Solved DCOM/PlugandPlay errors - MBAM blocking svchost.exe

FenBranklin · Jan 28, 2014

Looking good

Here are the MBAR logs.
Mbar-log:
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.01.28.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Portable Poonani :: PORTABLEPOONANI [administrator]

1/28/2014 1:30:09 AM
mbar-log-2014-01-28 (01-30-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 205224
Time elapsed: 7 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

System-log:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7600 Windows 7 x86

Account is Administrative

Internet Explorer version: 8.0.7600.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.828000 GHz
Memory total: 3210784768, free: 1794510848

Downloaded database version: v2014.01.28.03
Downloaded database version: v2013.12.18.01
Initializing...
======================
------------ Kernel report ------------
01/28/2014 01:30:03
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spuo.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\DRIVERS\intelide.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\vmstorfl.sys
\SystemRoot\system32\DRIVERS\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\ssmdrv.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\bcmwl6.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\1394ohci.sys
\SystemRoot\system32\DRIVERS\sdbus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\System32\Drivers\aoe9b49h.SYS
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\IntcHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\HdAudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Users\PORTAB~1\AppData\Local\Temp\catchme.sys
\??\C:\Windows\system32\TrueSight.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Program Files\DAEMON Tools Lite\Engine.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863ff030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\
Lower Device Object: 0xffffffff86284030
Lower Device Driver Name: \Driver\atapi\
IRP handler 0 of \Driver\atapi points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff863ff030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP1T0L0-2\
Lower Device Object: 0xffffffff86284030
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff863ff030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff863ffd18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff863ff030, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86284030, DeviceName: \Device\Ide\IdeDeviceP1T0L0-2\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffb6fa7408, 0xffffffff863ff030, 0xffffffff8711e3d0
Lower DeviceData: 0xffffffffb06cc220, 0xffffffff86284030, 0xffffffff85df4760
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 80

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 156092416

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 80026361856 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-156281488-156301488)...
Done!
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Broni · Jan 28, 2014

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

FenBranklin · Jan 29, 2014

Computer seems to be doing well

No more restarts and the MBAM popups have stopped. Here are the logs.

AdwCleaner:
# AdwCleaner v3.018 - Report created 29/01/2014 at 21:02:48
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Ultimate (32 bits)
# Username : Portable Poonani - PORTABLEPOONANI
# Running from : C:\Users\Portable Poonani\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\Program Files\Vuze
Folder Deleted : C:\Users\Portable Poonani\AppData\Local\Conduit
Folder Deleted : C:\Users\Portable Poonani\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Portable Poonani\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Portable Poonani\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Portable Poonani\AppData\LocalLow\Vuze_Remote
Folder Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\StumbleUpon
Folder Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\CT2504091
Folder Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\Extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
Folder Deleted : C:\Users\Portable Poonani\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\bProtector_extensions.rdf
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\invalidprefs.js
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\searchplugins\mixidj.xml
File Deleted : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\5d538cd0b06ae914
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B93095AA-B785-4F2E-8F73-DF3787D73006}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B93095AA-B785-4F2E-8F73-DF3787D73006}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{38AEE737-9268-44ED-B838-1FCA74A4D5D9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54400106-A54E-41EC-8630-76AA0161288F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3081E2B8-ABD3-4262-A9FD-C2E0C1CED4E2}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Vuze_Remote
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Vuze_Remote
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7600.16385

-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Jun 14 2011 09:59:38 GMT-0700 (US Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 14 2011 09:59:36 GMT-0700 (US Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "0fc1af05-deae-4932-8d6e-ae5a97a6ade3");

*************************

AdwCleaner[R0].txt - [9032 octets] - [29/01/2014 21:00:57]
AdwCleaner[S0].txt - [7418 octets] - [29/01/2014 21:02:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7478 octets] ##########

FenBranklin · Jan 29, 2014

JRT log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Ultimate x86
Ran by Portable Poonani on Wed 01/29/2014 at 21:09:29.20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3332963851-148038160-3845497791-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] C:\Users\Portable Poonani\AppData\Roaming\mozilla\firefox\profiles\mdrrt3qo.default\searchplugins\youtube-video-search.xml
Emptied folder: C:\Users\Portable Poonani\AppData\Roaming\mozilla\firefox\profiles\mdrrt3qo.default\minidumps [201 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 01/29/2014 at 21:13:34.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FenBranklin · Jan 29, 2014

OTL log:
OTL logfile created on: 1/29/2014 9:16:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Portable Poonani\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.77% Memory free
5.98 Gb Paging File | 4.83 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.77 Gb Free Space | 21.19% Space Free | Partition Type: NTFS
Computer Name: PORTABLEPOONANI | User Name: Portable Poonani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/29 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable Poonani\Desktop\OTL.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/18 04:50:27 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013/12/18 04:49:45 | 000,431,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013/12/18 04:49:38 | 000,684,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/11/25 21:20:43 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013/11/15 07:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2013/11/14 17:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/09/02 02:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
PRC - [2009/07/13 18:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ==========
SRV - [2014/01/16 16:02:33 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/24 01:31:45 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/18 04:50:27 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/11/25 21:20:43 | 000,440,376 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/11/15 07:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2013/09/04 20:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/09/02 02:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PORTAB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajcm0d4u)
DRV - [2013/12/18 04:50:34 | 000,135,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/12/18 04:50:34 | 000,090,400 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/11/25 21:21:49 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/03/19 19:51:12 | 000,006,272 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2013/03/19 19:49:32 | 000,011,264 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2013/03/19 03:25:44 | 000,023,936 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2013/03/19 03:25:28 | 000,021,376 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/08/27 14:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/06/08 02:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2010/04/10 23:11:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/07/13 18:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/13 18:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 18:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 16:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 16:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 16:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 06:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BD 7B DB 82 29 D9 CA 01 [binary data]
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\..\SearchScopes\{AC4ACF5A-7255-4507-A331-EA5C92CF05C3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "YouTube Video Search"
FF - prefs.js..browser.search.selectedEngine: "YouTube Video Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BAE93811A-5C9A-4d34-8462-F7B864FC4696%7D:4.16
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.13
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/24 01:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/24 11:36:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/24 01:31:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/01/24 11:36:58 | 000,000,000 | ---D | M]
[2010/04/10 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Extensions
[2014/01/26 14:48:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\extensions
[2014/01/26 14:48:06 | 000,536,213 | ---- | M] () (No name found) -- C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/12/31 14:32:49 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2013/05/07 15:11:48 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\Portable Poonani\AppData\Roaming\Mozilla\Firefox\Profiles\mdrrt3qo.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013/12/24 01:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/24 01:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/12/24 01:31:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/12/24 01:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/24 01:31:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2014/01/26 23:32:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{623CFF4B-1672-4CD5-8521-B9E783DE9D00}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDD7F3E6-5C44-416A-860B-D604A7504DA3}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/29 21:15:09 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Portable Poonani\Desktop\OTL.exe
[2014/01/29 21:09:26 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/29 21:07:39 | 001,037,068 | ---- | C] (Thisisu) -- C:\Users\Portable Poonani\Desktop\JRT.exe
[2014/01/29 21:00:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/28 01:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/01/28 01:30:02 | 000,107,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 01:29:20 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/28 01:29:15 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\Desktop\mbar
[2014/01/28 01:28:24 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Portable Poonani\Desktop\mbar-1.07.0.1009.exe
[2014/01/28 01:18:23 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\Desktop\RK_Quarantine
[2014/01/26 23:34:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/26 23:33:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/01/26 23:33:58 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\AppData\Local\temp
[2014/01/26 23:24:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/26 23:24:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/26 23:24:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/26 23:24:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/26 23:24:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/26 15:26:17 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\Documents\Repairs
[2014/01/26 15:04:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/26 15:04:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/01/26 15:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/18 23:52:53 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
[2014/01/18 23:52:44 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\jagexcache
[2014/01/18 22:43:16 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\AppData\Roaming\Malwarebytes
[2014/01/18 22:43:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/01/18 22:40:49 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\AppData\Local\Programs
[2014/01/17 01:18:48 | 000,000,000 | ---D | C] -- C:\Users\Portable Poonani\Documents\2003 - Harry Potter and the Order of the Phoenix
[2014/01/16 16:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
========== Files - Modified Within 30 Days ==========
[2014/01/29 21:15:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Portable Poonani\Desktop\OTL.exe
[2014/01/29 21:09:27 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/29 21:09:27 | 000,010,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/29 21:09:05 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/01/29 21:09:05 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/01/29 21:07:41 | 001,037,068 | ---- | M] (Thisisu) -- C:\Users\Portable Poonani\Desktop\JRT.exe
[2014/01/29 21:04:45 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/29 21:04:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/29 21:04:13 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/29 21:00:06 | 001,166,132 | ---- | M] () -- C:\Users\Portable Poonani\Desktop\adwcleaner.exe
[2014/01/29 20:59:47 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/29 20:58:43 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/28 01:30:02 | 000,107,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/01/28 01:29:20 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/01/28 01:28:42 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Portable Poonani\Desktop\mbar-1.07.0.1009.exe
[2014/01/28 01:17:12 | 003,792,384 | ---- | M] () -- C:\Users\Portable Poonani\Desktop\RogueKiller.exe
[2014/01/26 23:32:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/01/26 22:59:14 | 000,376,832 | ---- | M] () -- C:\Windows\System32\lpcdgwg.qol
[2014/01/26 22:57:43 | 000,000,083 | ---- | M] () -- C:\Windows\System32\tqwbmgp.jpo
[2014/01/24 17:59:26 | 000,000,000 | --S- | M] () -- C:\Windows\System32\cxqce.qks
[2014/01/21 03:59:09 | 000,000,023 | ---- | M] () -- C:\Users\Portable Poonani\jagexappletviewer.preferences
[2014/01/21 01:25:49 | 000,000,032 | ---- | M] () -- C:\Users\Portable Poonani\jagex_cl_runescape_LIVE.dat
[2014/01/18 23:26:00 | 000,000,054 | ---- | M] () -- C:\Users\Portable Poonani\AppData\Roaming\mbam.context.scan
[2014/01/18 22:10:11 | 000,000,000 | --S- | M] () -- C:\Windows\System32\kdsbqke.oau
[2014/01/18 20:59:36 | 000,012,928 | ---- | M] () -- C:\Users\Portable Poonani\AppData\Roaming\UserTile.png
[2014/01/16 15:25:31 | 000,000,000 | --S- | M] () -- C:\Windows\System32\ijqtn.iwz
[2014/01/15 07:38:26 | 000,000,000 | --S- | M] () -- C:\Windows\System32\rhrlzjj.owd
[2014/01/14 12:51:08 | 000,028,672 | ---- | M] () -- C:\Windows\System32\rccgee.znf
[2014/01/14 12:51:08 | 000,000,100 | ---- | M] () -- C:\Windows\System32\uoeyqng.diu
[2014/01/14 12:39:10 | 000,000,064 | ---- | M] () -- C:\Windows\System32\rpub.htt
[2014/01/14 12:23:24 | 000,101,213 | --S- | M] () -- C:\Windows\System32\mesq.cjw
[2014/01/11 00:45:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2014/01/11 00:45:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2014/01/05 14:14:45 | 002,584,044 | ---- | M] () -- C:\Users\Portable Poonani\Documents\happy_birthday.pdf
========== Files Created - No Company Name ==========
[2014/01/29 21:00:03 | 001,166,132 | ---- | C] () -- C:\Users\Portable Poonani\Desktop\adwcleaner.exe
[2014/01/28 01:17:01 | 003,792,384 | ---- | C] () -- C:\Users\Portable Poonani\Desktop\RogueKiller.exe
[2014/01/26 23:24:28 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/26 23:24:28 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/26 23:24:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/26 23:24:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/26 23:24:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/24 17:59:26 | 000,000,000 | --S- | C] () -- C:\Windows\System32\cxqce.qks
[2014/01/19 00:47:30 | 000,000,023 | ---- | C] () -- C:\Users\Portable Poonani\jagexappletviewer.preferences
[2014/01/18 23:52:53 | 000,002,160 | ---- | C] () -- C:\Users\Portable Poonani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
[2014/01/18 23:26:00 | 000,000,054 | ---- | C] () -- C:\Users\Portable Poonani\AppData\Roaming\mbam.context.scan
[2014/01/18 22:10:11 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kdsbqke.oau
[2014/01/18 21:43:45 | 000,000,032 | ---- | C] () -- C:\Users\Portable Poonani\jagex_cl_runescape_LIVE.dat
[2014/01/18 20:59:36 | 000,012,928 | ---- | C] () -- C:\Users\Portable Poonani\AppData\Roaming\UserTile.png
[2014/01/16 15:25:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ijqtn.iwz
[2014/01/15 07:38:26 | 000,000,000 | --S- | C] () -- C:\Windows\System32\rhrlzjj.owd
[2014/01/14 12:51:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\rccgee.znf
[2014/01/14 12:40:46 | 000,000,083 | ---- | C] () -- C:\Windows\System32\tqwbmgp.jpo
[2014/01/14 12:39:10 | 000,000,100 | ---- | C] () -- C:\Windows\System32\uoeyqng.diu
[2014/01/14 12:39:10 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rpub.htt
[2014/01/14 12:23:24 | 000,101,213 | --S- | C] () -- C:\Windows\System32\mesq.cjw
[2014/01/11 00:45:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2014/01/11 00:45:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2014/01/05 14:14:45 | 002,584,044 | ---- | C] () -- C:\Users\Portable Poonani\Documents\happy_birthday.pdf
[2013/06/17 01:03:57 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013/05/12 13:16:28 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013/05/12 13:16:28 | 000,078,192 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/01 21:22:58 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/10/05 14:41:09 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/14 23:18:36 | 000,000,398 | ---- | C] () -- C:\Windows\System32\CNCMP60.INI
[2012/02/19 11:07:55 | 000,002,427 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
========== ZeroAccess Check ==========
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009/07/13 18:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2014/01/18 21:00:52 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\Azureus
[2012/08/14 23:27:30 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\Canon
[2010/04/10 23:21:28 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\DAEMON Tools Lite
[2010/04/10 22:53:49 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\ImgBurn
[2010/09/06 18:26:40 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\LolClient
[2012/05/31 08:28:00 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\LolClient2
[2013/12/07 10:55:40 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\Motorola
[2013/12/07 10:59:09 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\Motorola Mobility
[2012/09/19 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\Portable Poonani\AppData\Roaming\Mumble
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/10/31 15:17:17 | 104,433,978 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\∎譛᭄a
[2013/10/27 02:49:56 | 104,433,978 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\∎譛᭄a
[2013/10/10 13:22:44 | 100,332,977 | ---- | M] ()(C:\Windows\System32\???[) -- C:\Windows\System32\ㄺ䀨᭄[
[2013/10/10 13:22:44 | 100,332,977 | ---- | C] ()(C:\Windows\System32\???[) -- C:\Windows\System32\ㄺ䀨᭄[
[2013/10/07 13:28:33 | 099,820,400 | ---- | M] ()(C:\Windows\System32\???I) -- C:\Windows\System32\髤靅᭄I
[2013/10/07 13:28:33 | 099,820,400 | ---- | C] ()(C:\Windows\System32\???I) -- C:\Windows\System32\髤靅᭄I
[2013/09/30 17:12:44 | 098,602,865 | ---- | M] ()(C:\Windows\System32\???I) -- C:\Windows\System32\녅쨇᭄I
[2013/09/30 17:12:44 | 098,602,865 | ---- | C] ()(C:\Windows\System32\???I) -- C:\Windows\System32\녅쨇᭄I
[2013/09/30 04:41:10 | 098,499,637 | ---- | M] ()(C:\Windows\System32\???`) -- C:\Windows\System32\忖톨᭄`
[2013/09/30 04:41:10 | 098,499,637 | ---- | C] ()(C:\Windows\System32\???`) -- C:\Windows\System32\忖톨᭄`
[2013/09/29 11:55:11 | 098,466,785 | ---- | M] ()(C:\Windows\System32\???_) -- C:\Windows\System32\嗱欽᭄_
[2013/09/27 13:31:48 | 098,466,785 | ---- | C] ()(C:\Windows\System32\???_) -- C:\Windows\System32\嗱欽᭄_
[2013/09/25 21:41:28 | 097,892,804 | ---- | M] ()(C:\Windows\System32\???]) -- C:\Windows\System32\៭茪᭄]
[2013/09/25 21:41:28 | 097,892,804 | ---- | C] ()(C:\Windows\System32\???]) -- C:\Windows\System32\៭茪᭄]
[2013/09/24 22:05:59 | 097,673,008 | ---- | M] ()(C:\Windows\System32\???d) -- C:\Windows\System32\耖쑦᭄d
[2013/09/24 22:05:59 | 097,673,008 | ---- | C] ()(C:\Windows\System32\???d) -- C:\Windows\System32\耖쑦᭄d
[2013/09/23 13:18:19 | 098,685,961 | ---- | M] ()(C:\Windows\System32\???k) -- C:\Windows\System32\Ф찘᭄k
[2013/09/23 13:18:19 | 098,685,961 | ---- | C] ()(C:\Windows\System32\???k) -- C:\Windows\System32\Ф찘᭄k
[2013/09/21 07:31:27 | 098,547,399 | ---- | M] ()(C:\Windows\System32\???g) -- C:\Windows\System32\㦫ⱕ᭄g
[2013/09/20 13:31:13 | 098,547,399 | ---- | C] ()(C:\Windows\System32\???g) -- C:\Windows\System32\㦫ⱕ᭄g
[2013/09/18 15:25:32 | 098,201,083 | ---- | M] ()(C:\Windows\System32\???W) -- C:\Windows\System32\뱽쵎᭄W
[2013/09/18 15:25:32 | 098,201,083 | ---- | C] ()(C:\Windows\System32\???W) -- C:\Windows\System32\뱽쵎᭄W
[2013/09/17 19:12:34 | 098,071,447 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\ퟅᕳ᭄a
[2013/09/17 13:12:38 | 098,071,447 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\ퟅᕳ᭄a
[2013/09/16 19:26:03 | 097,887,760 | ---- | M] ()(C:\Windows\System32\???e) -- C:\Windows\System32\緢켌᭄e
[2013/09/16 19:26:03 | 097,887,760 | ---- | C] ()(C:\Windows\System32\???e) -- C:\Windows\System32\緢켌᭄e
[2013/09/15 13:50:06 | 097,671,483 | ---- | M] ()(C:\Windows\System32\???p) -- C:\Windows\System32\욱츒᭄p
[2013/09/14 12:59:57 | 097,671,483 | ---- | C] ()(C:\Windows\System32\???p) -- C:\Windows\System32\욱츒᭄p
[2013/09/13 20:35:23 | 097,519,942 | ---- | M] ()(C:\Windows\System32\???m) -- C:\Windows\System32\㸹딐᭄m
[2013/09/13 02:19:07 | 097,519,942 | ---- | C] ()(C:\Windows\System32\???m) -- C:\Windows\System32\㸹딐᭄m
[2013/09/12 20:18:53 | 097,412,816 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\蠎葈᭄a
[2013/09/12 12:49:12 | 097,412,816 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\蠎葈᭄a
[2013/09/10 04:03:12 | 096,922,344 | ---- | M] ()(C:\Windows\System32\?Ÿ?e) -- C:\Windows\System32\훱Ÿ᭄e
[2013/09/09 22:02:51 | 096,922,344 | ---- | C] ()(C:\Windows\System32\?Ÿ?e) -- C:\Windows\System32\훱Ÿ᭄e
[2013/09/09 12:42:12 | 096,772,628 | ---- | M] ()(C:\Windows\System32\???g) -- C:\Windows\System32\蹲䢺᭄g
[2013/09/08 23:59:12 | 096,772,628 | ---- | C] ()(C:\Windows\System32\???g) -- C:\Windows\System32\蹲䢺᭄g
[2013/09/07 11:39:37 | 096,533,415 | ---- | M] ()(C:\Windows\System32\???l) -- C:\Windows\System32\覼橱᭄l
[2013/09/07 11:39:37 | 096,533,415 | ---- | C] ()(C:\Windows\System32\???l) -- C:\Windows\System32\覼橱᭄l

< End of report >

FenBranklin · Jan 29, 2014

Extras:
OTL Extras logfile created on: 1/29/2014 9:16:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Portable Poonani\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.99 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 72.77% Memory free
5.98 Gb Paging File | 4.83 Gb Available in Paging File | 80.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.43 Gb Total Space | 15.77 Gb Free Space | 21.19% Space Free | Partition Type: NTFS
Computer Name: PORTABLEPOONANI | User Name: Portable Poonani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3332963851-148038160-3845497791-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{000765BD-0133-465C-BCB0-75B565147FD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{16987447-3313-41B7-8550-AED1F34870AD}" = lport=445 | protocol=6 | dir=in | app=system |
"{19AFE8B4-15FA-43BE-AB3A-9F9F3A5A2210}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A47F1AF-3E3B-44D9-A138-49E699FFB17B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1FEDEDF6-9E60-401B-93DF-7F6CFB61C146}" = rport=137 | protocol=17 | dir=out | app=system |
"{2337F851-6170-4A55-A308-25EB465C0DB3}" = lport=139 | protocol=6 | dir=in | app=system |
"{262166ED-FA1F-4F11-9529-F3CC8B79D177}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{41CBAA2A-E36C-46B0-8E1A-B7F1BBDCE01E}" = lport=57346 | protocol=17 | dir=in | name=pando media booster |
"{5033F2D8-5E29-4956-B743-7733F19A45F9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C0AB719-0567-4915-A047-44E94463D37D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5CF45AF6-6D29-46C7-826B-4B638DDF0E46}" = lport=57402 | protocol=6 | dir=in | name=pando media booster |
"{5E673338-CEA9-4FF7-8B8A-08016D0D81F1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5ED00291-F680-4DB0-BF8B-F831CC003147}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{61A8AF4A-E77A-45C3-A4EA-526A95F621BE}" = lport=57402 | protocol=17 | dir=in | name=pando media booster |
"{6B42F32D-086C-4819-A84F-809E64326D6C}" = lport=57402 | protocol=17 | dir=in | name=pando media booster |
"{6B5FFE72-D634-489F-9A7B-C2888F15869A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{80FE34FF-4A9B-4262-9875-4E30DDA1E4A9}" = lport=57402 | protocol=6 | dir=in | name=pando media booster |
"{87A1B2BF-E4D2-41A4-B2AE-C28AF8C6276C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8A7CAB35-2AB3-4244-83F4-5226D541229B}" = lport=57346 | protocol=6 | dir=in | name=pando media booster |
"{9491973F-786F-42E3-B288-B10A8A481755}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA6AFE67-2B3A-4A91-8F58-E23124EDE8CF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B5423BDA-1A57-4983-ACE3-4B5B3CCBDB1C}" = lport=138 | protocol=17 | dir=in | app=system |
"{B54BA1FD-A59E-4238-8207-14EC505B9426}" = lport=137 | protocol=17 | dir=in | app=system |
"{BDBDFDCF-DE02-40A9-B060-4F12BC004BE2}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{BEDC225D-6E06-44BA-926B-9C21DA19DEB8}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{C20FBBAB-2AE5-484E-A445-6E5A4FA7AC66}" = lport=57346 | protocol=6 | dir=in | name=pando media booster |
"{C44AC473-01D9-4F98-A266-8D9EEA22C89B}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{CAD5F834-A7B5-4D95-9337-FFEE8DC39AB2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D265B2EE-C642-4864-A6EE-94A936098F9B}" = lport=57346 | protocol=17 | dir=in | name=pando media booster |
"{D3CE5F8C-B4AE-49C0-ABA4-699C6DE37C1A}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{D6DF2ECA-BC16-4705-B27C-065AF2A08F59}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D9291A0F-6DB0-4706-9974-8F9F964D14A3}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD2D08A1-89B7-4DE9-A3FF-003BA91EA738}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{E21DADA8-91E1-4E7D-A45A-566E89ABA7B8}" = rport=445 | protocol=6 | dir=out | app=system |
"{E7DA8951-A67F-4B77-885C-808E0448B6B0}" = rport=138 | protocol=17 | dir=out | app=system |
"{E81C8DAF-6508-48DB-871D-A5E7B31F6864}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FB9BF2B8-9B45-4E3D-B09E-D37DB481B5DD}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05186D7A-2210-4293-BB26-1F006C2A8179}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{0BF9BACB-9626-4D77-ABAC-88414791EE48}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{10AFC8D9-7909-4F20-8885-2CE13F1FDFC3}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{11E03984-C505-47DF-BA0C-BADF9E759264}" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{16AF378C-36F5-4C1D-A3BF-6C575FE8E894}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{17EC6064-16F7-417E-918F-1E82696C25E2}" = protocol=6 | dir=out | app=system |
"{20567D52-B6B9-4C78-AB83-B0494E074C90}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{2156AA86-E206-4670-81BF-8FAD76249917}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{241F043A-25E6-4213-B8EE-647EB28297EE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{279B70C9-3D37-48F0-9F8A-C94129D57BE4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E852A14-A872-41FB-960A-2E73C8423D8E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{334E5571-E921-4A51-8C40-CE641B3A4698}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicatorcom.exe |
"{41FC6B1C-C7A3-43B8-9B92-B6547DD1A72C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{44A695DC-A0BB-41F0-81F0-CED6269671C0}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{47692D0C-1948-4E46-858D-B38178EA6306}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{4D4E9939-8EED-4FA1-8CA0-20A1D7E14148}" = protocol=6 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{5196F933-89AA-487A-A95D-1FC70EB4CB64}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{59627160-B3B4-44FE-9E19-A76140A55EC0}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{5A234AF3-9C52-4E70-BD6E-ED85889A8D9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E792601-DB3A-408E-AE82-B76A3C666AC4}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{7034410C-A95B-4255-9234-7A76B3D11D26}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{74AF57A5-7B6E-4821-B3C7-008C3F372F59}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{775E5CD0-0610-4240-8133-F10C6A8474E5}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{861BF65F-5E65-47B8-AB47-FF8B78DDB08A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{89E9CE4D-CF67-4B6E-AFA1-600C55540CBB}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-enus-downloader.exe |
"{8AC7B9D6-262F-43C7-A13D-54112AFEEC5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8BC05E58-4D51-4055-8747-B3F8D9642CCE}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe |
"{90F53B87-F5C4-49FA-9E71-AC5B08E8F984}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{932914F5-4446-4C82-8ED0-870302AE489D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{94EB3FB9-9749-4556-9A28-9E555CB01D10}" = protocol=17 | dir=in | app=c:\program files\bradford networks\persistent agent\bndaemon.exe |
"{98C36887-3AE2-4123-A12F-CA007FC2EB27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A33D368E-E20B-4B94-8E9B-F20754310D55}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A4655E4D-8CD5-4476-A48B-1B497798A19E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A4B7A1B9-7ACA-484D-9BB1-B293193C1EE7}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.patch.exe |
"{A763F639-14F6-4DC8-9DFB-20C6E3B35B65}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B81C42D0-4048-49F3-AD0B-EB89D9825F27}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe |
"{B8EE74D1-2777-45F8-8A4F-2607A0F572C5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{B973CEF7-B1DE-4135-B227-616E225EAA49}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe |
"{BD74B13F-4094-4EC6-93AC-54E10536AC34}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe |
"{BF3DC5D3-EFD6-4606-A167-CF03947188C8}" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"{C2D1088B-DF9D-449B-B6BB-7B2B82662D20}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{C708811E-4367-4EF4-892A-2956A5C83A2F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{CA3F0BC8-A7EA-44FE-9490-B6A0B7010E96}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{CD35B121-7669-4741-AA19-B38BE3877882}" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"{CFF9A858-A324-4EE9-9C0E-43526504C6A3}" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"{D790D21A-AA12-42BB-8331-EE74D4C42264}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\hpnetworkcommunicator.exe |
"{DD4F0D95-D321-448C-B34C-FCA3C162CE83}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{EDD6CC15-6AE9-4FB8-BF2B-0CA48ABAD1FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F0BAC7FB-6336-4019-8A40-6B20634C4B89}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1F52D38-4A9C-4CE3-BE37-494103A25324}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe |
"{F6016EB6-DAFE-4853-942A-54644AC740E4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F98DC3CB-8C54-4766-9BCB-80DCE1A1E84C}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe |
"{FD6B9978-9DB7-445D-AAD3-776DDFAFB0DF}" = dir=in | app=c:\program files\hp\hp deskjet 3520 series\bin\devicesetup.exe |
"TCP Query User{0DFFC2B8-C105-4747-B483-178D509F1930}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"TCP Query User{12441205-C529-42CE-9AC8-AC86FA965DAF}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{18FAEC8C-B65F-40DE-9E84-FD0A6521A6A5}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{225B8ADC-5022-432B-9BB3-8B87820DEEA9}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{2C7F62A9-D2B4-419F-B725-B5B9370340C7}C:\program files\starcraft\starcraft.exe" = protocol=6 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"TCP Query User{3D287B51-B6F6-4E9C-90A5-A3935CDEF41A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{426B5155-B307-46B6-8867-8E87109A1065}C:\program files\thq\dawn of war\w40k.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"TCP Query User{55126F4E-D209-4E03-B121-88445819E724}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"TCP Query User{602959FC-63EE-4F03-AB28-1CDA6E0D5F54}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{60CFFD40-5291-4094-BF11-2FA5F10F9402}C:\users\public\games\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"TCP Query User{A32C1D48-B0A9-419D-BA3B-C83DD9E1671D}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{A56420BA-39A9-497E-A97A-6B5CF787EFC1}C:\program files\strategy first\disciples 2 gold gallean\discipl2.exe" = protocol=6 | dir=in | app=c:\program files\strategy first\disciples 2 gold gallean\discipl2.exe |
"TCP Query User{A762D1A2-7CA3-473D-BB1A-F5FCA1577EC1}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=6 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"TCP Query User{E4AE297D-7C68-4AD0-975E-098074E06622}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{E91B8C24-7B6D-4432-8E3B-B0B818D7DAC8}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{12CE2A9A-0196-44D1-B90D-C47C24AC0A76}C:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{1C2393DF-395E-4195-95A6-CC68AAD5085E}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{3431CF08-A8F1-48DE-9C08-B08530063681}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
"UDP Query User{34D4D3B3-C2C9-49E0-B3A3-0D6B99180551}C:\program files\starcraft\starcraft.exe" = protocol=17 | dir=in | app=c:\program files\starcraft\starcraft.exe |
"UDP Query User{366C34EA-650A-46D3-B424-DCD8CD793B79}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{5434B43A-06DD-4B1B-9A94-9B5DA98F3663}C:\program files\strategy first\disciples 2 gold gallean\discipl2.exe" = protocol=17 | dir=in | app=c:\program files\strategy first\disciples 2 gold gallean\discipl2.exe |
"UDP Query User{AA8949E4-1C6B-4051-9351-DBD9D3DBBD74}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{B1744FB9-D658-4147-8988-C020A4C9711C}C:\users\public\games\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\blizzard downloader.exe |
"UDP Query User{BBB15C10-766A-4D58-B71B-405FA31A1858}C:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{C947EDB0-098B-4F14-8989-BF69127FDABA}C:\program files\thq\dawn of war\w40kwa.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40kwa.exe |
"UDP Query User{CBC5DF77-99F1-4E13-9742-A4776D42D097}C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{D0E3C6E3-E57D-471F-B824-4066A88D8E71}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{E2EEB3CB-F8C0-494C-9B34-7CE39D90FA39}C:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe |
"UDP Query User{EC1FA1CF-D72E-41F2-B879-82000D5601D4}C:\users\public\games\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\launcher.exe |
"UDP Query User{FCBA63B1-E416-4246-B991-A781CD7042B9}C:\program files\thq\dawn of war\w40k.exe" = protocol=17 | dir=in | app=c:\program files\thq\dawn of war\w40k.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{16F0EE77-B2B1-4417-A8CC-07E06C78CCC4}" = Matrix-ks
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{262a4a2c-473e-474b-89bd-87db6edffd65}_is1" = Media converter
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{5C2ECF15-B7FF-4E0E-9D00-2000354BD9C2}" = HP Deskjet 3520 series Basic Device Software
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729E16B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Media converter
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{87AEED05-C717-47bc-93BB-F8E527D2690F}" = Canon D400-450
"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAB4100-B343-41AE-A880-418746998209}" = HP Officejet Pro 8600 Basic Device Software
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{A55747C1-4651-433D-B082-478874FF7516}" = Motorola Mobile Drivers Installation 6.3.0
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA18EE51-24A5-4748-A5E2-4B035C9A4AB2}" = Canon MP780
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}" = HP Deskjet 3520 series Setup Guide
"{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C799B20D-1EDC-4602-85E5-4539E2306732}_is1" = Dawn of War Platinum Edition
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FAE99C85-0732-4C58-9C6B-10B5B12FA2E9}" = RuneScape Launcher 1.2.3
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BloodRayne" = BloodRayne
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Disciples 2 Gold Gallean" = Disciples 2 Gold Gallean
"Disciples II Rise of the Elves" = Disciples II Rise of the Elves
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PROPLUS" = Microsoft Office Professional Plus 2007
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR archiver
< End of report >

Broni · Jan 29, 2014

Good news

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PORTAB~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ajcm0d4u)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2014/01/24 17:59:26 | 000,000,000 | --S- | C] () -- C:\Windows\System32\cxqce.qks
[2014/01/18 22:10:11 | 000,000,000 | --S- | C] () -- C:\Windows\System32\kdsbqke.oau
[2014/01/16 15:25:31 | 000,000,000 | --S- | C] () -- C:\Windows\System32\ijqtn.iwz
[2014/01/15 07:38:26 | 000,000,000 | --S- | C] () -- C:\Windows\System32\rhrlzjj.owd
[2014/01/14 12:51:08 | 000,028,672 | ---- | C] () -- C:\Windows\System32\rccgee.znf
[2014/01/14 12:40:46 | 000,000,083 | ---- | C] () -- C:\Windows\System32\tqwbmgp.jpo
[2014/01/14 12:39:10 | 000,000,100 | ---- | C] () -- C:\Windows\System32\uoeyqng.diu
[2014/01/14 12:39:10 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rpub.htt
[2014/01/14 12:23:24 | 000,101,213 | --S- | C] () -- C:\Windows\System32\mesq.cjw


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

Last scans...

Download Security Check from here or here and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Other Services
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Click on "Run ESET Online Scanner" button.
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click on List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

FenBranklin · Jan 30, 2014

OTL:
All processes killed
========== OTL ==========
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\Users\PORTAB~1\AppData\Local\Temp\catchme.sys not found.
Error: No service named ajcm0d4u was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ajcm0d4u deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
File move failed. C:\Windows\System32\cxqce.qks scheduled to be moved on reboot.
File move failed. C:\Windows\System32\kdsbqke.oau scheduled to be moved on reboot.
C:\Windows\System32\ijqtn.iwz moved successfully.
C:\Windows\System32\rhrlzjj.owd moved successfully.
C:\Windows\System32\rccgee.znf moved successfully.
C:\Windows\System32\tqwbmgp.jpo moved successfully.
C:\Windows\System32\uoeyqng.diu moved successfully.
C:\Windows\System32\rpub.htt moved successfully.
C:\Windows\System32\mesq.cjw moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\FRST not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Portable Poonani
->Temp folder emptied: 3497300 bytes
->Temporary Internet Files folder emptied: 16226835 bytes
->Java cache emptied: 637679 bytes
->FireFox cache emptied: 87680131 bytes
->Flash cache emptied: 2085 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12354 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 103.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Portable Poonani
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Portable Poonani
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01292014_213910

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\cxqce.qks scheduled to be moved on reboot.
File move failed. C:\Windows\System32\kdsbqke.oau scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Securit Checkup:
Results of screen317's Security Check version 0.99.79
Windows 7 x86 (UAC is enabled)
Out of date service pack!!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Avira Desktop
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.43
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

FSS:
Farbar Service Scanner Version: 08-01-2014
Ran by Portable Poonani (administrator) on 29-01-2014 at 21:51:19
Running from "C:\Users\Portable Poonani\Desktop"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****
ESET had nothing.

Broni · Jan 30, 2014

Any reason why Avira is listed as outdated?

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

========================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current (Service Pack 1!!!)

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

FenBranklin · Jan 31, 2014

Avira is probably out of dated because I've been disabling it on start up so it doesnt interfere with any of the porgrams we've been using

OTL post system restore point:
All processes killed
========== OTL ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Portable Poonani
->Temp folder emptied: 2286 bytes
->Temporary Internet Files folder emptied: 994614 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16227802 bytes
->Flash cache emptied: 592 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1490 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 16.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Portable Poonani
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Portable Poonani
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 01312014_004258

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

FenBranklin · Jan 31, 2014

Thanks very much for all your help. I really appreciate. Computer seems to be doing well. I definitely plan to recommend the website to friends.

Broni · Jan 31, 2014

Way to go!!
Good luck and stay safe

Solved DCOM/PlugandPlay errors - MBAM blocking svchost.exe

FenBranklin

Posts: 23 +0

Broni

Posts: 56,041 +516

FenBranklin

Posts: 23 +0

FenBranklin

Posts: 23 +0

FenBranklin

Posts: 23 +0

FenBranklin

Posts: 23 +0

Broni

Posts: 56,041 +516

FenBranklin

Posts: 23 +0

Broni

Posts: 56,041 +516

FenBranklin

Posts: 23 +0

FenBranklin

Posts: 23 +0

Broni

Posts: 56,041 +516

Similar threads

Latest posts