« previous next »
Pages: [1]

Author Topic: Bot traffic detected?  (Read 1704 times)

Vannpat

  • Posts: 15
    • View Profile
Bot traffic detected?
« on: January 14, 2014, 10:18:33 PM »

i keep receiving my ISP, AT&T, that they \"have received information that one or more devices using your internet connection may be part of a zombie network (\"botnet\")\"  They give the IP address that the the bot traffic was observed on, which is my public IP address. Help!


Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Bot traffic detected?
« Reply #1 on: January 15, 2014, 10:17:11 AM »
How often have you received this email notification?
This could possibly be spam your receiving and not actually legit email.
But let\'s do the following:
Download [color=\"#FF0000\"]OTL.exe[/color][/url] by OldTimer to your Desktop.
  • Close all windows and double click on OTL.exe to run it
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.

Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Vannpat

  • Posts: 15
    • View Profile
Bot traffic detected?
« Reply #2 on: January 16, 2014, 12:36:32 PM »

OTL logfile created on: 1/16/2014 11:09:23 AM - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Felicia\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 29.28% Memory free

7.93 Gb Paging File | 3.74 Gb Available in Paging File | 47.16% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 517.33 Gb Free Space | 88.97% Space Free | Partition Type: NTFS

 

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/16 11:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/08/06 22:14:57 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe

PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe

PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\\Program Files (x86)\\RealNetworks\\RealDownloader\\rndlresolversvc.exe

PRC - [2009/08/14 19:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe

PRC - [2009/08/14 19:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnat.exe

PRC - [2009/08/14 19:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe

PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe

PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe

PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe

PRC - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe -- (DockLoginService)

SRV - [2013/12/21 19:09:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/10 20:57:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/07/19 05:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\\Users\\Felicia\\AppData\\Local\\Temp\\7zS7294\\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\RealNetworks\\RealDownloader\\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell DataSafe Local Backup\\SftService.exe -- (SftService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/14 19:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2009/08/14 19:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnat.exe -- (VMware NAT Service)

SRV - [2009/08/14 19:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe -- (VMAuthdService)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe -- (IAANTMON)

SRV - [2008/12/01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe -- (ufad-ws60)

SRV - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/14 19:20:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\hcmon.sys -- (hcmon)

DRV:64bit: - [2009/08/14 19:20:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2009/08/14 19:20:44 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmci.sys -- (vmci)

DRV:64bit: - [2009/08/14 19:20:44 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2009/08/14 19:14:28 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmx86.sys -- (vmx86)

DRV:64bit: - [2009/08/14 12:40:04 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2009/08/14 12:40:04 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2009/07/30 21:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 10:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2009/06/17 10:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/26 06:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WimFltr.sys -- (WimFltr)

DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASENUM.SYS -- (SASENUM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

DRV - [2008/12/01 10:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope =

IE:64bit: - HKLM\\..\\SearchScopes\\{5AAEB2D7-D0EB-47E4-94BF-54BC862E9E8F}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\..\\SearchScopes\\{A136A9CC-255C-4131-AAB3-7407C8B4C1E5}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://att.my.yahoo.com/\'>http://att.my.yahoo.com/

IE - HKCU\\..\\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll (Yahoo! Inc.)

IE - HKCU\\..\\SearchScopes,DefaultScope = {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}

IE - HKCU\\..\\SearchScopes\\{03B0EE02-7915-4D0C-BAE9-17A3827F4713}: \"URL\" = http://search.yahoo.com/search?fr=mcafee&p=%7BSearchTerms\'>http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7&rlz=1I7ADSA_en\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en

IE - HKCU\\..\\SearchScopes\\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: \"URL\" = http://search.yahoo.com/search?fr=chr-atty&p=%7BsearchTerms\'>http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.43

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - user.js - File not found

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw_1205146.dll (Adobe Systems, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@mcafee.com/MVT: C:\\Program Files (x86)\\McAfee\\Supportability\\MVT\\NPMVTPlugin.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3555.0308: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nppl3260;version=16.0.2.32: C:\\Program Files (x86)\\Real\\RealPlayer\\Netscape6\\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\MozillaPlugins\\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\MozillaPlugins\\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\MozillaPlugins\\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@real.com/nprpplugin;version=16.0.2.32: C:\\Program Files (x86)\\Real\\RealPlayer\\Netscape6\\nprpplugin.dll (RealPlayer)

FF - HKLM\\Software\\MozillaPlugins\\@realnetworks.com/npdlplugin;version=1: C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\npdlplugin.dll (RealDownloader)

FF - HKLM\\Software\\MozillaPlugins\\Adobe Reader: C:\\Program Files (x86)\\Adobe\\Reader 11.0\\Reader\\AIR\\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Firefox\\Extensions\\\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\Firefox\\Ext\\ [2013/08/06 22:15:33 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2013/12/21 19:09:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/16 10:08:45 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Components: C:\\Program Files (x86)\\Mozilla Firefox\\components [2013/12/21 19:09:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\\software\\mozilla\\Mozilla Firefox 26.0\\extensions\\\\Plugins: C:\\Program Files (x86)\\Mozilla Firefox\\plugins [2014/01/16 10:08:45 | 000,000,000 | ---D | M]

 

[2013/08/06 20:33:46 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Felicia\\AppData\\Roaming\\Mozilla\\Extensions

[2013/12/12 21:52:19 | 000,000,000 | ---D | M] (No name found) -- C:\\Users\\Felicia\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\vy0vsd08.default\\extensions

[2013/12/12 21:52:19 | 000,000,000 | ---D | M] (KeyBar 1.8) -- C:\\Users\\Felicia\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\vy0vsd08.default\\extensions\\{9ed31f84-c8b3-4926-b950-dff74047ff79}

[2013/10/24 18:50:03 | 000,000,000 | ---D | M] (Tube Dimmer) -- C:\\Users\\Felicia\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\vy0vsd08.default\\extensions\\[email protected]

[2013/10/24 18:38:10 | 000,000,997 | ---- | M] () -- C:\\Users\\Felicia\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\vy0vsd08.default\\searchplugins\\conduit.xml

[2013/12/21 19:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\extensions

[2013/12/21 19:09:00 | 000,000,000 | ---D | M] (No name found) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions

[2013/12/21 19:09:29 | 000,000,000 | ---D | M] (Default) -- C:\\Program Files (x86)\\Mozilla Firefox\\browser\\extensions\\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/08/06 22:15:04 | 000,124,504 | ---- | M] (RealPlayer) -- C:\\Program Files (x86)\\mozilla firefox\\plugins\\nprpplugin.dll

[2011/03/24 09:07:32 | 000,002,024 | ---- | M] () -- C:\\Program Files (x86)\\mozilla firefox\\searchplugins\\McSiteAdvisor.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313\'>http://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=022313

CHR - Extension: Google Docs = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.5_0\\

CHR - Extension: Google Drive = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\6.3_0\\

CHR - Extension: YouTube = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.6_0\\

CHR - Extension: Google Search = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\coobgpohoikkiipiblmjeljniedjpjpf\\0.0.0.20_0\\

CHR - Extension: SiteAdvisor = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\fheoggkfdfchfphceeifdbepaooicaho\\3.6.3.1271_0\\

CHR - Extension: RealDownloader = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\idhngdhcfkoamngbedgpaokgjbnpdiji\\1.3.2_0\\

CHR - Extension: Google Wallet = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\0.0.6.0_1\\

CHR - Extension: Gmail = C:\\Users\\Felicia\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\7_0\\

 

O1 HOSTS File: ([2013/07/02 16:42:43 | 000,000,027 | ---- | M]) - C:\\Windows\\SysNative\\drivers\\etc\\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll File not found

O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\\ProgramData\\RealNetworks\\RealDownloader\\BrowserPlugins\\IE\\rndlbrowserrecordplugin.dll (RealDownloader)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\Program Files (x86)\\Java\\jre7\\bin\\ssv.dll (Oracle Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\\Program Files (x86)\\Java\\jre7\\bin\\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn\\YTSingleInstance.dll (Yahoo! Inc)

O3:64bit: - HKLM\\..\\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\\Program Files (x86)\\Epson Software\\Easy Photo Print\\EPTBL.dll File not found

O3 - HKLM\\..\\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll (Yahoo! Inc.)

O3 - HKLM\\..\\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\\..\\Toolbar\\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.

O4:64bit: - HKLM..\\Run: [IAAnotif] C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [IgfxTray] C:\\Windows\\SysNative\\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [Kernel and Hardware Abstraction Layer] C:\\Windows\\KHALMNPR.Exe (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [Logitech Download Assistant] C:\\Windows\\SysNative\\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\\Run: [MSC] c:\\Program Files\\Microsoft Security Client\\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\\Run: [Persistence] C:\\Windows\\SysNative\\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\\Run: [RtHDVCpl] C:\\Program Files\\Realtek\\Audio\\HDA\\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\\Run: [APSDaemon] C:\\Program Files (x86)\\Common Files\\Apple\\Apple Application Support\\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\\Run: [TkBellExe] C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\\Run: [CmTray] C:\\Users\\Felicia\\AppData\\Roaming\\Content Manager\\launchCM.exe ()

O4 - HKLM..\\RunOnce: [\"C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe\"] C:\\Program Files (x86)\\Dell DataSafe Local Backup\\Components\\DSUpdate\\DSUpdate.exe (Dell)

O4 - Startup: C:\\Users\\Felicia\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Dell Dock.lnk =  File not found

O6 - HKLM\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Control Panel present

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDriveTypeAutoRun = 157

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\Explorer: NoDrives = 0

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: LogonHoursAction = 2

O7 - HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\policies\\System: DontDisplayLogonHoursWarnings = 1



O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\\Catalog_Entries64\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\x64\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000011 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\\Catalog_Entries\\000000000012 - C:\\Program Files (x86)\\VMware\\VMware Player\\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\\..Trusted Domains: alpineaccess.com ([]* in Trusted sites)

O15 - HKCU\\..Trusted Domains: alpineaccess.net ([]* in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range1 ([http] in Trusted sites)

O15 - HKCU\\..Trusted Ranges: Range2 ([http] in Trusted sites)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab\'>http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {315B0BFB-2BD4-481B-80A3-A9B80727C61B} http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID=%7B896A23A1-5821-4609-A6C6-6D5536C585C9\'>http://webiq005.webiqonline.com/WebIQ/DataServer/DataServer.dll?Handler=GetEngineDistribution&EDID={896A23A1-5821-4609-A6C6-6D5536C585C9} (WebIQ Engine Application Object)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab\'>http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell.com/systemprofiler/SysProExe.CAB\'>http://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442\'>http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1274551454442 (MUCatalogWebControl Class)

O16 - DPF: {66F7F252-3FE1-4650-B1E5-94B2A38271C5} http://treehouse.no-ip.biz/ActiveView.cab\'>http://treehouse.no-ip.biz/ActiveView.cab (ActiveView Control)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB\'>http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab\'>http://games.att.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab\'>http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{28C31212-6713-4A47-8872-34C779D8B726}: NameServer = 10.124.6.3,10.124.3.2

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{471273CC-2F13-4283-A8E4-077C3C484F05}: DhcpNameServer = 192.168.1.254

O17 - HKLM\\System\\CCS\\Services\\Tcpip\\Parameters\\Interfaces\\{47AF739C-9211-470F-8886-1F12156AA75E}: NameServer = 10.124.6.3,10.124.3.2

O18:64bit: - Protocol\\Handler\\ms-help - No CLSID value found

O18:64bit: - Protocol\\Handler\\ms-itss - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\\Handler\\wlpg - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\\Windows\\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysNative\\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\\Windows\\SysWow64\\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\\Windows\\system32\\userinit.exe) - C:\\Windows\\SysWOW64\\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\\Notify\\GoToAssist: DllName - (C:\\Program Files (x86)\\Citrix\\GoToAssist\\514\\G2AWinLogon_x64.dll) -  File not found

O20:64bit: - Winlogon\\Notify\\igfxcui: DllName - (igfxdev.dll) - C:\\Windows\\SysNative\\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\\Notify\\LBTWlgn: DllName - (c:\\program files\\common files\\logishrd\\bluetooth\\LBTWlgn.dll) - c:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTWLgn.dll (Logitech, Inc.)

O20 - Winlogon\\Notify\\!SASWinLogon: DllName - (C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll) - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASWINLO.dll (SUPERAntiSpyware.com)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\\Program Files (x86)\\SUPERAntiSpyware\\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\\..comfile [open] -- \"%1\" %*

O35:64bit: - HKLM\\..exefile [open] -- \"%1\" %*

O35 - HKLM\\..comfile [open] -- \"%1\" %*

O35 - HKLM\\..exefile [open] -- \"%1\" %*

O37:64bit: - HKLM\\...com [@ = ComFile] -- \"%1\" %*

O37:64bit: - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O37 - HKLM\\...com [@ = ComFile] -- \"%1\" %*

O37 - HKLM\\...exe [@ = exefile] -- \"%1\" %*

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/16 11:08:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

[2014/01/16 09:17:41 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\McAfee Security Scan Plus

[2014/01/16 09:17:38 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\McAfee Security Scan

[2014/01/16 00:57:50 | 000,000,000 | ---D | C] -- C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\McAfee

[2014/01/14 22:22:27 | 000,000,000 | ---D | C] -- C:\\Program Files\\McAfee.com

[2014/01/14 22:22:27 | 000,000,000 | ---D | C] -- C:\\Program Files\\McAfee

[2014/01/14 22:22:22 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\McAfee

[2014/01/14 21:29:20 | 000,000,000 | ---D | C] -- C:\\Program Files\\Common Files\\McAfee

[2014/01/12 16:44:31 | 000,000,000 | ---D | C] -- C:\\ProgramData\\HPSSUPPLY

[2014/01/11 22:58:16 | 000,000,000 | ---D | C] -- C:\\Program Files\\Microsoft Silverlight

[2014/01/11 22:58:16 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Microsoft Silverlight

[2013/12/30 21:43:03 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\AppData\\Roaming\\PCHC

[2013/12/24 21:43:17 | 000,000,000 | ---D | C] -- C:\\Users\\Felicia\\AppData\\Local\\{59D4B796-5903-43EA-8562-2DD263B4CA6A}

[2013/12/21 19:09:00 | 000,000,000 | ---D | C] -- C:\\Program Files (x86)\\Mozilla Firefox

[2 C:\\Users\\Felicia\\AppData\\Local\\*.tmp files -> C:\\Users\\Felicia\\AppData\\Local\\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/16 11:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

[2014/01/16 10:57:00 | 000,000,830 | ---- | M] () -- C:\\Windows\\tasks\\Adobe Flash Player Updater.job

[2014/01/16 10:12:29 | 000,022,464 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/01/16 10:12:29 | 000,022,464 | -H-- | M] () -- C:\\Windows\\SysNative\\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/01/16 10:04:39 | 000,067,584 | --S- | M] () -- C:\\Windows\\bootstat.dat

[2014/01/16 10:04:28 | 3193,688,064 | -HS- | M] () -- C:\\hiberfil.sys

[2014/01/16 10:03:05 | 000,000,000 | -H-- | M] () -- C:\\Windows\\SysNative\\drivers\\Msft_Kernel_LUsbFilt_01005.Wdf

[2 C:\\Users\\Felicia\\AppData\\Local\\*.tmp files -> C:\\Users\\Felicia\\AppData\\Local\\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/16 10:03:05 | 000,000,000 | -H-- | C] () -- C:\\Windows\\SysNative\\drivers\\Msft_Kernel_LUsbFilt_01005.Wdf

[2013/08/29 23:42:10 | 000,203,703 | ---- | C] () -- C:\\Windows\\hpwins26.dat.temp

[2013/08/29 23:42:10 | 000,000,370 | ---- | C] () -- C:\\Windows\\hpwmdl26.dat.temp

[2013/08/29 22:45:56 | 000,204,350 | ---- | C] () -- C:\\Windows\\hpwins26.dat

[2013/08/29 22:45:55 | 000,000,370 | ---- | C] () -- C:\\Windows\\hpwmdl26.dat

[2013/07/02 16:34:16 | 000,256,000 | ---- | C] () -- C:\\Windows\\PEV.exe

[2013/07/02 16:34:16 | 000,208,896 | ---- | C] () -- C:\\Windows\\MBR.exe

[2013/07/02 16:34:16 | 000,098,816 | ---- | C] () -- C:\\Windows\\sed.exe

[2013/07/02 16:34:16 | 000,080,412 | ---- | C] () -- C:\\Windows\\grep.exe

[2013/07/02 16:34:16 | 000,068,096 | ---- | C] () -- C:\\Windows\\zip.exe

[2013/06/27 21:34:47 | 000,000,151 | ---- | C] () -- C:\\Windows\\Reimage.ini

[2011/06/17 00:34:30 | 000,001,246 | -HS- | C] () -- C:\\ProgramData\\2jfc8wwm7ycpfm031iq1747w633v26o7v3ik

[2011/05/14 21:48:19 | 000,000,032 | RH-- | C] () -- C:\\ProgramData\\hash.dat

[2011/04/13 20:33:50 | 000,000,632 | RHS- | C] () -- C:\\Users\\Felicia\\ntuser.pol

[2010/04/11 12:44:39 | 000,001,578 | -H-- | C] () -- C:\\Users\\Felicia\\AppData\\Roaming\\wklnhst.dat

[2010/04/07 12:01:49 | 000,004,608 | ---- | C] () -- C:\\Users\\Felicia\\AppData\\Local\\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/03 11:33:17 | 000,000,056 | -H-- | C] () -- C:\\ProgramData\\ezsidmv.dat

 

========== ZeroAccess Check ==========

 

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\\Windows\\assembly\\Desktop.ini

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

 

[HKEY_CURRENT_USER\\Software\\Classes\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32] /64

 

[HKEY_CURRENT_USER\\Software\\Classes\\Wow6432node\\clsid\\{fbeb8a05-beee-4442-804e-409d6c4515e9}\\InProcServer32]

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{42aedc87-2188-41fd-b9a3-0c966feabec1}\\InProcServer32]

\"\" = %SystemRoot%\\system32\\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Apartment

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\\InProcServer32]

\"\" = %systemroot%\\system32\\wbem\\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Free

 

[HKEY_LOCAL_MACHINE\\Software\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32] /64

\"\" = C:\\Windows\\SysNative\\wbem\\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

\"ThreadingModel\" = Both

 

[HKEY_LOCAL_MACHINE\\Software\\Wow6432Node\\Classes\\clsid\\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\\InProcServer32]

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\\ProgramData\\TEMP:DFC5A2B2

@Alternate Data Stream - 123 bytes -> C:\\ProgramData\\TEMP:C46995DA

@Alternate Data Stream - 109 bytes -> C:\\ProgramData\\TEMP:A8ADE5D8


< End of report >

 


 


 


 


OTL logfile created on: 1/16/2014 11:09:23 AM - Run 6

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Felicia\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.97 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 29.28% Memory free

7.93 Gb Paging File | 3.74 Gb Available in Paging File | 47.16% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 517.33 Gb Free Space | 88.97% Space Free | Partition Type: NTFS

 

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/16 11:08:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\\Users\\Felicia\\Desktop\\OTL.exe

PRC - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe

PRC - [2013/08/06 22:14:57 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\\Program Files (x86)\\Real\\RealPlayer\\Update\\realsched.exe

PRC - [2013/07/02 09:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jucheck.exe

PRC - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () -- C:\\Program Files (x86)\\RealNetworks\\RealDownloader\\rndlresolversvc.exe

PRC - [2009/08/14 19:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe

PRC - [2009/08/14 19:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\\Windows\\SysWOW64\\vmnat.exe

PRC - [2009/08/14 19:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe

PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe

PRC - [2009/06/04 18:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAAnotif.exe

PRC - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe

PRC - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\\Program Files\\Logitech\\SetPoint\\x86\\SetPoint32.exe

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/11/26 03:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Windows\\SysNative\\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\\Program Files\\Microsoft Security Client\\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\\Program Files\\Microsoft Security Client\\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\\Program Files\\Windows Defender\\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/20 11:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\\Program Files\\Common Files\\Logishrd\\Bluetooth\\LBTServ.exe -- (LBTServ)

SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\\Program Files\\Dell\\DellDock\\DockLogin.exe -- (DockLoginService)

SRV - [2013/12/21 19:09:25 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\\Program Files (x86)\\Mozilla Maintenance Service\\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/12/21 00:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\armsvc.exe -- (AdobeARMservice)

SRV - [2013/12/10 20:57:31 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/07/19 05:01:38 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\\Users\\Felicia\\AppData\\Local\\Temp\\7zS7294\\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2013/04/16 02:07:08 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\\Program Files (x86)\\RealNetworks\\RealDownloader\\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)

SRV - [2011/01/13 13:37:02 | 000,705,856 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\\Program Files (x86)\\Dell DataSafe Local Backup\\SftService.exe -- (SftService)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/14 19:19:44 | 000,326,192 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2009/08/14 19:19:30 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Windows\\SysWOW64\\vmnat.exe -- (VMware NAT Service)

SRV - [2009/08/14 19:19:24 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-authd.exe -- (VMAuthdService)

SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 18:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\\Program Files (x86)\\Intel\\Intel Matrix Storage Manager\\IAANTmon.exe -- (IAANTMON)

SRV - [2008/12/01 10:49:02 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vmware-ufad.exe -- (ufad-ws60)

SRV - [2007/07/19 16:54:48 | 000,689,408 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\\Program Files (x86)\\APC\\APC PowerChute Personal Edition\\mainserv.exe -- (APC UPS Service)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\\Windows\\SysNative\\drivers\\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/08/14 19:20:54 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\hcmon.sys -- (hcmon)

DRV:64bit: - [2009/08/14 19:20:48 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2009/08/14 19:20:44 | 000,065,072 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmci.sys -- (vmci)

DRV:64bit: - [2009/08/14 19:20:44 | 000,029,744 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2009/08/14 19:14:28 | 000,076,336 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmx86.sys -- (vmx86)

DRV:64bit: - [2009/08/14 12:40:04 | 000,038,960 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2009/08/14 12:40:04 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2009/07/30 21:58:42 | 000,236,544 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WSDScan.sys -- (WSDScan)

DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LUsbFilt.sys -- (LUsbFilt)

DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LMouFilt.Sys -- (LMouFilt)

DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\LHidFilt.Sys -- (LHidFilt)

DRV:64bit: - [2009/06/17 10:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\LHidEqd.sys -- (LHidEqd)

DRV:64bit: - [2009/06/17 10:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\LEqdUsb.sys -- (LEqdUsb)

DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/06/04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\\Windows\\SysNative\\drivers\\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/05/26 06:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\\Windows\\SysNative\\drivers\\IntcHdmi.sys -- (IntcHdmiAddService)

DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysNative\\drivers\\WimFltr.sys -- (WimFltr)

DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\sasdifsv.sys -- (SASDIFSV)

DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS -- (SASKUTIL)

DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\\Program Files (x86)\\SUPERAntiSpyware\\SASENUM.SYS -- (SASENUM)

DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\\Windows\\SysWOW64\\drivers\\wimmount.sys -- (WIMMount)

DRV - [2008/12/01 10:46:58 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\\Program Files (x86)\\VMware\\VMware Player\\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\\..\\SearchScopes,DefaultScope =

IE:64bit: - HKLM\\..\\SearchScopes\\{5AAEB2D7-D0EB-47E4-94BF-54BC862E9E8F}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE:64bit: - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Local Page = C:\\Windows\\SysWOW64\\blank.htm

IE - HKLM\\..\\SearchScopes,DefaultScope =

IE - HKLM\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\\..\\SearchScopes\\{A136A9CC-255C-4131-AAB3-7407C8B4C1E5}: \"URL\" = http://www.bing.com/search?q=%7BsearchTerms%7D&form=DLCDF8&pc=MDDC&src=IE-SearchBox\'>http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

 

IE - HKCU\\SOFTWARE\\Microsoft\\Internet Explorer\\Main,Start Page = http://att.my.yahoo.com/\'>http://att.my.yahoo.com/

IE - HKCU\\..\\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files (x86)\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll (Yahoo! Inc.)

IE - HKCU\\..\\SearchScopes,DefaultScope = {6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}

IE - HKCU\\..\\SearchScopes\\{03B0EE02-7915-4D0C-BAE9-17A3827F4713}: \"URL\" = http://search.yahoo.com/search?fr=mcafee&p=%7BSearchTerms\'>http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}

IE - HKCU\\..\\SearchScopes\\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: \"URL\" = http://www.google.com/search?q=%7BsearchTerms%7D&rls=com.microsoft:%7Blanguage%7D:%7Breferrer:source?%7D&ie=%7BinputEncoding%7D&oe=%7BoutputEncoding%7D&sourceid=ie7&rlz=1I7ADSA_en\'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADSA_en

IE - HKCU\\..\\SearchScopes\\{6A50FBDC-5DF4-4c9c-9B3B-2749F6FF4D24}: \"URL\" = http://search.yahoo.com/search?fr=chr-atty&p=%7BsearchTerms\'>http://search.yahoo.com/search?fr=chr-atty&p={searchTerms}

IE - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings: \"ProxyEnable\" = 0

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: support%40tubedimmerapp.com:2.6.43

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0

FF - user.js - File not found

 

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\system32\\Macromed\\Flash\\NPSWF64_11_9_900_170.dll File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~1\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/FlashPlayer: C:\\Windows\\SysWOW64\\Macromed\\Flash\\NPSWF32_11_9_900_170.dll ()

FF - HKLM\\Software\\MozillaPlugins\\@adobe.com/ShockwavePlayer: C:\\Windows\\SysWOW64\\Adobe\\Director\\np32dsw_1205146.dll (Adobe Systems, Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/DTPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\dtplugin\\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@java.com/JavaPlugin,version=10.45.2: C:\\Program Files (x86)\\Java\\jre7\\bin\\plugin2\\npjp2.dll (Oracle Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@mcafee.com/MVT: C:\\Program Files (x86)\\McAfee\\Supportability\\MVT\\NPMVTPlugin.dll File not found

FF - HKLM\\Software\\MozillaPlugins\\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\\Program Files (x86)\\Yahoo!\\Shared\\npYState.dll (Yahoo! Inc.)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/OfficeAuthz,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/SharePoint,version=14.0: C:\\PROGRA~2\\MICROS~2\\Office14\\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3502.0922: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3508.1109: C:\\Program Files (x86)\\Windows Live\\Photo Gallery\\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\\Software\\MozillaPlugins\\@microsoft.com/WLPG,version=15.4.3555.0308: C:\\Program Files (x86)\\

Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Bot traffic detected?
« Reply #3 on: January 16, 2014, 02:36:44 PM »

you posted OTL.exe twice, can you post the contents of Extras.txt please. There should be a copy on your desktop

If you can\'t find one, please do the following

 

Right click on OTL.exe on desktop and choose to \"Run as Admin\"

When it opens, put all selections to NONE...

Except under \"Extra Registry\" select the option>>> \"Use SafeList\"

Then click on \"Run Scan\"

It will be a short scan, post the log it produces when done>>Extras.txt

 

In addition: let\'s take a look at another log and see if anything shows up:

Download and save to your Desktop  http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe\'>RogueKillerX64.exe


  • Quit all programs

  • Please disconnect any USB or external drives from the computer before you run this scan!

  • For Vista or Windows 7, right-click and select \"Run as Administrator to start\"

  • Start RogueKiller.exe

  • Wait until Prescan has finished

  • Click on Scan.

  • Wait until the Status box shows \"Scan Finished\"

  • Click on Delete

  • Wait unit the Status box shows Deleting Finished

  • Click on Report and copy/paste the content of the Notepad

  • The log should be found in RKreport[1].txt on your Desktop

  • Close RogueKiller and post RKreport in its own reply.

Also: McAfee RootkitRemover


http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx\'>http://www.mcafee.com/us/downloads/free-tools/rootkitremover.aspx

At the above link click on \"Download this Tool Now\"


On the page that opens, scroll to the bottom of the page and click on \"Download Now\"


Save the tool to your Desktop


Right click on RootkitRemover.exe and choose to \"Run as Administrator\"


When it load it will run a quick scan, when complete


Press any key to Exit the tool


Post the contents of the log it creates on your desktop please

« Last Edit: January 16, 2014, 03:49:24 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Vannpat

  • Posts: 15
    • View Profile
Bot traffic detected?
« Reply #4 on: January 27, 2014, 05:33:25 PM »

OTL Extras logfile created on: 1/27/2014 4:31:20 PM - Run 7

OTL by OldTimer - Version 3.2.69.0     Folder = C:\\Users\\Felicia\\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.16428)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.97 Gb Total Physical Memory | 0.66 Gb Available Physical Memory | 16.72% Memory free

7.93 Gb Paging File | 3.96 Gb Available in Paging File | 49.93% Paging File free

Paging file location(s): ?:\\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\\Windows | %ProgramFiles% = C:\\Program Files (x86)

Drive C: | 581.48 Gb Total Space | 515.34 Gb Free Space | 88.62% Space Free | Partition Type: NTFS

 

Computer Name: FELICIA-PC | User Name: Felicia | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.html[@ = htmlfile] -- C:\\Program Files\\Internet Explorer\\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\\Windows\\SysNative\\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<extension>]

.cpl [@ = cplfile] -- C:\\Windows\\SysWow64\\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\\Program Files\\Internet Explorer\\iexplore.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\\SOFTWARE\\Classes\\<extension>]

.html [@ = FirefoxHTML] -- C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

http [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

https [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

InternetShortcut [open] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\ieframe.dll\",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- \"C:\\Windows\\System32\\rundll32.exe\" \"C:\\Windows\\System32\\mshtml.dll\",PrintHTML \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [FinePix] -- \"C:\\Program Files (x86)\\FinePixViewer\\FinePixViewer.exe\" \"%1\" (FUJIFILM Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Classes\\<key>\\shell\\[command]\\command]

batfile [open] -- \"%1\" %*

cmdfile [open] -- \"%1\" %*

comfile [open] -- \"%1\" %*

cplfile [cplopen] -- %SystemRoot%\\System32\\control.exe \"%1\",%* (Microsoft Corporation)

exefile [open] -- \"%1\" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

htmlfile [opennew] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

http [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

https [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\\System32\\InfDefaultInstall.exe \"%1\" (Microsoft Corporation)

piffile [open] -- \"%1\" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- \"%1\"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- \"%1\" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\\system32\\rundll32.exe %SystemRoot%\\system32\\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd \"%V\" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Directory [FinePix] -- \"C:\\Program Files (x86)\\FinePixViewer\\FinePixViewer.exe\" \"%1\" (FUJIFILM Corporation)

Folder [open] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\\Explorer.exe (Microsoft Corporation)

Applications\\iexplore.exe [open] -- \"C:\\Program Files\\Internet Explorer\\iexplore.exe\" %1 (Microsoft Corporation)

CLSID\\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

\"cval\" = 1

\"FirewallDisableNotify\" = 0

\"AntiVirusDisableNotify\" = 0

\"UpdatesDisableNotify\" = 0

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

\"VistaSp1\" = 28 4D B2 76 41 04 CA 01  [binary data]

\"AntiVirusOverride\" = 0

\"AntiSpywareOverride\" = 0

\"FirewallOverride\" = 0

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc\\Vol]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Security Center\\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\SystemRestore]

\"DisableSR\" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\DomainProfile]

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\WindowsFirewall\\StandardProfile]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\GloballyOpenPorts\\List]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\PublicProfile]

\"EnableFirewall\" = 1

\"DisableNotifications\" = 0

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\DomainProfile\\AuthorizedApplications\\List]

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\StandardProfile\\AuthorizedApplications\\List]

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{0FC46780-670D-41D2-A84C-D77B00E36264}\" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{1E4DD5DB-DFB8-4578-B0D8-FB9AE8DD37F4}\" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

\"{2129D737-9FC7-4A44-8024-3C012638171D}\" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

\"{38FC54DA-0652-4FA6-BA20-8BE90B44C7A0}\" = lport=2869 | protocol=6 | dir=in | app=system |

\"{45A67D00-7F90-4AD4-A338-A8BEB40666A8}\" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{4ADEA3CD-956E-4D80-81DD-A128E7CFF190}\" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{712F025E-0700-4772-8190-8BD0AF1602DA}\" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{B9FA8F25-8B53-42E6-95D2-25EF301C5003}\" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{C2989F77-F569-488C-B7B5-11DAB0937BA0}\" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\\system32\\svchost.exe |

\"{CA4A663D-B57C-46FD-A5A6-06199FB971AB}\" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\\system32\\svchost.exe |

\"{DAB1134F-4B99-42EF-BE16-53E0C6E81E08}\" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\\system32\\svchost.exe |

\"{E76CDECB-3C85-430C-8ACD-F8CF572D95CC}\" = rport=10243 | protocol=6 | dir=out | app=system |

\"{EF451AFE-EF64-44C4-AAE7-4BB52EBDF7B7}\" = lport=10243 | protocol=6 | dir=in | app=system |

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules]

\"{02520969-B3B2-4ED6-A055-DE9A3948ABF1}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqkygrp.exe |

\"{02997667-1300-4E34-A9DF-22B3DFF99B3B}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\vmware\\vmware player\\vmware-authd.exe |

\"{05329F07-E4AD-4F61-8860-4A7EE26604FD}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpiscnapp.exe |

\"{056E2BC2-080F-4E29-A6E2-D5321046DE97}\" = protocol=17 | dir=in | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{0BF7296E-DDAC-400F-B9D3-C3934388BBB1}\" = protocol=6 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{12F426AE-00EE-4511-8202-70197CFECB91}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\java.exe |

\"{2A58D922-E6B4-4369-B6DC-E0FD2EC4462B}\" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\\system32\\svchost.exe |

\"{2C154FEA-5764-4A0E-A751-39A4901AA963}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{2C8DC7B5-AAC6-46EE-B7AA-2AFB15C04863}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpofxs08.exe |

\"{3F6DC82A-40D6-4E0B-AE41-1827CC8D14C0}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpofxm08.exe |

\"{422E00A1-CC01-4081-B0B8-F2284E7F3085}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{46E69323-96AA-4A00-83B9-C18549EE1455}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{4A8C0A73-EB74-4D56-9F27-BE8680727034}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{50988375-AFE1-4815-B4AB-BC52479139E6}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqfxt08.exe |

\"{50B22E8C-67AF-445F-B40F-C8E8BEEC2535}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{51047BC1-0F81-45DD-A7A4-465F2B4EABE2}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpfccopy.exe |

\"{5F83F952-B6EC-4659-B527-718D85BCC070}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmpnetwk.exe |

\"{60929691-42A5-45AF-9F60-2847E27287E5}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe |

\"{66E157BC-E20A-4219-BA75-A6B23AD26EBF}\" = protocol=6 | dir=in | app=c:\\users\\felicia\\appdata\\local\\temp\\7zs7294\\hppiw.exe |

\"{6B04CF39-ED7E-49FE-8430-BDED30D7035B}\" = protocol=17 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{7178F141-0F62-4E9E-8216-1C818E3B34AB}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe |

\"{8EA8541D-1BA6-434F-983D-D9B9FA9A585C}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqusgm.exe |

\"{92698516-B4D2-4507-8579-66BD448D79F6}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpzwiz01.exe |

\"{93518408-2EFA-4FDF-9B77-398DB55EC99C}\" = dir=in | app=c:\\program files (x86)\\windows live\\contacts\\wlcomm.exe |

\"{9781DCD6-94C1-4D6C-A040-22500D9152E6}\" = protocol=6 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{984857A0-1012-4714-B52F-232FB392324A}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqtra08.exe |

\"{A496C92B-CA64-4F42-8291-4D87A87D1FBC}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\java.exe |

\"{A7F7CCF5-E2E7-4D94-9BD9-35BA4154F1B2}\" = dir=in | app=c:\\program files (x86)\\hp\\hp software update\\hpwucli.exe |

\"{AC957E4E-F8A0-4DCA-B306-C06558379705}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqusgh.exe |

\"{B0C610FB-4687-4CD0-AD24-439800CA0A79}\" = protocol=17 | dir=in | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{B422B303-C547-4C44-8E57-E9FD844ADDA6}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe |

\"{BC6900BD-9FEA-47F0-869A-4148F8EC8008}\" = protocol=17 | dir=out | app=%programfiles(x86)%\\windows media player\\wmplayer.exe |

\"{BFDE8DCE-B62A-4518-A735-8C7EE31277F1}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hposfx08.exe |

\"{C48B4CDD-E096-4A80-8238-4834A5F26598}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\vmware\\vmware player\\vmware-authd.exe |

\"{D1BE20F4-ED7E-48B7-A85B-3DD0D913469B}\" = protocol=6 | dir=out | app=%programfiles%\\windows media player\\wmplayer.exe |

\"{D588AD7F-2633-4A5A-8D0D-DB27A78B6B8F}\" = dir=in | app=c:\\program files (x86)\\common files\\apple\\apple application support\\webkit2webprocess.exe |

\"{D669DE8E-2797-4880-89C0-80E5677DA29E}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hposid01.exe |

\"{E1DB8E27-BA41-4B0D-80FC-B9FCDDB260D8}\" = protocol=17 | dir=in | app=c:\\users\\felicia\\appdata\\local\\temp\\7zs7294\\hppiw.exe |

\"{E7F2D758-09BB-4AAD-BB29-475DAC008BB8}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\vmware\\vmware player\\vmware-authd.exe |

\"{E8AB8DD4-1B0B-45B4-822D-384EB96108D4}\" = protocol=6 | dir=out | app=system |

\"{F30F76F4-CE9C-459B-B5DC-789F0B4CD3A6}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpqste08.exe |

\"{F52336C3-F222-4FEB-8C90-CED1FC64AA33}\" = protocol=17 | dir=in | app=c:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe |

\"{FD676ECF-2226-4DAE-A871-192A735C2291}\" = dir=in | app=c:\\program files (x86)\\hp\\digital imaging\\bin\\hpoews01.exe |

\"{FFD879A5-5762-482E-A1E2-C8D624802192}\" = protocol=6 | dir=in | app=c:\\program files (x86)\\vmware\\vmware player\\vmware-authd.exe |

\"TCP Query User{8236640D-8B0D-4A17-8D52-90C7B50E2613}C:\\program files (x86)\\java\\jre7\\bin\\java.exe\" = protocol=6 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\java.exe |

\"TCP Query User{B99E6F15-B592-44F3-82A4-5204A1871177}C:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe\" = protocol=6 | dir=in | app=c:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe |

\"TCP Query User{DD2FDA32-0549-4BF4-8C56-754F69209E3D}C:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe\" = protocol=6 | dir=in | app=c:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe |

\"UDP Query User{8573CFA6-B54F-4446-A774-9078ED4F27A7}C:\\program files (x86)\\java\\jre7\\bin\\java.exe\" = protocol=17 | dir=in | app=c:\\program files (x86)\\java\\jre7\\bin\\java.exe |

\"UDP Query User{A6D0F0A7-1C1B-42A5-9C3E-D367D4C74E9E}C:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe\" = protocol=17 | dir=in | app=c:\\program files (x86)\\yahoo!\\messenger\\yahoomessenger.exe |

\"UDP Query User{DC859ADD-B1F9-4842-8686-3DEAF1C05D56}C:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe\" = protocol=17 | dir=in | app=c:\\program files (x86)\\epson software\\event manager\\eeventmanager.exe |

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{027E5FAB-1476-4C59-AAB4-32EF28520399}\" = Windows Live Language Selector

\"{071c9b48-7c32-4621-a0ac-3f809523288f}\" = Microsoft Visual C++ 2005 Redistributable (x64)

\"{0C826C5B-B131-423A-A229-C71B3CACCD6A}\" = CDDRV_Installer

\"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}\" = Windows Live ID Sign-in Assistant

\"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}\" = 64 Bit HP CIO Components Installer

\"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}\" = Dell Edoc Viewer

\"{90140000-002A-0000-1000-0000000FF1CE}\" = Microsoft Office Office 64-bit Components 2010

\"{90140000-002A-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit MUI (English) 2010

\"{90140000-0116-0409-1000-0000000FF1CE}\" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

\"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\" = Intel® Matrix Storage Manager

\"{95120000-00B9-0409-1000-0000000FF1CE}\" = Microsoft Application Error Reporting

\"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}\" = Network64

\"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}\" = Microsoft Visual C++ 2005 Redistributable (x64)

\"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}\" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

\"{C73A3942-84C8-4597-9F9B-EE227DCBA758}\" = Dell Dock

\"{DA54F80E-261C-41A2-A855-549A144F2F59}\" = Windows Live MIME IFilter

\"{E102B843-786A-4F58-AF75-6504570E207B}\" = Microsoft Security Client

\"{E5083D57-D93F-404C-A91F-1C50D67C2BEB}\" = HP Officejet 4500 G510g-m

\"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}\" = KhalInstallWrapper

\"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}\" = Microsoft .NET Framework 4 Client Profile

\"CCleaner\" = CCleaner

\"HDMI\" = Intel(R) Graphics Media Accelerator Driver

\"HP Document Manager\" = HP Document Manager 2.0

\"HP Imaging Device Functions\" = HP Imaging Device Functions 13.0

\"HPExtendedCapabilities\" = HP Customer Participation Program 13.0

\"HPOCR\" = OCR Software by I.R.I.S. 13.0

\"Microsoft .NET Framework 4 Client Profile\" = Microsoft .NET Framework 4 Client Profile

\"Microsoft Security Client\" = Microsoft Security Essentials

\"Shop for HP Supplies\" = Shop for HP Supplies

 

[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}\" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

\"{0B0F231F-CE6A-483D-AA23-77B364F75917}\" = Windows Live Installer

\"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}\" = Dell DataSafe Local Backup

\"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}\" = Scan

\"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\" = Windows Installer Clean Up

\"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}\" = Dell DataSafe Online

\"{13A5E785-5197-4EAD-8EE3-D660271E49BC}\" = Feedback Tool

\"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\" = Microsoft Works

\"{175F0111-2968-4935-8F70-33108C6A4DE3}\" = MarketResearch

\"{19BA08F7-C728-469C-8A35-BFBD3633BE08}\" = Windows Live Movie Maker

\"{1C0E9C6B-D4D5-4D3C-8A10-F10A3E7BEEA5}\" = WN111v2

\"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}\" = Junk Mail filter update

\"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}\" = Windows Live SOXE Definitions

\"{218081EE-C83D-46A6-9382-9AB77B99AAA1}_is1\" = Typing Trainer 8.0

\"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}\" = DeviceDiscovery

\"{24ED4D80-8294-11D5-96CD-0040266301AD}\" = FinePixViewer Ver.5.5

\"{26A24AE4-039D-4CA4-87B4-2F83217025FF}\" = Java 7 Update 51

\"{28379381-B56A-43e1-B505-3098D82B1C30}\" = 4500G510gm_Software_Min

\"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}\" = RealUpgrade 1.1

\"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}\" = BufferChm

\"{3336F667-9049-4D46-98B6-4C743EEBC5B1}\" = Windows Live Photo Gallery

\"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}\" = Windows Live Photo Gallery

\"{35505AE1-27E2-4206-B3BF-58771803B8D0}\" = IncrediMail

\"{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\" = RealDownloader

\"{43CDF946-F5D9-4292-B006-BA0D92013021}\" = WebReg

\"{480E1853-1801-491B-BD5E-92F554380574}\" = RAVE Downloader

\"{4A03706F-666A-4037-7777-5F2748764D10}\" = Java Auto Updater

\"{5490882C-6961-11D5-BAE5-00E0188E010B}\" = FUJIFILM USB Driver

\"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}\" = Windows Live UX Platform Language Pack

\"{5A0C892E-FD1C-4203-941E-0956AED20A6A}\" = APC PowerChute Personal Edition

\"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}\" = Apple Application Support

\"{5FDFCCA0-59EC-4162-B0B8-632EEE3DF787}\" = WebIQ Technology Engine

\"{612C34C7-5E90-47D8-9B5C-0F717DD82726}\" = swMSM

\"{65EB09A3-993B-401E-8936-C9708CBFAB26}\" = FinePixViewer YTUPL

\"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\" = PowerDVD DX

\"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}\" = Windows Live SOXE

\"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}\" = HPSSupply

\"{6BBA26E9-AB03-4FE7-831A-3535584CA002}\" = Toolbox

\"{7059BDA7-E1DB-442C-B7A1-6144596720A4}\" = HP Update

\"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}\" = Microsoft Visual C++ 2005 Redistributable

\"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}\" = RealNetworks - Microsoft Visual C++ 2008 Runtime

\"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\" = Apple Software Update

\"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}\" = Dell Getting Started Guide

\"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}\" = Microsoft Visual C++ 2005 Redistributable

\"{83C292B7-38A5-440B-A731-07070E81A64F}\" = Windows Live PIMT Platform

\"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}\" = MSVCRT

\"{90120000-0020-0409-0000-0000000FF1CE}\" = Compatibility Pack for the 2007 Office system

\"{90140000-0015-0409-0000-0000000FF1CE}\" = Microsoft Office Access MUI (English) 2010

\"{90140000-0016-0409-0000-0000000FF1CE}\" = Microsoft Office Excel MUI (English) 2010

\"{90140000-0018-0409-0000-0000000FF1CE}\" = Microsoft Office PowerPoint MUI (English) 2010

\"{90140000-0019-0409-0000-0000000FF1CE}\" = Microsoft Office Publisher MUI (English) 2010

\"{90140000-001A-0409-0000-0000000FF1CE}\" = Microsoft Office Outlook MUI (English) 2010

\"{90140000-001B-0409-0000-0000000FF1CE}\" = Microsoft Office Word MUI (English) 2010

\"{90140000-001F-0409-0000-0000000FF1CE}\" = Microsoft Office Proof (English) 2010

\"{90140000-001F-040C-0000-0000000FF1CE}\" = Microsoft Office Proof (French) 2010

\"{90140000-001F-0C0A-0000-0000000FF1CE}\" = Microsoft Office Proof (Spanish) 2010

\"{90140000-002C-0409-0000-0000000FF1CE}\" = Microsoft Office Proofing (English) 2010

\"{90140000-003D-0000-0000-0000000FF1CE}\" = Microsoft Office Single Image 2010

\"{90140000-006E-0409-0000-0000000FF1CE}\" = Microsoft Office Shared MUI (English) 2010

\"{90140000-00A1-0409-0000-0000000FF1CE}\" = Microsoft Office OneNote MUI (English) 2010

\"{90140000-0115-0409-0000-0000000FF1CE}\" = Microsoft Office Shared Setup Metadata MUI (English) 2010

\"{90140000-0117-0409-0000-0000000FF1CE}\" = Microsoft Office Access Setup Metadata MUI (English) 2010

\"{92A51949-EE4C-466D-AAF0-99E74A49A63F}\" = DocMgr

\"{92EA4134-10D1-418A-91E1-5A0453131A38}\" = Windows Live Movie Maker

\"{9A25302D-30C0-39D9-BD6F-21E6EC160475}\" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

\"{9B362566-EC1B-4700-BB9C-EC661BDE2175}\" = DocProc

\"{9BE518E6-ECC6-35A9-88E4-87755C07200F}\" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

\"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}\" = Internet TV for Windows Media Center

\"{9D56775A-93F3-44A3-8092-840E3826DE30}\" = Windows Live Mail

\"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}\" = Roxio Burn

\"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}\" = erLT

\"{A53A11EA-0095-493F-86FA-A15E8A86A405}\" = VMware Player

\"{A726AE06-AAA3-43D1-87E3-70F510314F04}\" = Windows Live Writer

\"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}\" = Google Update Helper

\"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}\" = Dell DataSafe Local Backup - Support Software

\"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}\" = Windows Live Photo Common

\"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}\" = Windows Live Writer

\"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}\" = RealNetworks - Microsoft Visual C++ 2010 Runtime

\"{AAF454FC-82CA-4F29-AB31-6A109485E76E}\" = Windows Live Writer

\"{AC76BA86-7AD7-1033-7B44-AB0000000001}\" = Adobe Reader XI (11.0.06)

\"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}\" = Status

\"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}\" = Roxio Burn

\"{B44529FF-501E-47CD-A06D-223C161BE058}\" = FinePixViewer Resource

\"{B67BAFBA-4C9F-48FA-9496-933E3B255044}\" = QuickTime

\"{BBF08789-06CB-4D2F-9330-CD617AFDE528}\" = Fax

\"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}\" = Destinations

\"{BE0D4271-69C9-4f28-AD9B-BB33D126A30E}\" = 4500G510gm

\"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}\" = Windows Live Mail

\"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\" = SUPERAntiSpyware Free Edition

\"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}\" = Windows Live UX Platform

\"{D0B44725-3666-492D-BEF6-587A14BD9BD9}\" = MSVCRT_amd64

\"{D436F577-1695-4D2F-8B44-AC76C99E0002}\" = Windows Live Photo Common

\"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}\" = Windows Live Communications Platform

\"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}\" = TrayApp

\"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}\" = Windows Live Writer Resources

\"{DF0B357C-5874-47D0-81E7-79AA890B0CE0}\" = 4500_G510gm_Help

\"{E09C4DB7-630C-4F06-A631-8EA7239923AF}\" = D3DX10

\"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}\" = Windows Media Center Add-in for Flash

\"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}\" = Microsoft SQL Server 2005 Compact Edition [ENU]

\"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\" = Realtek High Definition Audio Driver

\"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\" = Logitech SetPoint

\"{F47C37A4-7189-430A-B81D-739FF8A7A554}\" = Consumer In-Home Service Agreement

\"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}\" = Windows Live Essentials

\"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}\" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

\"Adobe Flash Player ActiveX\" = Adobe Flash Player 11 ActiveX

\"Adobe Flash Player Plugin\" = Adobe Flash Player 12 Plugin

\"Adobe Shockwave Player\" = Adobe Shockwave Player 12.0

\"Coupon Printer for Windows5.0.0.3\" = Coupon Printer for Windows

\"Dell Dock\" = Dell Dock

\"Google Chrome\" = Google Chrome

\"IncrediMail\" = IncrediMail 2.0

\"Mozilla Firefox 26.0 (x86 en-US)\" = Mozilla Firefox 26.0 (x86 en-US)

\"MozillaMaintenanceService\" = Mozilla Maintenance Service

\"Office14.SingleImage\" = Microsoft Office Home and Student 2010

\"RealPlayer 16.0\" = RealPlayer

\"WinLiveSuite\" = Windows Live Essentials

\"Yahoo! Companion\" = Yahoo! Toolbar

\"Yahoo! Messenger\" = Yahoo! Messenger

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall]

\"{B64BC516-2406-43AE-A21A-1E387A2343B1}\" = Content Manager

\"f031ef6ac137efc5\" = Dell Driver Download Manager

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 1/22/2014 12:19:30 AM | Computer Name = Felicia-PC | Source = APC UPS Service | ID = 61456

Description = PowerChute not communicating with the battery backup.

 

Error - 1/22/2014 10:12:30 PM | Computer Name = Felicia-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for \"C:\\Windows\\Installer\\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\\recordingmanager.exe\".

Dependent

 Assembly rpshellextension.1.0,language=\"&#x2a;\",type=\"win32\",version=\"1.0.0.0\"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 1/23/2014 12:17:10 AM | Computer Name = Felicia-PC | Source = APC UPS Service | ID = 61456

Description = PowerChute not communicating with the battery backup.

 

Error - 1/24/2014 1:22:14 AM | Computer Name = Felicia-PC | Source = Application Hang | ID = 1002

Description = The program IEXPLORE.EXE version 11.0.9600.16428 stopped interacting

 with Windows and was closed. To see if more information about the problem is available,

 check the problem history in the Action Center control panel.    Process ID: 11b0    Start

 Time: 01cf1895c5a819b5    Termination Time: 507    Application Path: C:\\Program Files (x86)\\Internet

 Explorer\\IEXPLORE.EXE    Report Id:  

 

Error - 1/24/2014 7:57:41 PM | Computer Name = Felicia-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for \"C:\\Windows\\Installer\\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\\recordingmanager.exe\".

Dependent

 Assembly rpshellextension.1.0,language=\"&#x2a;\",type=\"win32\",version=\"1.0.0.0\"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 1/24/2014 10:02:25 PM | Computer Name = Felicia-PC | Source = APC UPS Service | ID = 61456

Description = PowerChute not communicating with the battery backup.

 

Error - 1/26/2014 2:03:31 PM | Computer Name = Felicia-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for \"C:\\Windows\\Installer\\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\\recordingmanager.exe\".

Dependent

 Assembly rpshellextension.1.0,language=\"&#x2a;\",type=\"win32\",version=\"1.0.0.0\"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 1/27/2014 2:07:07 AM | Computer Name = Felicia-PC | Source = APC UPS Service | ID = 61456

Description = PowerChute not communicating with the battery backup.

 

Error - 1/27/2014 2:44:11 AM | Computer Name = Felicia-PC | Source = SideBySide | ID = 16842785

Description = Activation context generation failed for \"C:\\Windows\\Installer\\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\\recordingmanager.exe\".

Dependent

 Assembly rpshellextension.1.0,language=\"&#x2a;\",type=\"win32\",version=\"1.0.0.0\"

could not be found.  Please use sxstrace.exe for detailed diagnosis.

 

Error - 1/27/2014 5:00:35 PM | Computer Name = Felicia-PC | Source = APC UPS Service | ID = 61456

Description = PowerChute not communicating with the battery backup.

 

[ Dell Events ]

Error - 6/7/2011 1:48:11 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 6/14/2011 1:48:06 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 6/14/2011 1:48:06 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 6/17/2011 8:00:39 PM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 6/17/2011 8:00:40 PM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/11/2011 10:45:17 PM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 7/11/2011 10:45:18 PM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 11/5/2011 12:22:19 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 11/5/2011 12:22:19 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

Error - 11/5/2011 12:22:49 AM | Computer Name = Felicia-PC | Source = DataSafe | ID = 17

Description = The process was interrupted before completion.

 

[ System Events ]

Error - 1/24/2014 7:02:23 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   SASDIFSV  SASKUTIL

 

Error - 1/25/2014 7:12:34 PM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/25/2014 7:12:34 PM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASDIFSV.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/25/2014 7:13:04 PM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   SASDIFSV  SASKUTIL

 

Error - 1/26/2014 11:06:26 AM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/26/2014 11:06:26 AM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASDIFSV.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/26/2014 11:06:46 AM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   SASDIFSV  SASKUTIL

 

Error - 1/27/2014 11:43:39 AM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASKUTIL.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/27/2014 11:43:39 AM | Computer Name = Felicia-PC | Source = Application Popup | ID = 1060

Description = \\??\\C:\\Program Files (x86)\\SUPERAntiSpyware\\SASDIFSV.SYS has been

blocked from loading due to incompatibility with this system. Please contact your

 software vendor for a compatible version of the driver.

 

Error - 1/27/2014 11:43:56 AM | Computer Name = Felicia-PC | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

   SASDIFSV  SASKUTIL

 

 

< End of report >

 


Logged

Vannpat

  • Posts: 15
    • View Profile
Bot traffic detected?
« Reply #5 on: January 27, 2014, 05:35:17 PM »

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.adlice.com/forum/\'>http://www.adlice.com/forum/

Website : http://www.adlice.com/softwares/roguekiller/\'>http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com\'>http://www.adlice.com


Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Felicia [Admin rights]

Mode : Scan -- Date : 01/27/2014 15:48:20

| ARK || FAK || MBR |


¤¤¤ Bad processes : 0 ¤¤¤


¤¤¤ Registry Entries : 13 ¤¤¤

[RUN][SUSP PATH] HKCU\\[...]\\Run : CmTray (\"C:\\Users\\Felicia\\AppData\\Roaming\\Content Manager\\launchCM.exe\" [-]) -> FOUND

[RUN][SUSP PATH] HKUS\\S-1-5-21-4196725377-3134802578-2320879310-1001\\[...]\\Run : CmTray (\"C:\\Users\\Felicia\\AppData\\Roaming\\Content Manager\\launchCM.exe\" [-]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CCSet\\[...]\\{28C31212-6713-4A47-8872-34C779D8B726} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CCSet\\[...]\\{47AF739C-9211-470F-8886-1F12156AA75E} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CS001\\[...]\\{28C31212-6713-4A47-8872-34C779D8B726} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CS001\\[...]\\{47AF739C-9211-470F-8886-1F12156AA75E} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CS002\\[...]\\{28C31212-6713-4A47-8872-34C779D8B726} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[DNS][PUM] HKLM\\[...]\\CS002\\[...]\\{47AF739C-9211-470F-8886-1F12156AA75E} : NameServer (10.124.6.3,10.124.3.2 [(Private Address) (XX) - (Private Address) (XX)]) -> FOUND

[HJ POL][PUM] HKLM\\[...]\\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\\[...]\\Wow6432Node\\[...]\\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKCU\\[...]\\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ DESK][PUM] HKLM\\[...]\\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\\[...]\\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND


¤¤¤ Scheduled tasks : 1 ¤¤¤

[V2][SUSP PATH] {36F70C1E-1BB9-45C8-8A68-795DD7310B8F} : C:\\Users\\Felicia\\Documents\\epson13800.exe

  • -> FOUND


¤¤¤ Startup Entries : 0 ¤¤¤


¤¤¤ Web browsers : 0 ¤¤¤


¤¤¤ Browser Addons : 0 ¤¤¤


¤¤¤ Particular Files / Folders: ¤¤¤


¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤


¤¤¤ External Hives: ¤¤¤


¤¤¤ Infection :  ¤¤¤


¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\\System32\\drivers\\etc\\hosts



127.0.0.1       localhost



¤¤¤ MBR Check: ¤¤¤


+++++ PhysicalDrive0: (\\\\.\\PHYSICALDRIVE0 @ IDE) WDC WD6400AAKS-75A7B2 +++++

--- User ---

[MBR] 232f66ac13ae401c9fa75f6d04903bbc

[BSP] b689a285b9fb589571be9d69c096bbe2 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 595439 Mo

User = LL1 ... OK!

User = LL2 ... OK!


Finished : << RKreport[0]_S_01272014_154820.txt >>


 



 


Logged

Vannpat

  • Posts: 15
    • View Profile
Bot traffic detected?
« Reply #6 on: January 27, 2014, 06:07:19 PM »

[ TimeStamp: 20140127 170512 ]Rootkit Remover v0.8.9.170 [Oct 25 2013 - 15:43:38]

McAfee Labs.


Windows build 6.1.7601 x64 Service Pack 1

Checking for updates ...



Scanning for user-mode threats ...


Scanning for kernel-mode threats ...

    Scan Result --> No trojan or viruses found!

Scan Finished


Logged

guestolo

  • Site Donator
  • Administrator
  • *****
  • Posts: 16034
    • View Profile
    • http://
Bot traffic detected?
« Reply #7 on: January 28, 2014, 10:19:54 PM »

it\'s been awhile since I last posted, how are things running on your end now, still problems?


Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »