need help with pop-up


Recommended Posts

OTL logfile created on: 1/9/2014 9:32:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kim\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.80% Memory free
4.21 Gb Paging File | 2.18 Gb Available in Paging File | 51.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.49 Gb Total Space | 60.75 Gb Free Space | 46.21% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.21 Gb Free Space | 68.07% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/09 09:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Downloads\OTL.com
PRC - [2013/12/17 15:09:32 | 000,590,312 | ---- | M] (Zedge.net) -- C:\Users\kim\AppData\Local\Apps\2.0\GX7QB04V.YTB\JRL0M2YR.YXR\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\ZedgeTonesync.exe
PRC - [2013/12/11 13:20:45 | 000,309,328 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/12/11 13:17:29 | 000,839,560 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
PRC - [2013/10/09 16:39:09 | 001,621,512 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2013/10/09 16:39:07 | 001,207,816 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
PRC - [2013/10/09 16:39:07 | 000,257,544 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2013/10/09 16:39:07 | 000,208,392 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/08/04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/08/04 09:57:18 | 000,056,376 | ---- | M] (Fisher-Price) -- C:\Program Files\Fisher-Price\iXL\iXL.Middleware.exe
PRC - [2011/07/30 15:59:55 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2011/07/30 15:59:54 | 000,206,152 | ---- | M] (CA) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
PRC - [2011/03/14 19:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/05/04 02:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 02:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 02:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 02:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/01/20 19:33:00 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/11/12 04:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/11/01 14:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/08/27 22:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/07/27 15:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/05/25 08:38:20 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdccoms.exe
PRC - [2007/04/30 07:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
PRC - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 12:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2006/11/02 02:45:35 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\regsvr32.exe
PRC - [2006/09/20 11:54:24 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Nova Development\Photo Explosion 3.0 SE\CalCheck.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/16 18:54:59 | 000,486,912 | ---- | M] () -- C:\Users\kim\AppData\Local\RRBsoft\AboutDLL.dll
MOD - [2013/12/07 13:09:57 | 000,400,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\a1e51eb4da5fb91ed23a54401ef8b5db\System.Xml.Linq.ni.dll
MOD - [2013/12/07 13:08:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\76f8a75eb9332ddd4351ca66b0dc88e4\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013/12/07 13:07:47 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3a5dc60ef43ec06078a9d6b762c2e88b\System.Deployment.ni.dll
MOD - [2013/12/06 18:03:18 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll
MOD - [2013/11/06 11:37:21 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll
MOD - [2013/11/06 11:37:01 | 002,295,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\ab40b51ac49fbee9a48b5b74ff78d5d6\System.Core.ni.dll
MOD - [2013/10/09 16:39:10 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/08/24 21:42:01 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll
MOD - [2013/08/24 21:41:15 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1bf91944c0a39048bb079c5d81f90529\System.Runtime.Serialization.ni.dll
MOD - [2013/08/24 21:40:36 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59eba2680c01c33b2b3f5385979e32c6\System.Web.ni.dll
MOD - [2013/08/24 21:40:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b167ef6967ad27503c6ac6aabcef1aff\System.Runtime.Remoting.ni.dll
MOD - [2013/08/24 21:38:42 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll
MOD - [2013/08/24 21:38:10 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll
MOD - [2013/08/24 21:37:51 | 006,622,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll
MOD - [2013/08/24 21:36:50 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll
MOD - [2013/08/04 13:57:25 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2009/03/29 21:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/12/18 02:55:28 | 000,054,784 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/05/02 04:11:56 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.Monitor.Core.dll
MOD - [2007/05/02 04:11:56 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.Monitor.Common.dll
MOD - [2007/05/02 04:10:58 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 07:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 07:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\lxdcamon.exe
MOD - [2007/04/30 07:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 07:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 1300 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2006/09/20 11:51:58 | 000,561,152 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion 3.0 SE\uviplA6.dll
MOD - [2006/09/20 11:51:58 | 000,020,480 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion 3.0 SE\uvipl.dll
MOD - [2006/09/20 11:51:28 | 000,019,968 | ---- | M] () -- C:\Program Files\Nova Development\Photo Explosion 3.0 SE\Cpuinf32.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT -- (CAATT)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc -- (ATTRcAppSvc)
SRV - [2013/12/11 13:17:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/09 16:39:07 | 000,257,544 | ---- | M] (Total Defense, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2013/10/09 16:39:07 | 000,208,392 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/07/30 15:59:55 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/07/30 15:59:54 | 000,206,152 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2011/02/07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 04:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 04:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/05/25 08:38:38 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdcserv.exe -- (lxdcCATSCustConnectService)
SRV - [2007/05/25 08:38:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdccoms.exe -- (lxdc_device)
SRV - [2007/03/21 12:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWNET.sys -- (PTUMWNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWBus.sys -- (PTUMWBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/27 16:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 12:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/09/06 22:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2010/05/08 20:44:08 | 000,008,832 | ---- | M] (LG Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgcpo.sys -- (lgcpo)
DRV - [2009/09/22 09:23:48 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdobex.sys -- (UsbSADObex)
DRV - [2009/09/22 09:23:46 | 000,027,520 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdmodem.sys -- (USBSADModem)
DRV - [2009/09/22 09:23:46 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbddiag.sys -- (UsbSADDiag)
DRV - [2009/09/22 09:23:44 | 000,058,624 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc_enum.sys -- (USBSANDIS)
DRV - [2009/09/22 09:23:42 | 000,045,568 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cdc_ecm.sys -- (cdc_ecm)
DRV - [2009/05/25 16:01:00 | 000,069,098 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)
DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/12/18 02:55:10 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 05:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 02:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 00:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008/01/20 19:32:52 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/11/12 04:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/06 09:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 09:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 09:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/27 22:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.dell.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ysp
 
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{131B573A-C00D-82EC-098E-145BB127FA4F}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z037&form=ZGAIDF
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{56AF48AF-2F9E-47FD-855C-07B02EEE9281}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_enUS479
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{898691B5-789A-F88E-D09B-76CD111DD182}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{B5952A2E-8E58-45DF-A74A-23D5DC073215}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\kim\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{31F37877-0076-4d26-8FD4-D9A7223FFC06}: C:\Program Files\FacePaint\FacePaintFF\{31F37877-0076-4d26-8FD4-D9A7223FFC06} [2011/02/24 08:43:53 | 000,000,000 | ---D | M]
 
[2011/01/02 20:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Extensions
[2013/12/28 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\extensions
 
O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [{9AA8FE27-89A8-99BA-8b85-9AE9B9ABA99F}] "C:\Program Files\Alltel Broadband Connect\AvqAutoRun.exe" "C:\Program Files\Alltel Broadband Connect\mphonetools.exe" /OnPlug=%s File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iXL_MiddleWare] C:\Program Files\Fisher-Price\iXL\iXL.Middleware.exe (Fisher-Price)
O4 - HKLM..\Run: [lxdcamon] C:\Program Files\Lexmark 1300 Series\lxdcamon.exe ()
O4 - HKLM..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PhotoExplosionCalCheck] C:\Program Files\Nova Development\Photo Explosion 3.0 SE\CalCheck.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [{45F17D5A-2D09-406B-A811-FFC5354B3695}] rundll32 "C:\Users\kim\AppData\Local\ArcadeParlor\{45F17D5A-2D09-406B-A811-FFC5354B3695}\hnkonp.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [Facebook Update] C:\Users\kim\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not found
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [RRBsoft Update] C:\Windows\System32\regsvr32.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [ZedgeToneSync] C:\Users\kim\AppData\Local\Apps\2.0\Data\6QCZBE65.30G\195P796N.7VP\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8532DF7F-5036-4E07-8FE0-EFFD14825062}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B453CD91-A862-4D87-9414-65E513EF9F62}: DhcpNameServer = 209.183.50.151 209.183.50.151
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\kim\Pictures\2010-12-21\218.JPG
O24 - Desktop BackupWallPaper: C:\Users\kim\Pictures\2010-12-21\218.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3951a629-0c72-11e0-8aa1-001644d3ff7f}\Shell - "" = AutoRun
O33 - MountPoints2\{3951a629-0c72-11e0-8aa1-001644d3ff7f}\Shell\AutoRun\command - "" = F:\Start.exe
O33 - MountPoints2\{3951a629-0c72-11e0-8aa1-001644d3ff7f}\Shell\menu1\command - "" = F:\Start.exe
O33 - MountPoints2\{fe9f4182-7420-11e0-8945-001644d3ff7f}\Shell - "" = AutoRun
O33 - MountPoints2\{fe9f4182-7420-11e0-8945-001644d3ff7f}\Shell\AutoRun\command - "" = F:\ATTPreCopy.exe /-L -d:LGEUSB2100T1 -7
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/08 15:20:36 | 000,000,000 | ---D | C] -- C:\Users\kim\Desktop\RK_Quarantine
[2014/01/08 10:41:09 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebytes
[2014/01/08 10:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/08 10:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/08 10:40:45 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/08 10:40:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/08 10:08:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/08 09:41:06 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/28 20:01:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/12/17 15:09:37 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zedge Europe AS
[2013/12/17 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Deployment
[2013/12/17 15:05:47 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Apps
[2013/12/17 14:05:09 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Apple Computer
[2013/12/17 14:05:09 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Apple Computer
[2013/12/17 14:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/17 14:04:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2013/12/17 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/12/17 14:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/17 14:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/12/17 14:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/12/17 13:59:36 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\Apple
[2013/12/17 13:59:19 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013/12/17 13:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/12/17 13:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/12/17 13:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/12/16 18:42:17 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\RRBsoft
[2013/12/16 18:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SweetPacks
[2013/12/16 17:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SecureWeb
[2013/12/16 17:50:05 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/16 17:50:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2013/12/16 17:49:37 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/12/16 17:49:31 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/12/16 17:49:30 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\FileAssociationManager
[2013/12/16 17:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\FileAssociationManager
[2013/12/16 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2013/12/16 17:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2013/12/16 17:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2013/12/16 17:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
[2013/12/16 17:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\InstallConverter
[2013/12/13 16:49:54 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/13 16:49:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/13 16:49:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/13 16:49:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/13 16:49:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/13 16:49:42 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/13 16:49:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/13 16:49:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 13:13:26 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 13:13:23 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/11 13:13:22 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 13:13:22 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 13:13:13 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 13:13:13 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/09 09:19:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/09 09:19:41 | 000,604,752 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/09 09:19:41 | 000,104,420 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/09 09:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 09:13:53 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 09:13:17 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 09:13:17 | 000,004,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 09:13:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 09:13:00 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/08 21:32:46 | 000,075,484 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2014/01/08 21:32:46 | 000,048,169 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2014/01/08 21:32:46 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2014/01/08 21:32:46 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2014/01/08 20:39:06 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3708714885-1391371732-529881198-1000UA.job
[2014/01/08 14:39:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3708714885-1391371732-529881198-1000Core.job
[2014/01/08 14:04:15 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/23 07:57:20 | 000,005,972 | ---- | M] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
[2013/12/17 15:09:37 | 000,000,336 | ---- | M] () -- C:\Users\kim\Desktop\ToneSync for Windows.appref-ms
[2013/12/17 14:04:36 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/16 17:16:15 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2013/12/15 16:28:37 | 000,275,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/11 13:17:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/11 13:17:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/08 10:40:48 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/18 10:07:52 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/17 15:09:37 | 000,000,336 | ---- | C] () -- C:\Users\kim\Desktop\ToneSync for Windows.appref-ms
[2013/12/17 14:04:36 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/12/17 13:59:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/12/16 17:16:15 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\InstallConverter.lnk
[2011/02/02 13:29:25 | 000,005,972 | ---- | C] () -- C:\Users\kim\AppData\Local\d3d9caps.dat
[2011/01/05 17:49:35 | 000,000,577 | ---- | C] () -- C:\ProgramData\lxdc
[2010/12/20 18:42:18 | 000,007,680 | ---- | C] () -- C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/02/15 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Canon
[2012/01/16 13:06:15 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\com.w3i.musicrockstar
[2011/01/05 13:04:34 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Driver Smith
[2013/12/16 17:49:30 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\FileAssociationManager
[2011/12/25 06:31:31 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Fisher-Price
[2011/02/24 08:34:03 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\FrostWire
[2011/07/16 07:46:43 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Lexmark Productivity Studio
[2012/01/16 13:11:52 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\playitall
[2011/05/01 11:43:46 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Sierra Wireless
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:661DC753
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 1/9/2014 9:32:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\kim\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.57 Gb Available Physical Memory | 28.80% Memory free
4.21 Gb Paging File | 2.18 Gb Available in Paging File | 51.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 131.49 Gb Total Space | 60.75 Gb Free Space | 46.21% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 10.21 Gb Free Space | 68.07% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistPlayItAll] -- "C:\Program Files\PlayItAll\playitall.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithPlayItAll] -- "C:\Program Files\PlayItAll\playitall.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015CB9A1-9CC2-421F-BD5C-7BCF06394F6B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{099117BE-341A-4D3F-8BDA-7311CF2208EF}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{20CE6FB5-B72E-46E9-BC0E-58DC97DBA1C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22965F6B-2F63-4C9E-BB69-376E79DC4833}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{22F33E9C-866A-4834-84C0-9EB050119C7B}" = dir=in | app=c:\users\kim\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{43715DCD-636A-4E12-BBA3-35E0EC88F511}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{513AD346-7EE7-469E-95A8-5DC57A8CF73D}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{5B3434A4-C1A7-4ABA-AC13-19C5C8B419C1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{5ED8A57E-8A8B-4391-89BD-33F0565459D8}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"{5F72F689-9038-40C8-9F2D-0190ED5EE388}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{5FFD1B48-54E2-4154-86A9-0F47AF843A79}" = protocol=6 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{692CD500-63C7-4A45-ABBC-0F76368817C5}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcjswx.exe |
"{6A3795FB-BBB8-4E58-9DE7-B186C45D6BC9}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{70340C1D-D34A-4583-BF30-B76A1FDC04D3}" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"{7EB34F4F-3C9A-4FD8-8DE5-9B1070980505}" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{8312AB66-9207-471D-97E8-CA9E9C63EA86}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{931C0E0B-B2C3-406D-9F6B-5C006E03AF09}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{98E71C8B-1786-4BD6-B092-B37832C313B4}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{9F33EC0D-E735-4D23-AA10-48132F052573}" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"{AE4F8663-9C66-4DC9-BE54-69FF083CD918}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{C20E4AEA-181B-43AE-8871-94711CCE620E}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdctime.exe |
"{C60AECBE-A187-44A1-9430-C75783D46474}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D4016CB1-0ED6-4E2C-B357-FC4AE7CADA81}" = protocol=17 | dir=in | app=c:\windows\system32\lxdccoms.exe |
"{DC7EBD30-0A74-44EF-9D60-22667F111180}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{DE564962-5F47-47D4-B284-F3A960D50456}" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"{EAB9DE95-B535-4439-ADD6-5368029FCA6C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EE1A98D8-151E-449F-A831-8E92C4A2C222}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdcpswx.exe |
"TCP Query User{04B1F7FD-4C1C-41EF-A278-872F31A5BBCB}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"TCP Query User{184A6D5C-C002-436A-9CAE-C39879BA6DD3}C:\program files\lexmark 1300 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
"TCP Query User{3C7A6FDB-4072-4D9F-9092-CD491013F2DB}C:\program files\frostwire 5\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"TCP Query User{5A530FBE-CE66-4AD1-925F-3AFF6A973061}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6374871F-DB64-417F-A54C-F9D7FB33AE62}C:\program files\lime pro\limepro.exe" = protocol=6 | dir=in | app=c:\program files\lime pro\limepro.exe |
"UDP Query User{092ED117-0E80-4ADD-B843-3C1825111859}C:\program files\lime pro\limepro.exe" = protocol=17 | dir=in | app=c:\program files\lime pro\limepro.exe |
"UDP Query User{44882363-E9AA-4B26-B21B-5001188A2718}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{473CD232-9547-4708-B984-33C6178CAAE0}C:\program files\lexmark 1300 series\lxdcamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\lxdcamon.exe |
"UDP Query User{AF243CC0-FDF1-4C80-8D1B-AE1B91AEE6B3}C:\program files\frostwire 5\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire 5\frostwire.exe |
"UDP Query User{D5A79C26-6984-4B89-950C-820100ACC9C4}C:\program files\lexmark 1300 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 1300 series\app4r.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0228288D-975E-42F7-9993-E91A82E6BBD9}" = CWA Reminder by We-Care.com v4.1.24.3
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2100_series" = Canon MG2100 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C095AE6-74D9-47A3-9039-4F142BA7B319}" = Fisher-Price iXL - Cars 2
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C4A041-9136-43DB-8C26-3060FC8CFFF8}" = Fisher-Price iXL Computer Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C197BC08-3D82-4651-8886-E68C21578A38}" = iTunes
"{C778BD4F-0DEA-4D39-B7C1-992E1BFFD351}" = Photo Explosion 3.0 Special Edition
"{C864C994-2957-4FE3-A72B-36C5E507B4AA}" = FacePaint Plugin
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}" = Updater
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"26062_2009_1223_1719_is1" = Uninstall Dual Mode Camera (26062)
"7-Zip 9.20" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BFGC" = Big Fish Games: Game Manager
"BFG-Fishdom 2" = Fishdom 2
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Canon MG2100 series On-screen Manual" = Canon MG2100 series On-screen Manual
"Canon MG2100 series User Registration" = Canon MG2100 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011) 
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eTrust Suite Personal" = Total Defense Internet Security Suite
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileAssociationManager" = File Association Manager
"FrostWire 5" = FrostWire 5.4.0
"HaaliMkx" = Haali Media Splitter
"InstallConverter" = InstallConverter
"InstallShield_{1C095AE6-74D9-47A3-9039-4F142BA7B319}" = Fisher-Price iXL - Cars 2
"InstallShield_{24C4A041-9136-43DB-8C26-3060FC8CFFF8}" = Fisher-Price iXL Computer Software
"Lexmark 1300 Series" = Lexmark 1300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 5.0" = Canon MP Navigator EX 5.0
"Nursing Assistant CD" = Nursing Assistant CD
"PlayItAll media player" = PlayItAll media player 1.0.5
"Search Toolbar" = Search Toolbar
"SecureWeb" = Secure Web
"simppulltoolbar" = Simppull Toolbar (Remove Toolbar Only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"c2c9648a374f64d1" = ToneSync for Windows
"RewardsArcadeSuite" = RewardsArcadeSuite
"ValueApps" = ValueApps
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/8/2014 8:08:44 PM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 22
 
Error - 1/8/2014 8:08:44 PM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 23
 
Error - 1/8/2014 8:08:44 PM | Computer Name = kim-PC | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 24
 
Error - 1/8/2014 9:50:05 PM | Computer Name = kim-PC | Source = Application Error | ID = 1000
Description = Faulting application Updater.exe, version 0.0.0.0, time stamp 0x524e36bc,
 faulting module Updater.exe, version 0.0.0.0, time stamp 0x524e36bc, exception
code 0xc0000005, fault offset 0x0000331c,  process id 0x2fd8, application start time
 0x01cf0cdd1de24a8a.
 
Error - 1/8/2014 10:50:04 PM | Computer Name = kim-PC | Source = Application Error | ID = 1000
Description = Faulting application Updater.exe, version 0.0.0.0, time stamp 0x524e36bc,
 faulting module Updater.exe, version 0.0.0.0, time stamp 0x524e36bc, exception
code 0xc0000005, fault offset 0x0000331c,  process id 0x2e98, application start time
 0x01cf0ce57f7b5cca.
 
Error - 1/8/2014 11:39:06 PM | Computer Name = kim-PC | Source = Google Update | ID = 20
Description =
 
Error - 1/9/2014 12:19:58 AM | Computer Name = kim-PC | Source = Application Error | ID = 1000
Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
 0x49e01da5, faulting module AboutDLL.dll_unloaded, version 0.0.0.0, time stamp
0x2a425e19, exception code 0xc0000005, fault offset 0x008f6720,  process id 0x2a24,
 application start time 0x01cf0cce8634d35a.
 
Error - 1/9/2014 12:21:10 AM | Computer Name = kim-PC | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
 registration timeout
 
Error - 1/9/2014 12:08:23 PM | Computer Name = kim-PC | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
 registration timeout
 
Error - 1/9/2014 12:15:38 PM | Computer Name = kim-PC | Source = UmxAgent | ID = 99
Description = Sync event client C:\Program Files\CA\CA Internet Security Suite\ccevtmgr.exe
 registration timeout
 
[ Broadcom Wireless LAN Events ]
Error - 1/5/2013 7:57:34 PM | Computer Name = kim-PC | Source = WLAN-Tray | ID = 0
Description = 16:57:34, Sat, Jan 05, 13 Error - Unable to gain access to user store

 
[ System Events ]
Error - 1/9/2014 12:07:18 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 1/9/2014 12:07:18 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 1/9/2014 12:09:42 PM | Computer Name = kim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:08:43 AM on 1/9/2014 was unexpected.
 
Error - 1/9/2014 12:10:55 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 1/9/2014 12:10:55 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 1/9/2014 12:10:55 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 1/9/2014 12:13:07 PM | Computer Name = kim-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:11:36 AM on 1/9/2014 was unexpected.
 
Error - 1/9/2014 12:14:42 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 1/9/2014 12:14:42 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 1/9/2014 12:14:42 PM | Computer Name = kim-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

Link to post
Share on other sites

KIm P, we need to run a OTL fix !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLSRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT -- (CAATT)SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc -- (ATTRcAppSvc)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWNET.sys -- (PTUMWNET)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWBus.sys -- (PTUMWBus)DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=yspIE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=yspIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=yspIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=yspIE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRCIE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{131B573A-C00D-82EC-098E-145BB127FA4F}: "URL" = http://www.bing.com/...037&form=ZGAIDFIE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{56AF48AF-2F9E-47FD-855C-07B02EEE9281}: "URL" = http://delicious.com...?p={searchTerms}IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS479IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{898691B5-789A-F88E-D09B-76CD111DD182}: "URL" = http://www.bing.com/...003&form=ZGAIDFIE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{B5952A2E-8E58-45DF-A74A-23D5DC073215}: "URL" = http://www.flickr.co...?q={searchTerms}IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found[2011/01/02 20:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Extensions[2013/12/28 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\extensionsO3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll File not foundO4 - HKLM..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" File not foundO4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [{45F17D5A-2D09-406B-A811-FFC5354B3695}] rundll32 "C:\Users\kim\AppData\Local\ArcadeParlor\{45F17D5A-2D09-406B-A811-FFC5354B3695}\hnkonp.dll",DllRegisterServer File not foundO4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not foundO4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [ZedgeToneSync] C:\Users\kim\AppData\Local\Apps\2.0\Data\6QCZBE65.30G\195P796N.7VP\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not foundO13 - gopher Prefix: missing   :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



Post that log next !!

 

Chuck

Link to post
Share on other sites

All processes killed
Error: Unable to interpret <. :OTL> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT -- (CAATT)> in the current context!
Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc -- (ATTRcAppSvc)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWNET.sys -- (PTUMWNET)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWBus.sys -- (PTUMWBus)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)> in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...g}&sourceid=ie7> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope => in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.google.co...1I7ADRA_enUS479> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{898691B5-789A-F88E-D09B-76CD111DD182}: "URL" = http://www.bing.com/...003&form=ZGAIDF> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{B5952A2E-8E58-45DF-A74A-23D5DC073215}: "URL" = http://www.flickr.co...?q={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}> in the current context!
Error: Unable to interpret <FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found> in the current context!
Error: Unable to interpret <[2011/01/02 20:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2013/12/28 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\extensions> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [{45F17D5A-2D09-406B-A811-FFC5354B3695}] rundll32 "C:\Users\kim\AppData\Local\ArcadeParlor\{45F17D5A-2D09-406B-A811-FFC5354B3695}\hnkonp.dll",DllRegisterServer File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not found> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [ZedgeToneSync] C:\Users\kim\AppData\Local\Apps\2.0\Data\6QCZBE65.30G\195P796N.7VP\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: kim
->Java cache emptied: 582320 bytes
 
User: Public
 
Total Java Files Cleaned = 1.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: kim
->Flash cache emptied: 66546 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: kim
->Temp folder emptied: 1255404762 bytes
->Temporary Internet Files folder emptied: 1341503805 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 441250651 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
RecycleBin emptied: 152257614 bytes
 
Total Files Cleaned = 3,043.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01092014_152525

Files\Folders moved on Reboot...
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TYFKHQWD\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAO2PKLV\12[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAO2PKLV\fastbutton[4].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAO2PKLV\postmessageRelay[2].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAO2PKLV\xd_arbiter[2].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\SAO2PKLV\xd_arbiter[3].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXNQUYRY\ai[4].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RXNQUYRY\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NDXP001R\ads[7].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NDXP001R\facebook_com[3].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NDXP001R\page-2[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NDXP001R\zrt_lookup[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRTLR2IO\ads[8].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRTLR2IO\ai[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IV227WN2\adsCAF13R8C.htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ILV6DCYZ\like[7].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Kim P , you didn't copy the :OTL so try this again, open OTL & copy everything i have in black & paste it into the code box:

 

 

:OTL
SRV
- File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT -- (CAATT)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc -- (ATTRcAppSvc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWVsp.sys -- (PTUMWVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWNET.sys -- (PTUMWNET)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWMdm.sys -- (PTUMWMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWFLT.sys -- (PTUMWFLT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWCDF.sys -- (PTUMWCDF)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTUMWBus.sys -- (PTUMWBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PCTINDIS5.SYS -- (PCTINDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}: "URL" = http://search.yahoo....ei=utf-8&fr=ysp
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{131B573A-C00D-82EC-098E-145BB127FA4F}: "URL" = http://www.bing.com/...037&form=ZGAIDF
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{56AF48AF-2F9E-47FD-855C-07B02EEE9281}: "URL" = http://delicious.com...?p={searchTerms}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADRA_enUS479
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{898691B5-789A-F88E-D09B-76CD111DD182}: "URL" = http://www.bing.com/...003&form=ZGAIDF
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{B5952A2E-8E58-45DF-A74A-23D5DC073215}: "URL" = http://www.flickr.co...?q={searchTerms}
IE - HKU\S-1-5-21-3708714885-1391371732-529881198-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
[2011/01/02 20:22:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Extensions
[2013/12/28 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\extensions
O3
- HKLM\..\Toolbar: (Simppull Toolbar) - {627af46b-2076-42ae-a2fd-8428734d3e74} - C:\Program Files\simppulltoolbar\simppulldx.dll File not found
O4
- HKLM..\Run: [lxdcmon.exe] "C:\Program Files\Lexmark 1300 Series\lxdcmon.exe" File not found
O4
- HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [{45F17D5A-2D09-406B-A811-FFC5354B3695}] rundll32 "C:\Users\kim\AppData\Local\ArcadeParlor\{45F17D5A-2D09-406B-A811-FFC5354B3695}\hnkonp.dll",DllRegisterServer File not found
O4
- HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h File not found
O4
- HKU\S-1-5-21-3708714885-1391371732-529881198-1000..\Run: [ZedgeToneSync] C:\Users\kim\AppData\Local\Apps\2.0\Data\6QCZBE65.30G\195P796N.7VP\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O13
- gopher Prefix: missing
 
 
 

:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]

 

 

 

 

 

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file.

 

 

 

If you copy anything other than what is in black the fix will not work !!

 

 

Chuck
 

Link to post
Share on other sites

All processes killed
========== OTL ==========
Error: No service named CAATT was found to stop!
Service\Driver key CAATT not found.
File C:\Program Files\AT&T\Communication Manager\ConAppsSvc.exe /n CAATT not found.
Error: No service named ATTRcAppSvc was found to stop!
Service\Driver key ATTRcAppSvc not found.
File C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe /n ATTRcAppSvc not found.
Error: No service named swmsflt was found to stop!
Service\Driver key swmsflt not found.
File C:\Windows\System32\drivers\swmsflt.sys not found.
Error: No service named PTUMWVsp was found to stop!
Service\Driver key PTUMWVsp not found.
File system32\DRIVERS\PTUMWVsp.sys not found.
Error: No service named PTUMWNET was found to stop!
Service\Driver key PTUMWNET not found.
File system32\DRIVERS\PTUMWNET.sys not found.
Error: No service named PTUMWMdm was found to stop!
Service\Driver key PTUMWMdm not found.
File system32\DRIVERS\PTUMWMdm.sys not found.
Error: No service named PTUMWFLT was found to stop!
Service\Driver key PTUMWFLT not found.
File system32\DRIVERS\PTUMWFLT.sys not found.
Error: No service named PTUMWCDF was found to stop!
Service\Driver key PTUMWCDF not found.
File system32\DRIVERS\PTUMWCDF.sys not found.
Error: No service named PTUMWBus was found to stop!
Service\Driver key PTUMWBus not found.
File system32\DRIVERS\PTUMWBus.sys not found.
Error: No service named PCTINDIS5 was found to stop!
Service\Driver key PCTINDIS5 not found.
File C:\Windows\system32\PCTINDIS5.SYS not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
File system32\DRIVERS\nwlnkfwd.sys not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
File system32\DRIVERS\nwlnkflt.sys not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
File system32\DRIVERS\ipinip.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2381E4B7-5C04-459E-9D46-2F9AC1608B66}\ not found.
HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{131B573A-C00D-82EC-098E-145BB127FA4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{131B573A-C00D-82EC-098E-145BB127FA4F}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{56AF48AF-2F9E-47FD-855C-07B02EEE9281}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56AF48AF-2F9E-47FD-855C-07B02EEE9281}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{898691B5-789A-F88E-D09B-76CD111DD182}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898691B5-789A-F88E-D09B-76CD111DD182}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B5952A2E-8E58-45DF-A74A-23D5DC073215}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5952A2E-8E58-45DF-A74A-23D5DC073215}\ not found.
Registry key HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
C:\Users\kim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\chrome folder moved successfully.
C:\Users\kim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected] folder moved successfully.
C:\Users\kim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully.
C:\Users\kim\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\kim\AppData\Roaming\Mozilla\Firefox\extensions folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{627af46b-2076-42ae-a2fd-8428734d3e74} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{627af46b-2076-42ae-a2fd-8428734d3e74}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lxdcmon.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{45F17D5A-2D09-406B-A811-FFC5354B3695} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{45F17D5A-2D09-406B-A811-FFC5354B3695}\ not found.
Registry value HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Windows\CurrentVersion\Run\\lime pro deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3708714885-1391371732-529881198-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ZedgeToneSync deleted successfully.

========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: kim
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: kim
->Flash cache emptied: 492 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: kim
->Temp folder emptied: 646343 bytes
->Temporary Internet Files folder emptied: 19441269 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 529660 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 20.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 01102014_084836

Files\Folders moved on Reboot...
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ5OCUWQ\fastbutton[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ5OCUWQ\postmessageRelay[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XQ5OCUWQ\zrt_lookup[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G17KNLDY\ads[4].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G17KNLDY\ai[7].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\G17KNLDY\like[2].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQM0H04X\12[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQM0H04X\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQM0H04X\ai[4].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FQM0H04X\xd_arbiter[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\ads[5].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\ads[6].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\facebook_com[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\page-2[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\1JNUP8GP\xd_arbiter[1].htm moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\kim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\TMP000000841101389FD1090896 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Morning Kim, ok lets run some clean up of the programs & files/folders we made during the cleaning !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

Reboot & then let me know if you have any pop-ups and how it's running. I think we have it clean, now is if it will keep running without crashing ???

 

 

We will update the security & give you a free antivirus after you let me know about the above questions !!

 

Chuck

Link to post
Share on other sites

Your welcome Kim P !!

 

Now update you programs that are behind on the new installs: Make sure to visit the Secunia Software Inspector    http://secunia.com/vulnerability_scanning/online/
and update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

 

1.Java version out of Date!

2. Adobe Reader out of Date!

 

 

This is the free Antivirus i wpuld like to see you install it for protection !

 

Instructions for setting up AVAST, make sure you download the free version !!  http://www.besttechie.com/forums/topic/34474-need-help-with-pop-up/page-3#entry152868

 1. Right-click the Avast icon located in the notification area of the Windows task bar. Select "Program Settings" to launch the Avast settings window.
 2. Click "Common" in the left column to view common configuration needs. Place a check mark next to each option you want to enable.
 3. Click "Appearance" in the left column to change how the Avast icon and user interface is displayed on your computer. You can choose to animate the Avast icon and select optional translucent effects for the user interface.
 4. Select "Chest" from the left column. Configure the options for the Chest size. The Chest is where quarantined files are kept. Additionally, you can configure the maximum size of report files to be sent when a virus is found on your computer.
 5. Click "Confirmations" to alter when Avast will question you about what to do with an infected file or before performing certain actions.
 6. Choose the "Language" option located in the left column to install additional languages for Avast. By default, English is the only available language.
 7. Use the "Sounds" selection to change Avast sounds or to disable Avast sounds completely.
 8. Configure the Log file limit and the logging level by selecting "Logging" from the left column. Select "Exclusions" to add files for Avast to ignore when scanning your computer.
 9. Click "Update" to configure update options. You can choose Avast to automatically update, ask when a new update is available, or only allow manual updates.
10.   Select "Troubleshooting" to configure options that help when you are having problems with Avast. You can configure Avast to only display pop-ups if a full screen application is not running or to disable the rootkit scan Avast Antivirus performs as your system boots up.
11. Click "OK" to apply the new configuration and close the configuration options.

 

 

 

=====================================

 

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

If you are behind on some updates, please visit the http://secunia.com/vulnerability_scanning/online/]Secunia Software Inspector   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck

Take a few days then let me know if you want to start another computer cleaning it !! Remember to start a new topic when you are ready !

If you come across one of our/my ads for cleaning please comment !!

 

Been a pleasure !
 

 

I will lock this topic in 5 days !!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.