Jump to content

Cazoob

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by Cazoob

    What happened here?

    in Resolved Malware Removal Logs

    Posted

    Could you let me know what your impression was of what I have already pasted in?

    I read that combofix scans for malware.... I've already scanned with MalwareBytes, as well as AdAware and SpyBot. Is there a reason this fourth scanner is going to be better/more useful?

    What happened here?

    in Resolved Malware Removal Logs

    Posted

    We need these tools to help you. If you think we will let you download any kind of Malwarefiles, than the only solution for your problems is reformating and reinstalling.

    You only posted the Extras.txt but I also need the OTL.txt which is saved on your desktop.

    OTL logfile created on: 7/3/2012 2:07:23 AM - Run 1

    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\parrotperson\Desktop

    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 36.82% Memory free

    5.86 Gb Paging File | 1.47 Gb Available in Paging File | 25.18% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 288.75 Gb Total Space | 219.48 Gb Free Space | 76.01% Space Free | Partition Type: NTFS

    Computer Name: NESTFEATHER | User Name: parrotperson | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/03 02:06:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\parrotperson\Desktop\OTL.exe

    PRC - [2012/05/10 22:16:48 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

    PRC - [2012/01/03 06:10:44 | 001,494,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe

    PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    PRC - [2011/08/22 02:18:08 | 006,276,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

    PRC - [2011/06/23 21:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

    PRC - [2011/03/16 08:18:28 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe

    PRC - [2011/03/16 08:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe

    PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

    PRC - [2011/01/21 23:20:55 | 005,249,024 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

    PRC - [2011/01/21 23:20:55 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

    PRC - [2011/01/21 23:20:53 | 004,539,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE

    PRC - [2010/11/20 05:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

    PRC - [2010/10/01 08:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    PRC - [2010/08/19 17:06:56 | 000,487,562 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

    PRC - [2010/04/07 05:35:04 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

    PRC - [2010/04/07 05:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe

    PRC - [2010/01/15 09:26:52 | 003,873,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

    PRC - [2010/01/15 05:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

    PRC - [2009/11/04 14:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

    PRC - [2009/11/04 14:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    PRC - [2009/10/20 08:11:58 | 002,364,704 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

    PRC - [2009/10/20 08:11:58 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

    PRC - [2009/10/20 08:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

    PRC - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe

    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    PRC - [2008/03/17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

    PRC - [2007/12/27 16:17:44 | 000,466,944 | ---- | M] (MS) -- C:\Users\Public\common\dll\netdr\msdtc.exe

    ========== Modules (No Company Name) ==========

    MOD - [2012/06/16 14:25:36 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll

    MOD - [2012/05/15 21:45:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll

    MOD - [2012/05/15 21:44:58 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

    MOD - [2012/05/15 21:44:52 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

    MOD - [2012/05/11 09:16:06 | 002,967,888 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-4078031874-676444689-3610010297-1001\MSPRindiv02.key

    MOD - [2012/05/10 22:16:48 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll

    MOD - [2012/05/04 19:29:38 | 000,015,760 | ---- | M] () -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2native.dll

    MOD - [2012/01/08 08:02:11 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll

    MOD - [2012/01/08 06:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

    MOD - [2012/01/03 06:10:44 | 000,249,232 | ---- | M] () -- C:\Program Files\Adobe\Reader 10.0\Reader\sqlite.dll

    MOD - [2011/08/22 02:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

    MOD - [2011/08/22 02:18:06 | 000,078,336 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\pcre.dll

    MOD - [2011/05/28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

    MOD - [2010/10/01 08:48:18 | 000,727,664 | ---- | M] () -- C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    MOD - [2009/10/20 08:12:10 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/10 22:16:48 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

    SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

    SRV - [2011/03/16 08:18:28 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)

    SRV - [2011/01/31 15:13:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

    SRV - [2011/01/21 23:20:55 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

    SRV - [2010/04/07 05:35:04 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\stacsv.exe -- (STacSV)

    SRV - [2010/01/15 05:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

    SRV - [2009/11/04 14:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®

    SRV - [2009/11/04 14:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®

    SRV - [2009/10/20 08:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

    SRV - [2009/07/13 18:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)

    SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

    SRV - [2009/07/13 18:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

    SRV - [2009/07/13 18:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

    SRV - [2009/03/03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\AEstSrv.exe -- (AESTFilters)

    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

    ========== Driver Services (SafeList) ==========

    DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

    DRV - [2011/01/21 23:20:53 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

    DRV - [2010/11/20 05:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)

    DRV - [2010/11/20 05:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

    DRV - [2010/11/20 05:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)

    DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

    DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

    DRV - [2010/11/20 02:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)

    DRV - [2010/11/20 02:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)

    DRV - [2010/09/29 09:38:00 | 000,043,888 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelern.sys -- (Acceler)

    DRV - [2010/08/30 20:15:56 | 000,247,808 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel®

    DRV - [2010/08/20 10:04:38 | 000,017,648 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\stdcfltn.sys -- (stdcfltn)

    DRV - [2010/08/12 09:50:20 | 000,146,528 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)

    DRV - [2010/04/07 05:35:04 | 000,423,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

    DRV - [2010/02/27 08:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)

    DRV - [2009/09/17 13:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel®

    DRV - [2009/08/10 12:06:08 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)

    DRV - [2009/05/28 09:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)

    ========== Standard Registry (SafeList) ==========

    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0DCA23EA-57BF-43F2-BBBF-7721CBFC61FD}

    IE - HKLM\..\SearchScopes\{0DCA23EA-57BF-43F2-BBBF-7721CBFC61FD}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USSMB/1

    IE - HKCU\..\SearchScopes,DefaultScope = {0DCA23EA-57BF-43F2-BBBF-7721CBFC61FD}

    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"

    FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9

    FF - prefs.js..extensions.enabledItems: qrptoolbar@leapforceathome:1.61

    FF - prefs.js..extensions.enabledItems: {f035aa18-ee32-4e6e-81d2-57e32867f8a7}:1.18

    FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.26

    FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.15.1

    FF - prefs.js..extensions.enabledItems: {feee3d1c-da92-4c21-8665-2425de7f53b7}:1.5

    FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.4

    FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.3.1

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\parrotperson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\parrotperson\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\parrotperson\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/10 22:16:48 | 000,000,000 | ---D | M]

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/11 04:58:14 | 000,000,000 | ---D | M]

    [2011/01/31 16:21:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Extensions

    [2012/03/29 01:28:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (Delicious Bookmarks) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (Flashblock) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (wmlbrowser) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (EWOQ Mobile Setup extension) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{f035aa18-ee32-4e6e-81d2-57e32867f8a7}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] (EWOQ Rater Helper) -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\{feee3d1c-da92-4c21-8665-2425de7f53b7}

    [2012/03/29 01:30:25 | 000,000,000 | ---D | M] ("Leapforce - Search Engine Evaluator Toolbar") -- C:\Users\parrotperson\AppData\Roaming\Mozilla\Firefox\Profiles\0ug690kf.default\extensions\qrptoolbar@leapforceathome

    [2012/05/11 01:59:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    [2012/05/10 22:16:48 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

    [2011/03/22 11:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

    [2012/02/21 02:40:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    [2012/02/21 02:40:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)

    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\parrotperson\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll

    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

    CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

    CHR - plugin: Java Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll

    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

    CHR - plugin: Native Client (Enabled) = C:\Users\parrotperson\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll

    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\parrotperson\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll

    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll

    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

    CHR - plugin: Google Update (Enabled) = C:\Users\parrotperson\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll

    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\parrotperson\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll

    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

    O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)

    O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)

    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

    O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)

    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

    O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

    O4 - HKLM..\Run: [DBRMTray] C:\dell\DBRM\Reminder\DbrmTrayicon.exe (Microsoft)

    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)

    O4 - HKLM..\Run: [FreeFallProtection] C:\Program Files\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()

    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

    O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

    O4 - HKLM..\Run: [QuickTime] C:\Users\Public\common\dll\netdr\msdtc.exe (MS)

    O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

    O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

    O4 - HKLM..\RunOnce: [DBRMTray] C:\dell\DBRM\Reminder\TrayApp.exe (Microsoft)

    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil11e_Plugin.exe (Adobe Systems, Inc.)

    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1

    O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

    O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

    O13 - gopher Prefix: missing

    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56E134B8-4675-47C5-A77B-2218BCC9A3FD}: DhcpNameServer = 172.3.1.161

    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E431558-E524-47D3-AAB6-8AFEFAE32AA2}: DhcpNameServer = 192.168.0.1 205.171.3.25

    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    O32 - HKLM CDRom: AutoRun - 1

    O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

    O34 - HKLM BootExecute: (autocheck autochk *)

    O35 - HKLM\..comfile [open] -- "%1" %*

    O35 - HKLM\..exefile [open] -- "%1" %*

    O37 - HKLM\...com [@ = comfile] -- "%1" %*

    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

    ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

    ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

    ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.

    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

    NetSvcs: FastUserSwitchingCompatibility - File not found

    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

    NetSvcs: Nla - File not found

    NetSvcs: Ntmssvc - File not found

    NetSvcs: NWCWorkstation - File not found

    NetSvcs: Nwsapagent - File not found

    NetSvcs: SRService - File not found

    NetSvcs: WmdmPmSp - File not found

    NetSvcs: LogonHours - File not found

    NetSvcs: PCAudit - File not found

    NetSvcs: helpsvc - File not found

    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT

    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/03 02:06:10 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\parrotperson\Desktop\OTL.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/07/03 02:06:14 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\parrotperson\Desktop\OTL.exe

    [2012/07/03 02:04:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078031874-676444689-3610010297-1001UA.job

    [2012/07/03 00:18:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

    [2012/07/02 14:57:39 | 000,002,513 | ---- | M] () -- C:\Users\parrotperson\Desktop\Google Chrome Canary.lnk

    [2012/07/02 03:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078031874-676444689-3610010297-1001Core.job

    [2012/06/28 20:47:05 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

    [2012/06/28 20:47:05 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    [2012/06/28 20:12:10 | 000,221,365 | ---- | M] () -- C:\Users\parrotperson\Desktop\BrendaFax06282012.pdf

    [2012/06/25 21:09:42 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

    [2012/06/25 21:09:42 | 000,014,256 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

    [2012/06/25 01:52:02 | 2358,259,712 | -HS- | M] () -- C:\hiberfil.sys

    [2012/06/16 14:22:58 | 000,302,096 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2012/06/28 20:12:10 | 000,221,365 | ---- | C] () -- C:\Users\parrotperson\Desktop\BrendaFax06282012.pdf

    [2012/03/29 00:54:51 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~f5JpFzp4qEyRnC

    [2012/03/29 00:54:51 | 000,000,168 | -H-- | C] () -- C:\ProgramData\~f5JpFzp4qEyRnCr

    [2012/03/29 00:54:48 | 000,000,416 | -H-- | C] () -- C:\ProgramData\f5JpFzp4qEyRnC

    [2011/06/27 15:03:08 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

    [2011/02/17 02:54:30 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    [2011/01/22 01:00:01 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

    [2011/01/22 00:59:37 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin

    [2011/01/22 00:59:37 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll

    [2011/01/22 00:59:37 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

    [2011/01/22 00:59:37 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin

    [2011/01/22 00:59:37 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

    [2011/01/22 00:59:36 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin

    [2011/01/22 00:59:35 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

    [2011/01/21 23:21:12 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll

    ========== LOP Check ==========

    [2012/03/29 01:28:02 | 000,000,000 | ---D | M] -- C:\Users\parrotperson\AppData\Roaming\Canon

    [2012/03/29 01:30:24 | 000,000,000 | ---D | M] -- C:\Users\parrotperson\AppData\Roaming\CrashPlan

    [2012/07/02 15:05:01 | 000,000,000 | ---D | M] -- C:\Users\parrotperson\AppData\Roaming\FileZilla

    [2012/03/29 01:28:16 | 000,000,000 | ---D | M] -- C:\Users\parrotperson\AppData\Roaming\PCDr

    [2011/08/23 03:05:09 | 000,000,000 | -H-D | M] -- C:\Users\parrotperson\AppData\Roaming\Xtranormal

    [2011/10/13 19:15:00 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job

    [2009/07/13 21:53:46 | 000,020,408 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========

    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*. >

    [2011/08/23 14:57:04 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

    [2012/03/29 01:29:55 | 000,000,000 | ---D | M] -- C:\Apps

    [2012/03/29 01:30:02 | 000,000,000 | ---D | M] -- C:\dell

    [2009/07/13 21:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

    [2012/03/29 01:30:03 | 000,000,000 | ---D | M] -- C:\Drivers

    [2011/01/22 01:11:47 | 000,000,000 | -H-D | M] -- C:\Intel

    [2011/02/17 02:14:10 | 000,000,000 | RH-D | M] -- C:\MSOCache

    [2009/07/13 19:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

    [2012/05/11 19:17:55 | 000,000,000 | R--D | M] -- C:\Program Files

    [2012/05/10 22:16:49 | 000,000,000 | -H-D | M] -- C:\ProgramData

    [2012/07/03 02:09:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information

    [2011/01/27 20:04:08 | 000,000,000 | R--D | M] -- C:\Users

    [2012/05/11 03:44:01 | 000,000,000 | ---D | M] -- C:\Windows

    < %PROGRAMFILES%\*.exe >

    < %LOCALAPPDATA%\*.exe >

    < %systemroot%\*. /mp /s >

    < %windir%\installer\*. /5 >

    < %localappdata%\*. /5 >

    [2012/07/03 02:06:47 | 000,000,000 | ---D | M] -- C:\Users\parrotperson\AppData\Local\Temp

    < MD5 for: SERVICES.EXE >

    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe

    [2009/07/13 18:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

    < MD5 for: USER32.DLL >

    [2009/07/13 18:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

    [2010/11/20 05:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

    [2010/11/20 05:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

    < End of report >

    What happened here?

    in Resolved Malware Removal Logs

    Posted

    Hy

    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.

    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

    Download OTL to your Desktop.

    • Double click on the icon to run it.
    • Under the Custom.jpg box paste this in


    activex
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.
    %PROGRAMFILES%\*.exe
    %LOCALAPPDATA%\*.exe
    %systemroot%\*. /mp /s
    %windir%\installer\*. /5
    %localappdata%\*. /5
    /md5start
    services.exe
    user32.dll
    /md5stop
    CREATERESTOREPOINT

    • Make sure all other windows are closed to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

    Please post both logfiles in your next reply.

    Alright:

    OTL Extras logfile created on: 7/3/2012 2:07:23 AM - Run 1

    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\parrotperson\Desktop

    Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

    Internet Explorer (Version = 9.0.8112.16421)

    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.93 Gb Total Physical Memory | 1.08 Gb Available Physical Memory | 36.82% Memory free

    5.86 Gb Paging File | 1.47 Gb Available in Paging File | 25.18% Paging File free

    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

    Drive C: | 288.75 Gb Total Space | 219.48 Gb Free Space | 76.01% Space Free | Partition Type: NTFS

    Computer Name: NESTFEATHER | User Name: parrotperson | Logged in as Administrator.

    Boot Mode: Normal | Scan Mode: Current user | Quick Scan

    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========

    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

    batfile [open] -- "%1" %*

    cmdfile [open] -- "%1" %*

    comfile [open] -- "%1" %*

    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

    exefile [open] -- "%1" %*

    helpfile [open] -- Reg Error: Key error.

    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

    piffile [open] -- "%1" %*

    regfile [merge] -- Reg Error: Key error.

    scrfile [config] -- "%1"

    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

    scrfile [open] -- "%1" /S

    txtfile [edit] -- Reg Error: Key error.

    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    Folder [explore] -- Reg Error: Value error.

    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    "AntiVirusOverride" = 0

    "AntiSpywareOverride" = 0

    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

    "DisableNotifications" = 0

    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{0C6F0205-DDA8-4119-AF64-0DCB7504F1BE}" = rport=137 | protocol=17 | dir=out | app=system |

    "{19A7A348-0772-47CD-AD24-61CC675FF74B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    "{1EE54D37-4F8C-4EEC-85FA-FAD264F91D86}" = lport=10243 | protocol=6 | dir=in | app=system |

    "{2926ABFE-4A98-4978-9E14-1E25C6F6110F}" = rport=139 | protocol=6 | dir=out | app=system |

    "{3CE393CF-859F-47EB-8130-5C7DA686541A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{3D9FFEB9-96A2-4452-821C-F1088EC35243}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{4450B6D5-F3FE-440C-BE28-6F48D25F01C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

    "{45A99007-DDDA-40FC-A2A7-5FF91F06D814}" = lport=138 | protocol=17 | dir=in | app=system |

    "{493A9A17-89CE-4246-90BA-00E1C4FC01BA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{5493B917-1680-4428-B0D9-456DAC7538F7}" = rport=445 | protocol=6 | dir=out | app=system |

    "{79714CA2-983B-4379-864D-948290C03D47}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{903C8D63-35E7-42A8-9C15-6E6849DE5BB8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{986CC0F2-B2F5-4FE9-8537-BD3565115145}" = lport=445 | protocol=6 | dir=in | app=system |

    "{A9213B55-AD9E-475E-810C-FC5AF3257B42}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

    "{AB957667-9A99-4260-9700-D63FB6CE6D41}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    "{B4184436-7710-418F-B488-D82927836741}" = rport=138 | protocol=17 | dir=out | app=system |

    "{BB6F247F-1FDC-40F8-AF3A-E10B6CCAC48F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    "{C3E3E882-D18E-457A-8FC0-304FD9FA6AB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

    "{C6CE0739-7DF1-474E-8B30-92F65C45323E}" = rport=10243 | protocol=6 | dir=out | app=system |

    "{C6E4F5F4-B4A2-4A83-8202-C46144C723C4}" = lport=139 | protocol=6 | dir=in | app=system |

    "{D390CEE7-B9FA-418B-BCF1-FD57129ABE37}" = lport=137 | protocol=17 | dir=in | app=system |

    "{D8E6E611-CB02-431A-9F33-F2A8DD95CE37}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    "{DCC93749-3126-45E3-B6A6-CB723A5BB20D}" = lport=2869 | protocol=6 | dir=in | app=system |

    "{E01C4DC9-5ADC-49B8-AAEA-122565F8C0B9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

    "{E4D917F1-4352-41B8-B56B-9C1FB4E12C8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

    "{F3922C3A-6603-4D3A-BB83-58D41F8423F4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    "{118CD87E-8DAB-44CD-A6F2-AF8F2C1537B4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

    "{12990BEF-4455-4E0A-8629-68D175A55B9C}" = protocol=6 | dir=out | app=system |

    "{18A5B61F-1D47-4F57-B3A4-62174743B554}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "{1E34253A-67DA-44C8-81EE-B6D223ACC2C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

    "{2C6B91D8-16DA-449C-B74E-6BF93A8D768D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    "{398B0C95-BB2D-453F-8B62-6196E07254C9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{4F1158C2-5838-4D58-B9E7-6A782F5BF8F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{4F4BBDA7-EAE9-4CFC-B851-F1B2E4D9D814}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

    "{50074691-0911-493A-8733-6DF3F2F1A6FA}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

    "{51A08C84-76F5-4B34-89E9-BCDEB095CDD5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

    "{52EB4267-74D5-4B6A-B15D-DAF5C385D9CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

    "{561CF48F-47F8-463E-A975-FBDC211430D2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    "{59048D4F-6071-4084-AE1F-B22F3A8A21BE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{643E155C-AC85-447D-B0DE-4D4017039DC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{6625FD9F-0C88-4D9B-8C8E-446A62696D39}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

    "{72079C49-16CC-45E0-9100-71FAB2B590C1}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |

    "{873EC42D-14DB-44E9-8606-A4611C66FF97}" = dir=in | app=c:\program files\skype\phone\skype.exe |

    "{889E401B-D909-4084-ACAA-0E2D613A4C31}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{92A70C50-835F-46DE-A3CF-A8E3BAF810B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{9BE54E86-8C34-469B-9E10-E7AC7ABFAC09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

    "{A4AC4307-963F-49FF-AD09-119DC40D647A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    "{D0B293AE-78E4-49ED-9ABB-A578F506B840}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

    "{E6FE09E4-2229-458B-AF55-D01C953EE850}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |

    "{EFE65212-FB4C-4D1A-8EA7-ADC93871F98A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    "TCP Query User{11E66548-DD74-4E35-A85C-0DD3FD3B4E55}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    "TCP Query User{539F3901-D031-4167-8A3C-0E40916E0BCF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    "TCP Query User{C28C8447-0D79-4F15-B7DE-1114695C9E82}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

    "UDP Query User{13889A1C-B5C3-4AA6-9F99-A5D49C8EA57C}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

    "UDP Query User{5644D422-FD4B-4AB7-8561-403EA7AE3B8C}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    "UDP Query User{775D6F62-4CE7-47F9-9B75-5A7217C8B512}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3

    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers

    "{16AAFF18-00FC-4D78-AF21-E97B6DF15422}" = Xtranormal State - Voicepack-British-Lucy22k

    "{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources

    "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

    "{2149FA24-7AD5-4412-89A5-034C9A9710BB}" = CrashPlan

    "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

    "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 5

    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

    "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer

    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

    "{3622C71B-6FD9-4ED8-A07B-99B50AA5C0DE}" = Xtranormal State - Showpak-FM

    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

    "{3E286237-C618-4DE6-98B2-0E96DBF01250}" = Xtranormal State - Voicepack-USEnglish-Ryan22k

    "{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources

    "{4688EB75-28E2-4731-9BCB-55E624F7CD45}" = Dell Backup and Recovery Manager

    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11

    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

    "{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

    "{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

    "{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

    "{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

    "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

    "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

    "{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

    "{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

    "{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

    "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007

    "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

    "{99718668-A364-4BD6-B7C6-F1A30D5F2D8C}" = Xtranormal State - Voicepack-USEnglish-Heather22k

    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

    "{A0BA5AAC-CA61-4C71-9A29-FDF521296225}" = Xtranormal State - SoundPack-Starter Kit

    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

    "{A54BF015-5D88-458D-9ECE-4DDA82A589EC}" = Xtranormal State - Voicepack-British-Graham22k

    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

    "{A95168B6-7BAA-471C-937B-3BAE8DC3D9F2}" = Xtranormal State

    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)

    "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32

    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

    "{D5A32BDB-81BC-4D25-89DF-65C5A0DD8FE0}" = Xtranormal State - Showpak-SUT

    "{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3

    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

    "Adobe AIR" = Adobe AIR

    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0

    "Advanced Audio FX Engine" = Advanced Audio FX Engine

    "CameraUserGuide-PSSD1400IS_IXUS130" = Canon PowerShot SD1400 IS_IXUS 130 Camera User Guide

    "CameraWindowDC8" = Canon Utilities CameraWindow DC 8

    "CameraWindowLauncher" = Canon Utilities CameraWindow

    "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

    "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

    "Canon MOV Decoder" = Canon MOV Decoder

    "Canon MOV Encoder" = Canon MOV Encoder

    "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

    "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

    "CanonMyPrinter" = Canon Utilities My Printer

    "CanonSolutionMenu" = Canon Utilities Solution Menu

    "Dell Webcam Central" = Dell Webcam Central

    "DW WLAN Card Utility" = DW WLAN Card Utility

    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

    "FileZilla Client" = FileZilla Client 3.5.3

    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400

    "McAfee Security Scan" = McAfee Security Scan Plus

    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

    "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

    "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube

    "Mozilla Firefox 12.0 (x86 en-US)" = Mozilla Firefox 12.0 (x86 en-US)

    "MozillaMaintenanceService" = Mozilla Maintenance Service

    "MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

    "MyCamera" = Canon Utilities MyCamera

    "Personal Printing Guide" = Canon Personal Printing Guide

    "PhotoStitch" = Canon Utilities PhotoStitch

    "Software Guide" = Canon DIGITAL CAMERA Solution Disk Software Guide

    "ST6UNST #1" = WinCity Massage Soap Notes (60-day Trial)

    "STANDARDR" = Microsoft Office Standard 2007

    "SynTPDeinstKey" = Dell Touchpad

    "Winamp" = Winamp

    "WinLiveSuite" = Windows Live Essentials

    "WinRAR archiver" = WinRAR 4.01 (32-bit)

    "Yahoo! Messenger" = Yahoo! Messenger

    "Yahoo! Software Update" = Yahoo! Software Update

    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    "Google Chrome" = Google Chrome

    "Google Chrome SxS" = Google Chrome Canary

    "Winamp Detect" = Winamp Detector Plug-in

    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]

    Error - 1/17/2012 1:53:29 PM | Computer Name = NestFeather | Source = Microsoft-Windows-CAPI2 | ID = 513

    Description = Cryptographic Services failed while processing the OnIdentity() call

    in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image

    of binary Symantec Network Security WFP Driver. System Error: The system cannot find

    the file specified. .

    Error - 1/17/2012 4:00:33 PM | Computer Name = NestFeather | Source = .NET Runtime | ID = 1023

    Description =

    Error - 1/17/2012 4:00:35 PM | Computer Name = NestFeather | Source = Application Error | ID = 1000

    Description = Faulting application name: plugin-container.exe, version: 1.9.2.4232,

    time stamp: 0x4e39c2c8 Faulting module name: coreclr.dll, version: 4.0.60831.0,

    time stamp: 0x4e5d6c64 Exception code: 0x8013150a Fault offset: 0x0013d2a6 Faulting

    process id: 0xecc Faulting application start time: 0x01ccd3544a83c15b Faulting application

    path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:

    c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll Report Id: eaac0435-4145-11e1-91f6-c0cb38cb4c76

    Error - 1/21/2012 2:41:12 AM | Computer Name = NestFeather | Source = VSS | ID = 12294

    Description =

    Error - 2/2/2012 3:53:14 AM | Computer Name = NestFeather | Source = .NET Runtime | ID = 1023

    Description =

    Error - 2/2/2012 3:53:16 AM | Computer Name = NestFeather | Source = Application Error | ID = 1000

    Description = Faulting application name: plugin-container.exe, version: 9.0.1.4371,

    time stamp: 0x4ef15e07 Faulting module name: coreclr.dll, version: 4.0.60831.0,

    time stamp: 0x4e5d6c64 Exception code: 0x8013150a Fault offset: 0x0013d2a6 Faulting

    process id: 0x2c68 Faulting application start time: 0x01cce15cd40b9a20 Faulting application

    path: C:\Program Files\Mozilla Firefox\plugin-container.exe Faulting module path:

    c:\Program Files\Microsoft Silverlight\4.0.60831.0\coreclr.dll Report Id: f6c755bd-4d72-11e1-8552-f04da2cc08b2

    Error - 2/2/2012 7:00:21 AM | Computer Name = NestFeather | Source = VSS | ID = 12294

    Description =

    Error - 2/6/2012 6:33:37 PM | Computer Name = NestFeather | Source = VSS | ID = 12294

    Description =

    Error - 4/14/2012 2:20:46 AM | Computer Name = NestFeather | Source = Application Hang | ID = 1002

    Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting

    with Windows and was closed. To see if more information about the problem is available,

    check the problem history in the Action Center control panel. Process ID: 418 Start

    Time: 01cd1a06a72a2ec7 Termination Time: 23 Application Path: C:\Program Files\Internet

    Explorer\iexplore.exe Report Id:

    Error - 5/2/2012 7:02:46 PM | Computer Name = NestFeather | Source = Application Error | ID = 1000

    Description = Faulting application name: winamp.exe, version: 5.6.1.3133, time stamp:

    0x4d88ec8b Faulting module name: MSVCR90.dll, version: 9.0.30729.6161, time stamp:

    0x4dace5b9 Exception code: 0xc0000417 Fault offset: 0x0002fc96 Faulting process id:

    0x3a34 Faulting application start time: 0x01cd28b313ef82d5 Faulting application path:

    C:\Program Files\Winamp\winamp.exe Faulting module path: C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll

    Report

    Id: edc6f499-94aa-11e1-acec-f04da2cc08b2

    [ System Events ]

    Error - 2/16/2012 5:08:46 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/16/2012 6:37:38 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/16/2012 7:35:32 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/16/2012 11:42:28 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 12:02:01 AM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 1:07:19 AM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 4:31:08 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 4:59:39 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 7:08:25 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    Error - 2/17/2012 9:52:44 PM | Computer Name = NestFeather | Source = BTHUSB | ID = 327697

    Description = The local Bluetooth adapter has failed in an undetermined manner and

    will not be used. The driver has been unloaded.

    < End of report >

    What happened here?

    in Resolved Malware Removal Logs

    Posted

    While I was watching a netflix video, my computer suddenly shut off with no warning. Upon restarting it, a message came up that several bluetooth items had been installed (I wish I had written down the exact wording of the installation message). I don't want and didn't give permission for this to happen. I looked at system restore points, but it claimed that nothing was there to uninstall since the last windows update. I also don't see anything with bluetooth in the name in devices or installed programs.

    So far my system is operating normally as far as I can tell, and I updated and ran Malwarebytes. It found nothing.

    I'm not sure what's going on here...

    in General Windows PC Help

    Posted

    While I was watching a netflix video, my computer suddenly shut off with no warning. Upon restarting it, a message came up that several bluetooth items had been installed (I wish I had written down the exact wording of the installation message). I don't want and didn't give permission for this to happen. I looked at system restore points, but it claimed that nothing was there to uninstall since the last windows update. I also don't see anything with bluetooth in the name in devices or installed programs.

    So far my system is operating normally as far as I can tell, but this worries me and I would like to know what just happened and what I should do about it.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.