Brother_Jim
Members-
Posts
19 -
Joined
-
Last visited
Reputation
0 Neutral-
Sorry, I had to go take care of a few things and was gone for a while. Also have to report I ended up deleting MBAM because of it locking up and give the laptop back to the lady in church because she could no longer wait for it. I tried to explain to her their still could be issueswith her computer but she could no longer wait. Thanks for helping me trying to fix the issue, wished I could have stuck out with it but she no longer wanted to wait. Thanks and GBU
-
Ok sorry did not know what tick was use to hearing click on or check the box. Re-did it but this time it did not produce an extras log just an otl log. OTL logfile created on: 7/26/2013 11:45:46 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.93% Memory free 3.93 Gb Paging File | 2.70 Gb Available in Paging File | 68.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 96.08 Gb Free Space | 71.51% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013/07/22 10:02:39 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2009/07/23 23:22:42 | 000,110,800 | ---- | M] () -- C:\Program Files\Acelogix\System TuneUp\wipext.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO) SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV) SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST) DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10} IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0 IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 11:11:13 | 000,000,000 | ---D | M] [2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions [2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions [2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks [2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: amazon.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/26 09:58:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine [2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh [2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple [2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000 [2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix [2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix [2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities [2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer [2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt [2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll [2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL [2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll [2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll [2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL [2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll [2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll [2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll [2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL [2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll [2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll [2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll [2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll [2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll [2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll [2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll [2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll [2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll [2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll [2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll [2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll [2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll [2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll [2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies http://www.amyuni.com) -- C:\Users\user\cdintf210.dll [2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll [2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll [2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll [2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll [2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll [2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.drv [2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.dll [2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll [2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll [2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/26 11:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/26 11:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job [2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 11:10:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/26 11:10:44 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys [2013/07/26 11:10:20 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job [2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat [2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini [2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol [2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK [2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini [2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/26 11:10:20 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat [2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini [2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol [2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC [2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg [2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg [2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg [2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf [2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf [2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip [2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf [2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll [2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol [2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt [2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk [2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK [2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK [2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll [2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL [2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll [2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin [2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini [2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection [2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin [2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr [2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux [2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report >
-
??? What are you talking about ??
-
OTL Log OTL logfile created on: 7/26/2013 8:37:35 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free 3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO) SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV) SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST) DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10} IE - HKCU\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 08:30:42 | 000,000,000 | ---D | M] [2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions [2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions [2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks [2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine [2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh [2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple [2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000 [2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix [2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix [2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities [2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer [2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt [2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll [2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL [2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll [2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll [2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL [2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll [2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll [2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll [2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL [2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll [2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll [2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll [2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll [2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll [2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll [2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll [2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll [2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll [2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll [2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll [2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll [2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll [2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll [2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies http://www.amyuni.com) -- C:\Users\user\cdintf210.dll [2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll [2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll [2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll [2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll [2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll [2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.drv [2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.dll [2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll [2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll [2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 08:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/26 08:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/26 08:30:23 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys [2013/07/25 19:49:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job [2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job [2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat [2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini [2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol [2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK [2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini [2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat [2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini [2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol [2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC [2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg [2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg [2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg [2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf [2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf [2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip [2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf [2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll [2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol [2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt [2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk [2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK [2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK [2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll [2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL [2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll [2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin [2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini [2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection [2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin [2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr [2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux [2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > ------------------------------------- extras OTL Extras logfile created on: 7/26/2013 8:37:35 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free 3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CE8E15E-F345-4672-970C-22310B0AE962}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C7BACF9-D1A9-4913-B314-E37EDBA8C4A2}" = lport=139 | protocol=6 | dir=in | app=system | "{375951B1-7932-440A-B431-B160B7914EA4}" = lport=10243 | protocol=6 | dir=in | app=system | "{37599CE3-595C-4077-BA69-B651B5751EC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4018BF1A-2D51-416A-AE68-EE2F8B000165}" = lport=138 | protocol=17 | dir=in | app=system | "{44D252A7-EAD9-463E-A6D4-001FE2C88016}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe | "{4E5D8F7B-4CBA-40DE-B72A-F29186EEF930}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{56FBD8AD-49BA-4691-9C65-48D877BEAC02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{79440DC0-D5AF-40CB-B810-23DF494B1A13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E8BD1DC-1C1E-4B02-824A-7ACD0EE99B23}" = rport=445 | protocol=6 | dir=out | app=system | "{92850AA4-B933-4F3F-8744-1939ACA217D0}" = rport=139 | protocol=6 | dir=out | app=system | "{9AA0188C-7BBA-4F05-9EA2-1DD48AE63622}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5275BD9-7E19-41CB-9D40-992FFC7C322D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B516556D-928A-4EE4-ABB4-21EEB76166C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B64D09DC-9FCE-4B8F-8FA1-D20D10475A05}" = rport=137 | protocol=17 | dir=out | app=system | "{BDC048B5-32ED-4501-8D22-DF7BAD46DEC8}" = lport=137 | protocol=17 | dir=in | app=system | "{C9556971-C60F-4CF5-B505-7B35068A81B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D32FD47B-D2FD-4B49-B824-FFF03AD29799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{D40081B3-CDFE-4098-9587-523203DB3294}" = lport=445 | protocol=6 | dir=in | app=system | "{E2BB1B06-94AD-48FF-B4C2-3628F9EE1CA1}" = rport=10243 | protocol=6 | dir=out | app=system | "{F03F5324-1247-430E-90C2-4F5E60C6EEDB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe | "{F6124371-8D69-41B7-845F-590126F93996}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05F8B144-1705-404A-8B37-2BE81536FEA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{105247D6-2BF8-45A9-A14D-F5EDF17F71B5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{20033045-D444-41EF-8FC9-A412D807CAB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2222A6BA-2F4E-462B-9072-EAD0A4E83F4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{2B9D0DF8-CCDD-4C82-9EAC-4796AC73D0BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{388598CE-028D-4369-AFFF-F230183773BA}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{3B408F0E-EA9E-48BE-925B-8D2EC2CC537B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{43FC0982-5852-4EEC-80C9-744651A4F60B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{4414946B-12C6-40EE-AFFD-CB2AAFA7883D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4A102BC7-791E-4D88-AD53-9BDE79606197}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{55E95D4F-6997-4C5F-96EB-507EF6AE80EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5751CB74-85E3-4F43-9965-8BB472977F12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{593A503C-264C-4CCC-A52E-41D8192EC2C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E76ED78-1533-44BE-9764-D76F173DB562}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5EC3B2FD-FE79-4DC8-BB47-BBD7230D8433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5F08B597-55BD-4286-A20F-2ED1CAA3023D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6ECEA834-86C1-49EB-80CE-FAD9845C7DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6FFDB25A-D307-46A1-87CA-C430BF28E680}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{738F7D03-E5C5-4C0C-898E-98C2736EA12D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{76437AF3-E165-44BA-84B0-4EDFFB6B5319}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{794A86B7-E9BF-4CE1-A50B-93AB6E155E6F}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{8FFD5803-A3D1-4F2D-A2FD-1E2C1EB8C6D2}" = protocol=6 | dir=out | app=system | "{91ED1260-3988-4E07-A467-C8E02DDCB040}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{9CB1F707-474B-41AE-8A8D-0298376E9CE2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{A6A36ADF-FF03-4270-9F49-99188D5999DC}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{A7C4B8D6-5024-4EE8-BF81-44A1FE6711F9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A86820F8-1932-468D-B09A-7282E3BE568C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B5CABDCA-3189-4E8A-9C67-D4117240C2C7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{B8B4BA07-8BAE-4B7A-A421-5C8F5D49C97E}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{BAA2B23C-0BBE-461B-A5BC-31CEB3FFA8FB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BD3C18B3-9446-4962-AC0D-8EF66D363F91}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BEC37ADD-1232-4C02-B788-6AB12D12278D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{C514BF3D-BC22-47DB-A1C7-39383EBAE473}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{CDC07AB7-D3FB-4276-B4B2-59D847091CB4}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{D1BA8EF3-ADE7-4B22-A3B9-7EB67A445AC0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{DC663758-03E7-440E-8298-16049962EEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6DEF0D9-548F-48E3-B4FB-D74C0B08017A}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{F7388795-27EE-42D4-9F05-627C4B8F9CEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{157EE23B-E16C-44A1-B678-E4F7D31E9138}" = TurboTax 2012 wlaiper "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D63FAE5C-121F-4D15-AC91-13E4F73DFFBC}" = Family Tree Maker "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby "{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC65A49B-D0F4-4CFE-9304-4C6B4412433F}" = TurboTax 2011 wlaiper "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Ace Utilities_is1" = Ace Utilities "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Defraggler" = Defraggler "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NST" = Norton Identity Safe "Revo Uninstaller" = Revo Uninstaller 1.93 "System TuneUp_is1" = System TuneUp "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "TVWiz" = Intel® TV Wizard "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Mail" = att.net Internet Mail "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/24/2013 10:11:59 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 7/24/2013 10:12:01 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\cool smiley bar for facebook\BackgroundHost64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/24/2013 10:13:02 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 7/24/2013 10:32:24 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 11:04:47 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 11:31:48 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 7/25/2013 11:32:47 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 7/25/2013 3:03:28 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 8:52:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/26/2013 9:32:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 11/17/2009 5:48:55 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = The process has been interrupted and ends prematurely [ OSession Events ] Error - 2/5/2010 12:30:58 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/24/2013 1:40:06 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 7/24/2013 1:40:10 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 1:44:40 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 1:49:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 2:15:45 PM | Computer Name = user-PC | Source = DCOM | ID = 10010 Description = Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = DCOM | ID = 10005 Description = Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdatem) service failed to start due to the following error: %%3 Error - 7/25/2013 3:01:45 PM | Computer Name = user-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:52:38 PM on ?7/?25/?2013 was unexpected. Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = DCOM | ID = 10005 Description = Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdatem) service failed to start due to the following error: %%3 < End of report >
-
Before reading this, after it locked up again, I downloaded defraggler and did a whole dick defrag. Well I tried to run malware again and this time it went all the way to the end. This is what it found. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.23.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 user :: USER-PC [administrator] 7/25/2013 4:43:49 PM mbam-log-2013-07-25 (16-43-49).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 410969 Time elapsed: 1 hour(s), 12 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) So do I proceed with the otl download?
-
I did and this is why I was sent here.
-
Wished their was a way to edit a post, I just tried to run malware again, and once it got into filesystem scan it found 5 infection but locks up at this point. When it locks up I must turn off the pc and reboot. So still not sure why it locks up, while everything else will run with no problems.
-
jerky but malwarebytes still locks up when running
-
C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll.vir Win32/Toolbar.Besttoolbars.C application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (2).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (3).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (4).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (5).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup (1).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup (2).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup.exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined C:\Users\user\Downloads\Setup (2).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined C:\Users\user\Downloads\setup.exe (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\setup.exe.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined C:\Users\user\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (1).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (2).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (3).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup.exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined
-
ComboFix 13-07-24.02 - user 07/24/2013 12:41:19.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1236 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\AmiUpdXp.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Cool Smiley Bar for Facebook c:\program files\Cool Smiley Bar for Facebook\AddonsFramework.Typelib.dll c:\program files\Cool Smiley Bar for Facebook\background.html c:\program files\Cool Smiley Bar for Facebook\BackgroundHost.exe c:\program files\Cool Smiley Bar for Facebook\BackgroundHost64.exe c:\program files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll c:\program files\Cool Smiley Bar for Facebook\ButtonSite.dll c:\program files\Cool Smiley Bar for Facebook\ButtonSite64.dll c:\program files\Cool Smiley Bar for Facebook\config.xml c:\program files\Cool Smiley Bar for Facebook\content.js c:\program files\Cool Smiley Bar for Facebook\icon128.png c:\program files\Cool Smiley Bar for Facebook\icon16.png c:\program files\Cool Smiley Bar for Facebook\icon48.png c:\program files\Cool Smiley Bar for Facebook\jquery-1.9.1.min.js c:\program files\Cool Smiley Bar for Facebook\json2.min.js c:\program files\Cool Smiley Bar for Facebook\mz\background.js c:\program files\Cool Smiley Bar for Facebook\mz\content.js c:\program files\Cool Smiley Bar for Facebook\ScriptHost.dll c:\program files\Cool Smiley Bar for Facebook\uninst.exe c:\program files\Cool Smiley Bar for Facebook\uninstall.exe c:\program files\Cool Smiley Bar for Facebook\updater.js c:\program files\Cool Smiley Bar for Facebook\updaterWrapper.js c:\users\user\AppData\Local\SwvUpdater c:\users\user\AppData\Local\SwvUpdater\status.cfg c:\users\user\AppData\Local\SwvUpdater\Updater.exe c:\users\user\AppData\Local\SwvUpdater\Updater.xml c:\users\user\AppData\Roaming\PlusWinks c:\users\user\AppData\Roaming\PlusWinks\pluswinks.crx c:\users\user\AppData\Roaming\SpeedAnalysis2 c:\users\user\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx . . ((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 ))))))))))))))))))))))))))))))) . . 2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\user\AppData\Local\temp 2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh 2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT 2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java 2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:00 . 2013-07-24 14:31 -------- d-----w- c:\users\user\AppData\Local\Adobe 2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT 2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple 2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET 2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000 2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix 2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group 2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com 2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities 2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer 2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec 2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "<NO NAME>"= . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400] R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x] R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . --- Other Services/Drivers In Memory --- . *Deregistered* - EraserUtilRebootDrv *Deregistered* - SPBBCDrv *Deregistered* - SYMDNS *Deregistered* - SYMFW *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI . Contents of the 'Scheduled Tasks' folder . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . . ------- Supplementary Scan ------- . Trusted Zone: $talisma_url$ Trusted Zone: amazon.com\www TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Cool Smiley Bar for Facebook - c:\program files\Cool Smiley Bar for Facebook\uninstall.exe AddRemove-PlusWinks - c:\program files\Cool Smiley Bar for Facebook\uninst.exe AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\user\AppData\Local\SwvUpdater\Updater.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-24 12:50:58 ComboFix-quarantined-files.txt 2013-07-24 17:50 ComboFix2.txt 2013-07-24 14:27 ComboFix3.txt 2013-07-19 19:35 . Pre-Run: 102,627,860,480 bytes free Post-Run: 102,581,096,448 bytes free . - - End Of File - - D42E0C266D5DBC8881F93E9C724F71B2 A36C5E4F47E84449FF07ED3517B43A31
-
ComboFix 13-07-24.02 - user 07/24/2013 9:17.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1111 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 ))))))))))))))))))))))))))))))) . . 2013-07-24 14:25 . 2013-07-24 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 17:24 . 2013-07-23 17:24 -------- d-----w- c:\users\user\AppData\Local\SwvUpdater 2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh 2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT 2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java 2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:00 . 2013-07-22 15:02 -------- d-----w- c:\users\user\AppData\Local\Adobe 2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT 2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple 2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET 2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 19:28 . 2013-07-24 14:25 -------- d-----w- c:\users\user\AppData\Local\temp 2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000 2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix 2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group 2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com 2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\PlusWinks 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\SpeedAnalysis2 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\program files\Cool Smiley Bar for Facebook 2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer 2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec 2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "<NO NAME>"= . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400] R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x] R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - EraserUtilRebootDrv *Deregistered* - SPBBCDrv *Deregistered* - SYMDNS *Deregistered* - SYMFW *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02] . 2013-07-24 c:\windows\Tasks\AmiUpdXp.job - c:\users\user\AppData\Local\SwvUpdater\Updater.exe [2013-07-23 17:24] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . . ------- Supplementary Scan ------- . Trusted Zone: $talisma_url$ Trusted Zone: amazon.com\www TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-DSite - c:\users\user\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-24 09:27:05 ComboFix-quarantined-files.txt 2013-07-24 14:27 ComboFix2.txt 2013-07-19 19:35 . Pre-Run: 102,558,375,936 bytes free Post-Run: 102,565,122,048 bytes free . - - End Of File - - 4D4845E579B58B743D7654B894B681EC A36C5E4F47E84449FF07ED3517B43A31
-
# AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:33:03 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : user - USER-PC # Boot Mode : Normal # Running from : C:\Users\user\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Common Files\ParetoLogic Folder Deleted : C:\ProgramData\ParetoLogic ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB05974.TBSB05974Toolbar Key Deleted : HKLM\Software\SearchProtect Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] -\\ Google Chrome v28.0.1500.72 ************************* AdwCleaner[s1].txt - [4845 octets] - [23/07/2013 11:33:04] ########## EOF - C:\AdwCleaner[s1].txt - [4905 octets] ########## -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Windows 7 Home Premium x86 Ran by user on Tue 07/23/2013 at 11:28:41.56 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\bho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\defaulttabbho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{18b9b16e-716f-43df-a6ad-512c7d2eb983} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8736c681-37a0-40c6-a0f0-4c083409151c} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3279411 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289663 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{456DADC9-06DC-42DF-AD83-C3196CDB1625} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1E3D3CE-3549-430F-8822-01240E400989} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CECB5D17-5B44-4CED-8179-BD0AF911C5FC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA7D7B9C-C5AE-405E-ACA7-F4673BED1900} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" ~~~ Files Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\ProgramData\wecarereminder" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dsite" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\file scout" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\performersoft" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\registry mechanic" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\funwebproducts" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\mywebsearch" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\sweetim" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\searchprotect" Successfully deleted: [Folder] "C:\ProgramData\ask" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/23/2013 at 11:31:19.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Remove -- Date : 07/23/2013 12:34:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> DELETED [V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++ --- User --- [MBR] 04fed4a20147b5da2437ac64a81ba55f [bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_07232013_123441.txt >> RKreport[0]_S_07232013_123257.txt ------------------------------------------------------------------- RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Scan -- Date : 07/23/2013 12:32:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> FOUND [V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++ --- User --- [MBR] 04fed4a20147b5da2437ac64a81ba55f [bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07232013_123257.txt >>
-
I tried to run Malware again and it locked up once it gets into system file scans. Here are the other reports. AdwCleanerS1.txt JRT.txt RKreport0_D_07232013_123441.txt RKreport0_S_07232013_123257.txt
-
Sorry you meant to add it to Norton, I no longer have Norton installed I removed it, so do I attempt to run Malware again?
-
Ok I am up to step 4, but I don't see where to add this in the malware program Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware. I am looking but don't see a exclusions tab or where it may be. Sorry.