner.lnk
[2013/12/23 14:30:02 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/23 14:29:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/23 14:06:33 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2013/12/22 22:28:49 | 000,021,094 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2013/12/22 11:52:08 | 000,502,966 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/22 11:52:08 | 000,088,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/22 11:46:46 | 000,111,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/21 22:15:46 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/21 20:06:12 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2013/12/21 20:05:48 | 000,450,543 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20131222-204106.backup
[2013/12/21 15:40:57 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/11/30 06:51:16 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/12/26 20:18:31 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2013/12/26 20:18:25 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/12/26 20:13:47 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/12/26 20:13:47 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/12/26 20:13:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/12/26 20:13:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/12/26 20:13:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/12/24 10:23:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/12/24 08:08:31 | 000,001,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Admin-next-steps.rtf
[2013/12/24 08:05:58 | 003,770,368 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\RogueKiller.exe
[2013/12/23 23:36:05 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Guest's Documents.lnk
[2013/12/23 23:28:52 | 000,000,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwCleaner.lnk
[2013/12/23 14:30:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/23 14:29:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/23 14:29:56 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/23 14:06:16 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HiJackThis.lnk
[2013/12/22 18:57:26 | 000,021,094 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2013/12/21 15:40:57 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/09/17 08:14:06 | 000,000,061 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2012/09/21 11:08:36 | 010,919,784 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/09/21 11:08:36 | 000,338,136 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/09/21 11:08:36 | 000,103,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2012/09/21 10:48:30 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/03/17 20:34:35 | 000,000,064 | ---- | C] () -- C:\WINDOWS\GPlrLanc.dat
[2012/02/23 08:02:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2012/02/14 21:31:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/12/04 20:22:18 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2010/11/18 13:09:24 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/09/09 06:16:30 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 04:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/11/17 17:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2013/12/24 10:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/08 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\20351
[2013/02/14 18:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2E38A
[2012/03/17 23:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\353C8
[2013/09/18 15:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/06/17 08:03:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2013/03/03 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2013/12/22 18:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HitmanPro
[2013/12/22 19:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2013/11/15 19:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/01/07 20:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2013/11/16 15:48:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProductData
[2010/11/19 09:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2012/05/31 00:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2013/11/16 15:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
[2011/10/20 18:52:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/28 20:34:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\com.w3i.FlipToast
[2011/10/21 20:43:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\FCTB000060231
[2011/12/10 20:42:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\mediabarbs
[2011/12/10 20:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\wincorebsband
[2012/03/18 22:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\com.w3i.FlipToast
[2012/03/31 15:42:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\Exent Technologies
[2011/07/31 19:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\FCTB000060231
[2013/11/17 13:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\IMVU
[2013/11/17 10:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\IMVUClient
[2013/11/17 10:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\IObit
[2011/11/11 12:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\mediabarbs
[2011/11/10 18:36:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jasmine\Application Data\wincorebsband
[2012/03/17 20:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\com.w3i.fliptoast
[2011/07/31 19:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\FCTB000060231
[2013/02/04 21:31:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\IMVU
[2012/04/05 17:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\IMVUClient
[2013/11/17 14:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\IObit
[2011/11/07 23:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\mediabarbs
[2011/07/31 12:16:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\PowerChallenge
[2011/01/07 20:09:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\Sony Online Entertainment
[2010/12/21 17:05:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\Unity
[2012/03/17 20:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\W3i, LLC
[2011/11/07 23:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\justin\Application Data\wincorebsband
[2013/09/18 08:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\FCTB000060231
[2013/09/18 08:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\mediabarbs
[2013/09/18 08:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\wincorebsband
[2010/11/18 16:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2013/11/15 18:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.w3i.FlipToast
[2013/03/03 11:25:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Exent Technologies
[2013/12/22 22:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2013/05/25 20:03:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2011/11/13 20:39:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mediabarbs
[2013/11/15 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TuneUp Software
[2013/07/10 09:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Unity
[2012/05/31 00:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WildTangent
[2011/11/13 20:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\wincorebsband
[2012/04/12 15:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YMCMB\Application Data\com.w3i.FlipToast
[2012/04/12 16:03:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\YMCMB\Application Data\mediabarbs
 
========== Purity Check ==========
 
 

< End of report >

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #22 on: December 27, 2013, 05:00:11 PM »
Here's Extra.txt

Joan in Reno

OTL Extras logfile created on: 12/27/2013 2:25:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 74.53% Memory free
3.84 Gb Paging File | 3.51 Gb Available in Paging File | 91.46% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 185.01 Gb Free Space | 79.46% Space Free | Partition Type: NTFS
 
Computer Name: F4E8F64AC3 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58345:TCP" = 58345:TCP:*:Enabled:Pando Media Booster
"58345:UDP" = 58345:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"58345:TCP" = 58345:TCP:*:Enabled:Pando Media Booster
"58345:UDP" = 58345:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Documents and Settings\justin\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\justin\Local Settings\Application Data\Akamai\netsession_win.exe:*:Enabled:Akamai NetSession Interface -- (Akamai Technologies, Inc.)
"C:\WINDOWS\system32\dlcxcoms.exe" = C:\WINDOWS\system32\dlcxcoms.exe:*:Enabled:Dell 926 Server -- ( )
"C:\Documents and Settings\justin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\justin\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{31034EBB-00BB-4703-00AB-3EB127F9EEDB}" = Madden NFL 2005
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41042E28-CCA1-4147-869F-9E928B38F04C}" = Adobe Flash Player 11 ActiveX
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{53646626-11D9-33C6-8BB1-472536192DC4}" = Google Talk Plugin
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F83DD803-2467-4D07-9D6F-87AF0434410A}" = Adobe Flash Player 11 Plugin
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Akamai" = Akamai NetSession Interface Service
"ATT-PRT22" = ATT-PRT22
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"exent_472250" = 10 Talismans
"exent_575350" = Build-a-lot 2: Town of the Year
"exent_586350" = 7 Wonders II
"exent_668750" = Insider Tales: Vanished in Rome
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 2.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InterActual Player" = InterActual Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office8.0" = Microsoft Office 97, Professional Edition
"Revo Uninstaller" = Revo Uninstaller 1.95
"VLC media player" = VLC media player 2.1.1
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WolfTeam" = WolfTeam
"WTA-4c13f635-1ed4-4361-ab80-ff6746b75288" = Bus Driver
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1275210071-2052111302-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Owner
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/21/2013 8:58:17 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.02)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 8:58:17 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.01)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 8:58:17 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.03)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 9:35:23 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.05)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 9:35:23 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.04)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 9:35:23 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.02)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 9:35:23 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.01)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/21/2013 9:35:23 PM | Computer Name = F4E8F64AC3 | Source = MsiInstaller | ID = 1024
Description = Product: Adobe Reader XI (11.0.05) - Update 'Adobe Reader XI (11.0.03)'
 could not be installed. Error code 1638. Windows Installer can create logs to help
 troubleshoot issues with installing software packages. Use the following link for
 instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error - 12/22/2013 7:41:11 PM | Computer Name = F4E8F64AC3 | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
 P2 1.1.10201.0, P3 1.165.423.0, P4 1.165.423.0, P5 unknown, P6 NIL, P7 NIL, P8
NIL, P9 NIL, P10 NIL.
 
Error - 12/27/2013 12:11:36 AM | Computer Name = F4E8F64AC3 | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 unspecified, P2 hardeningtelemetry, P3 hardeningtelemetrydisablertp,
 P4 4.4.304.0, P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10
 NIL.
 
[ System Events ]
Error - 12/26/2013 6:03:11 PM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 12/27/2013 12:11:10 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx service failed to start due to the following error:   %%3
 
Error - 12/27/2013 12:11:10 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx_Pr143 service failed to start due to the following error:
   %%3
 
Error - 12/27/2013 12:11:54 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 12/27/2013 12:37:34 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx service failed to start due to the following error:   %%3
 
Error - 12/27/2013 12:37:34 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx_Pr143 service failed to start due to the following error:
   %%3
 
Error - 12/27/2013 12:38:26 AM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly.  It has done this
1 time(s).
 
Error - 12/27/2013 6:17:55 PM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx service failed to start due to the following error:   %%3
 
Error - 12/27/2013 6:17:55 PM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7000
Description = The X4HSEx_Pr143 service failed to start due to the following error:
   %%3
 
Error - 12/27/2013 6:18:46 PM | Computer Name = F4E8F64AC3 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly.  It has done this
1 time(s).
 
 
< End of report >

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #23 on: December 27, 2013, 06:17:18 PM »
Is it alright to shut it down and rescan to remove anything OTL found? Or is there other stuff to do to it?

Thanks for all the help, maybe giving away my old TV and 5 computers with Linux last night will bring me some good luck in the new year.

Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #24 on: December 27, 2013, 07:28:26 PM »
As soon as I go thru the log, I will give you instructions on how to proceed. If you need to reboot for any other reason, go ahead.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #25 on: December 27, 2013, 09:33:50 PM »
In going thru your OTL logs I am seeing some peculiar things. I need you to check a few more items.

Open a command prompt (all programs > Accessories > Command Prompt) and type in
Ipconfig /all > ipconfig.txt and then hit enter. Then type in ipconfig.txt to open notepad with the log. Copy it and paste it in to your next response.

Also I need to look at your event viewer logs again. Can you please follow the instructions I posted before and attach the same two event viewer logs.

Also please uninstall all the IOBit software you have installed.

And can you tell me, do you have an Windows XP install disc? XP Home. If you do, do you have access to a clean computer with a CD burner and a broadband internet connection?

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #26 on: December 27, 2013, 11:03:27 PM »
Here's the ipconfig.txt. I did remove all IOBit, but perhaps because I removed their Uninstaller prior to the rest with Revo, they left their directories in tact. So I was resorted to delete from Windows Explorer. Should I run Ccleaner to be sure?

I have a WinXP Home with Sp2 that I never installed, it says it's for a new PC, I only tried a repair once, but couldn't get it to work like all my other CDs of WinXPpro that I have. However, my WinXP and Win7 computers are badly out-of-date, I just can do most of what I want on Linux these days. Is she going to be out of luck and I have to try to put Dell Vista on this if it has enough RAM or regular Win7. I can try on another hard drive if I have to, since I copied most of their stuff off already via Puppy Linux.

I'll try to backtrack and find that Event Viewer stuff again.

Joan in Reno


Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Owner>ipconfig /all > ipconfig.txt

C:\Documents and Settings\Owner>type ipconfig.txt

Windows IP Configuration

        Host Name . . . . . . . . . . . . : f4e8f64ac3
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Broadcast
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : att.net

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . : att.net
        Description . . . . . . . . . . . : Intel(R) 82562V-2 10/100 Network Con
nection
        Physical Address. . . . . . . . . : 00-1D-09-9E-3E-D4
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.64
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.254
        DHCP Server . . . . . . . . . . . : 192.168.1.254
        DNS Servers . . . . . . . . . . . : 192.168.1.254
        Lease Obtained. . . . . . . . . . : Friday, December 27, 2013 8:46:28 PM

        Lease Expires . . . . . . . . . . : Friday, December 27, 2013 8:46:58 PM


C:\Documents and Settings\Owner>

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #27 on: December 27, 2013, 11:17:24 PM »
Here's the files zipped you wanted...hope we can figure this all out...

Thanks,
Joan in Reno

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27056
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #28 on: December 28, 2013, 10:43:52 AM »
The XP CD that you have, does it have a holograph graphic on the front of the CD? If it is, then we can use it to create the disc we can use to repair the computer. At worst, we can use it to reinstall windows.

The file you attached had nothing in it. Please try again. If you are having a hard time zipping them up, I can give you an alternate to get me the files. I need to take a look at those logs to see if the repair is the next best step.


Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline ChiJoan

  • Bronze Member
  • Posts: 94
Re: [In Progress] Tried repairs, now slower start-up...Help, it's a friend's PC
« Reply #29 on: December 28, 2013, 01:30:16 PM »
Perhaps what you had me do has helped, it seemed faster this time, and network 2 was auto popped up, which is usual for bringing another PC here that has been set up to work elsewhere. Anyway, I tested the zip file and it saw the 2 files inside, I don't know what happened last time.

As to the WinXP Home CD it looks kind of orange and the skinny manual in the plastic sleeve has the blue-green OEM sticker like on computers. If you tilt the CD it sort of looks like it has a blue screen on the upper right top, is this what you mean?

Anything I need to re-run for you?
Joan in Reno

 

Click Here