Jump to content

Max124

Honorary Members
  • Posts

    34
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Success! You're now using OpenDNS. Rebooted the computer but the problem remained...
  2. Merged with no problems and restarted. Windows update, windows defender update or support.microsoft.com are still not accessable. Thanks for looking.
  3. OTL logfile created on: 12/2/2013 9:59:11 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\otl 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.97 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 22.13% Memory free 12.07 Gb Paging File | 7.11 Gb Available in Paging File | 58.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 208.51 Gb Total Space | 99.66 Gb Free Space | 47.80% Space Free | Partition Type: NTFS Drive D: | 15.01 Gb Total Space | 7.51 Gb Free Space | 50.05% Space Free | Partition Type: NTFS Drive E: | 193.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 14.83 Gb Total Space | 9.87 Gb Free Space | 66.54% Space Free | Partition Type: FAT32 Drive J: | 1863.01 Gb Total Space | 1270.07 Gb Free Space | 68.17% Space Free | Partition Type: NTFS Drive K: | 581.12 Gb Total Space | 505.05 Gb Free Space | 86.91% Space Free | Partition Type: NTFS Drive M: | 15.00 Gb Total Space | 7.50 Gb Free Space | 49.99% Space Free | Partition Type: NTFS Computer Name: DESKTOP | User Name: Max | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\otl\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Miranda IM\miranda32.exe ( ) PRC - C:\Program Files (x86)\Opera\opera.exe (Opera Software) PRC - C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC) PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC) PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () PRC - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Citrix\ICA Client\ssonsvr.exe (Citrix Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation) PRC - C:\Program Files (x86)\XnView\xnview.exe (XnView, http://www.xnview.com) PRC - C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\ce9a2e0e508484f2ccc43194945cfae4\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8927b576eb15c4a8f4bb04f05e7cc51e\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Miranda IM\zlib.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\ICQ.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\dbx_mmap.dll () MOD - C:\Program Files (x86)\Miranda IM\Plugins\Aim.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\gstreamer.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Program Files (x86)\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RBScript.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\XML.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CGamma.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\RegEx.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Appearance Pak.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\Shell.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\CSensor.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSRegistrationPlugin16042.dll () MOD - C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility Libs\MBSPluginVersionPlugin16042.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll () ========== Services (SafeList) ========== SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com) SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.) SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV:64bit: - (AERTFilters) -- C:\Windows\SysNative\AERTSr64.exe (Andrea Electronics Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Seagate Dashboard Services) -- C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe (Seagate Technology LLC) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (ccSetMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (ccEvtMgr) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation) SRV - (SNAC) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation) SRV - (SmcService) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation) SRV - (Symantec AntiVirus) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (LiveUpdate) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\winvnc4.exe (RealVNC Ltd.) SRV - (WebUpdate4) -- C:\Windows\SysWOW64\WebUpdateSvc4.exe (Data Perceptions / PowerProgrammer) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\DRIVERS\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation) DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys (Research In Motion Limited) DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation) DRV:64bit: - (ctxusbm) -- C:\Windows\SysNative\DRIVERS\ctxusbm.sys (Citrix Systems, Inc.) DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS (Symantec Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys (Microsoft Corporation) DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation ) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (Spyder3) -- C:\Windows\SysNative\DRIVERS\Spyder3.sys () DRV:64bit: - (OA002Vid) -- C:\Windows\SysNative\DRIVERS\OA002Vid.sys (Creative Technology Ltd.) DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider) DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iastor.sys (Intel Corporation) DRV:64bit: - (OA002Ufd) -- C:\Windows\SysNative\DRIVERS\OA002Ufd.sys (Creative Technology Ltd.) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys (Microsoft Corporation) DRV:64bit: - (e1express) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (OA002Afx) -- C:\Windows\SysNative\Drivers\OA002Afx.sys (Creative Technology Ltd.) DRV:64bit: - (RLDesignVirtualAudioCableWdm) -- C:\Windows\SysNative\DRIVERS\livecamv.sys () DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131202.016\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20131202.016\eng64.sys (Symantec Corporation) DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.) DRV - (SRTSPL) -- C:\Windows\SysWOW64\drivers\srtspl64.sys (Symantec Corporation) DRV - (SRTSP) -- C:\Windows\SysWOW64\drivers\srtsp64.sys (Symantec Corporation) DRV - (SRTSPX) -- C:\Windows\SysWOW64\drivers\srtspx64.sys (Symantec Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/ IE - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Components: C:\Program Files (x86)\Eudora OSE\components [2011/02/15 10:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Eudora OSE 1.0\extensions\\Plugins: C:\Program Files (x86)\Eudora OSE\plugins [2011/02/15 10:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions [2011/02/15 10:06:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013/11/14 10:47:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\extensions O1 HOSTS File: ([2013/12/02 16:01:56 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4:64bit: - HKLM..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [DBAgent] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Seagate Technology LLC) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000..\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc) O4 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) O4 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000..\Run: [uploader] C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Seagate Technology LLC) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE () O4 - Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2184758152-4010477325-542078138-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7269A6D6-C07D-4C51-A049-8897A2739644}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/12/02 21:57:39 | 000,000,000 | ---D | C] -- C:\otl [2013/11/27 17:10:49 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/11/25 22:30:46 | 002,926,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2013/11/23 16:03:57 | 000,000,000 | ---D | C] -- C:\FRST [2013/11/20 21:17:00 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/11/20 20:08:31 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Google [2013/11/20 20:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013/11/18 12:53:26 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013/11/18 12:51:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2 [2013/11/18 09:52:06 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/11/18 09:43:58 | 000,000,000 | ---D | C] -- C:\RegBackup [2013/11/17 23:01:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com [2013/11/17 23:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com [2013/11/17 21:16:04 | 000,000,000 | ---D | C] -- C:\Users\Max\Doctor Web [2013/11/15 23:02:16 | 004,121,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2013/11/14 10:42:05 | 000,000,000 | ---D | C] -- C:\temp [2013/11/14 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater [2013/11/14 10:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers [2013/11/14 02:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable) [2013/11/14 01:55:15 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/11/14 01:55:02 | 000,000,000 | ---D | C] -- C:\mbar [2013/11/13 23:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2013/11/13 23:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2013/11/13 17:09:56 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\GooredFix Backups [2013/11/13 02:10:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\SUPERAntiSpyware.com [2013/11/13 02:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/11/13 02:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2013/11/13 02:10:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/11/13 00:09:03 | 093,171,984 | ---- | C] (Microsoft Corporation) -- C:\Users\Max\Desktop\msert.exe [2013/11/12 00:27:17 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\ProcAlyzer Dumps [2013/11/11 21:43:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013/11/06 21:47:15 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\CrashDumps [2013/11/06 15:43:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/11/06 15:43:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/11/06 15:39:57 | 040,658,208 | ---- | C] (Safer-Networking Ltd. ) -- C:\Users\Max\Desktop\spybot-2.2.exe [2013/11/06 14:12:31 | 000,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys [2013/11/06 14:04:24 | 013,812,408 | ---- | C] (Microsoft Corporation) -- C:\Users\Max\Desktop\mseinstall.exe [2013/11/05 16:54:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/11/05 16:38:15 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/11/05 16:38:15 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/11/05 16:38:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/11/05 16:38:05 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/11/05 16:37:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/11/05 16:36:22 | 005,146,522 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe [2013/11/05 16:31:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/11/05 16:25:31 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\RK_Quarantine ========== Files - Modified Within 30 Days ========== [2013/12/02 21:31:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/12/02 20:18:51 | 000,003,744 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/12/02 20:18:51 | 000,003,744 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/12/02 16:23:10 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/12/02 16:23:10 | 000,592,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/12/02 16:23:10 | 000,100,360 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/12/02 16:18:55 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job [2013/12/02 16:18:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/12/02 16:18:42 | 2110,971,903 | -HS- | M] () -- C:\hiberfil.sys [2013/12/02 16:01:56 | 000,000,761 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013/12/02 12:54:18 | 000,379,166 | ---- | M] () -- C:\Users\Max\Desktop\MIoffehh376763052statusmatch.jpg [2013/11/27 17:10:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/11/27 17:10:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/11/25 22:33:30 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2013/11/20 21:05:12 | 005,146,522 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe [2013/11/20 20:14:32 | 004,161,024 | ---- | M] () -- C:\Users\Max\Desktop\RogueKillerX64.exe [2013/11/20 20:02:21 | 748,439,513 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013/11/18 12:51:12 | 002,990,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/11/18 12:49:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE [2013/11/18 12:42:16 | 000,703,516 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/11/18 10:23:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/11/18 09:59:33 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_900 [2013/11/18 09:44:24 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat [2013/11/17 23:01:58 | 000,001,996 | ---- | M] () -- C:\Users\Max\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2013/11/17 22:23:54 | 000,000,680 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat [2013/11/16 10:21:16 | 004,121,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Max\Desktop\tdsskiller.exe [2013/11/15 10:13:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_72 [2013/11/14 11:45:51 | 000,000,945 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/11/13 02:10:34 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/11/13 00:09:21 | 093,171,984 | ---- | M] (Microsoft Corporation) -- C:\Users\Max\Desktop\msert.exe [2013/11/11 22:40:05 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/11/06 15:40:32 | 040,658,208 | ---- | M] (Safer-Networking Ltd. ) -- C:\Users\Max\Desktop\spybot-2.2.exe [2013/11/06 14:04:24 | 013,812,408 | ---- | M] (Microsoft Corporation) -- C:\Users\Max\Desktop\mseinstall.exe [2013/11/05 15:00:00 | 000,275,181 | ---- | M] () -- C:\Users\Max\Desktop\WindowsUpdateDiagnostic.diagcab [2013/11/05 09:22:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe ========== Files Created - No Company Name ========== [2013/12/02 12:54:17 | 000,379,166 | ---- | C] () -- C:\Users\Max\Desktop\MIoffehh376763052statusmatch.jpg [2013/11/27 16:56:49 | 2110,971,903 | -HS- | C] () -- C:\hiberfil.sys [2013/11/18 09:56:19 | 000,703,516 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/11/18 09:44:24 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DESKTOP-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat [2013/11/17 23:01:58 | 000,001,996 | ---- | C] () -- C:\Users\Max\Desktop\Tweaking.com - Windows Repair (All in One).lnk [2013/11/13 23:14:58 | 000,000,945 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2013/11/13 02:10:34 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/11/06 14:13:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif [2013/11/05 16:38:15 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/11/05 16:38:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/11/05 16:38:15 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/11/05 16:38:15 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/11/05 16:38:15 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/11/05 16:25:15 | 004,161,024 | ---- | C] () -- C:\Users\Max\Desktop\RogueKillerX64.exe [2013/11/05 14:59:59 | 000,275,181 | ---- | C] () -- C:\Users\Max\Desktop\WindowsUpdateDiagnostic.diagcab [2013/07/30 11:56:50 | 000,000,000 | ---- | C] () -- C:\ProgramData\Nalpeiron [2012/11/26 12:10:24 | 000,001,460 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat [2011/12/04 23:17:33 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/06/08 22:32:47 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/24 16:18:57 | 000,000,173 | ---- | C] () -- C:\Users\Max\AppData\Local\RAExpertHistory.xml [2009/08/25 17:39:06 | 000,008,192 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/30 09:12:33 | 000,000,947 | ---- | C] () -- C:\Users\Max\AppData\Roaming\DataSafeDotNet.exe [2009/04/08 11:43:30 | 000,024,226 | ---- | C] () -- C:\Users\Max\AppData\Roaming\UserTile.png [2009/04/08 09:41:11 | 000,000,680 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\desktop.in0 [2013/11/14 10:41:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\SysWow64\wbem\wbemess.dll ========== Files - Unicode (All) ========== [2012/02/16 15:06:41 | 000,014,309 | ---- | M] ()(C:\Users\Max\Documents\????? ?? ????? ?? ????? ??? ????.docx) -- C:\Users\Max\Documents\Культ не культ но вождь всё знал.docx [2012/02/16 15:06:38 | 000,014,309 | ---- | C] ()(C:\Users\Max\Documents\????? ?? ????? ?? ????? ??? ????.docx) -- C:\Users\Max\Documents\Культ не культ но вождь всё знал.docx ========== Alternate Data Streams ========== @Alternate Data Stream - 5 bytes -> C:\ProgramData\Nalpeiron:user.ns1 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:5D432CE3 < End of report >
  4. Done. The repairs worked with no errors but the problem remains.
  5. Maybe this will help. I restarted the computer, opened command prompt pinged microsoft.com, flushed dsn and pinged them again. Note that IP for microsoft.com changed. Microsoft Windows [Version 6.0.6002] Copyright © 2006 Microsoft Corporation. All rights reserved. C:\Windows\system32>ping microsoft.com Pinging microsoft.com [64.4.11.37] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 64.4.11.37: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Windows\system32>ipconfig /flushdns Windows IP Configuration Successfully flushed the DNS Resolver Cache. C:\Windows\system32>ping microsoft.com Pinging microsoft.com [65.55.58.201] with 32 bytes of data: General failure. General failure. General failure. General failure. Ping statistics for 65.55.58.201: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Windows\system32>
  6. My router is not listed there. I should also mention, there are 3 more computers and a number of smartphones connected to the same router and all of these can open support.microsoft.com while this computer can not.
  7. Windows IP Configuration Host Name . . . . . . . . . . . . : Desktop Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : home Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC Physical Address. . . . . . . . . : 00-21-70-5A-05-23 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::2800:9da1:a033:5c31%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, November 26, 2013 9:38:16 AM Lease Expires . . . . . . . . . . : Wednesday, November 27, 2013 9:38:13 AM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 184557936 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-63-37-55-00-21-70-5A-05-23 DNS Servers . . . . . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 6: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : home Description . . . . . . . . . . . : isatap.home Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 7: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3cd5:25f4:3f57:fef9(Preferred) Link-local IPv6 Address . . . . . : fe80::3cd5:25f4:3f57:fef9%10(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: google.com Addresses: 2607:f8b0:4004:802::1000 74.125.228.105 74.125.228.97 74.125.228.104 74.125.228.101 74.125.228.98 74.125.228.100 74.125.228.96 74.125.228.102 74.125.228.110 74.125.228.103 74.125.228.99 Server: Wireless_Broadband_Router.home Address: 192.168.1.1 Name: yahoo.com Addresses: 98.138.253.109 206.190.36.45 98.139.183.24 Pinging google.com [74.125.228.104] with 32 bytes of data: Request timed out. Reply from 74.125.228.104: bytes=32 time=9ms TTL=250 Ping statistics for 74.125.228.104: Packets: Sent = 2, Received = 1, Lost = 1 (50% loss), Approximate round trip times in milli-seconds: Minimum = 9ms, Maximum = 9ms, Average = 9ms Pinging yahoo.com [206.190.36.45] with 32 bytes of data: Reply from 206.190.36.45: bytes=32 time=96ms TTL=248 Reply from 206.190.36.45: bytes=32 time=98ms TTL=248 Ping statistics for 206.190.36.45: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 96ms, Maximum = 98ms, Average = 97ms =========================================================================== Interface List 11 ...00 21 70 5a 05 23 ...... Realtek RTL8168C(P)/8111C(P) Family PCI-E GBE NIC 1 ........................... Software Loopback Interface 1 12 ...00 00 00 00 00 00 00 e0 isatap.home 10 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 10 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.6 266 192.168.1.6 255.255.255.255 On-link 192.168.1.6 266 192.168.1.255 255.255.255.255 On-link 192.168.1.6 266 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.6 266 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.6 266 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 10 18 ::/0 On-link 1 306 ::1/128 On-link 10 18 2001::/32 On-link 10 266 2001:0:5ef5:79fd:3cd5:25f4:3f57:fef9/128 On-link 11 266 fe80::/64 On-link 10 266 fe80::/64 On-link 11 266 fe80::2800:9da1:a033:5c31/128 On-link 10 266 fe80::3cd5:25f4:3f57:fef9/128 On-link 1 306 ff00::/8 On-link 10 266 ff00::/8 On-link 11 266 ff00::/8 On-link =========================================================================== Persistent Routes: None
  8. As far as computer state, it is unchanged. I am not able to run windows update (error 80072EFD). I am not able to update windows defender. Symantic and malwarebytes do update, but it takes them a very long time. I am not able to access a number of security related websites, or support.microsoft.com (i can access microsoft.com just fine). It looks like there is some kind of dns switcher or proxy still in place, but i can not see any traces of it with the tools i tried.
  9. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01 Ran by Max at 2013-11-26 09:32:11 Run:2 Running from C:\Users\Max\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Program Files\Level Quality Watcher C:\Users\Max\BCompare-3.1.6.10721.exe C:\Users\Max\miranda-im-v0.8.4-unicode.exe C:\Users\Max\AppData\Local\Temp\ntdll_dump.dll C:\Users\Max\AppData\Local\Temp\Quarantine.exe ***************** C:\Program Files\Level Quality Watcher => Moved successfully. C:\Users\Max\BCompare-3.1.6.10721.exe => Moved successfully. C:\Users\Max\miranda-im-v0.8.4-unicode.exe => Moved successfully. C:\Users\Max\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Max\AppData\Local\Temp\Quarantine.exe => Moved successfully. ==== End of Fixlog ====
  10. Sure, Here they are. thanks for looking. Addition.txt FRST.txt
  11. Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01 Ran by Max at 2013-11-25 22:30:45 Run:1 Running from C:\Users\Max\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** Replace: C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe C:\Windows\SysWOW64\explorer.exe ***************** Could not find C:\Windows\SysWOW64\explorer.exe. C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe copied successfully to C:\Windows\SysWOW64\explorer.exe ==== End of Fixlog ====
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.