Brother_Jim

Members
  • Content count

    19
  • Joined

  • Last visited

About Brother_Jim

  • Rank
    New Member
  1. Sorry, I had to go take care of a few things and was gone for a while. Also have to report I ended up deleting MBAM because of it locking up and give the laptop back to the lady in church because she could no longer wait for it. I tried to explain to her their still could be issueswith her computer but she could no longer wait. Thanks for helping me trying to fix the issue, wished I could have stuck out with it but she no longer wanted to wait. Thanks and GBU
  2. Ok sorry did not know what tick was use to hearing click on or check the box. Re-did it but this time it did not produce an extras log just an otl log. OTL logfile created on: 7/26/2013 11:45:46 AM - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.93% Memory free 3.93 Gb Paging File | 2.70 Gb Available in Paging File | 68.84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 96.08 Gb Free Space | 71.51% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013/07/22 10:02:39 | 000,814,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx MOD - [2009/07/23 23:22:42 | 000,110,800 | ---- | M] () -- C:\Program Files\Acelogix\System TuneUp\wipext.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO) SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV) SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST) DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10} IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0 IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms} IE - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 11:11:13 | 000,000,000 | ---D | M] [2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions [2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions [2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks [2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKU\S-1-5-21-3094632099-2433005807-751425020-1000\..Trusted Domains: amazon.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/26 09:58:18 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine [2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh [2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple [2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000 [2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix [2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix [2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities [2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer [2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt [2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll [2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL [2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll [2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll [2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL [2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll [2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll [2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll [2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL [2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll [2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll [2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll [2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll [2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll [2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll [2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll [2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll [2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll [2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll [2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll [2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll [2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll [2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll [2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies http://www.amyuni.com) -- C:\Users\user\cdintf210.dll [2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll [2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll [2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll [2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll [2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll [2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.drv [2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.dll [2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll [2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll [2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/26 11:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/26 11:21:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job [2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 11:18:27 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 11:10:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/26 11:10:44 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys [2013/07/26 11:10:20 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat [2013/07/26 10:03:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job [2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat [2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini [2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol [2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK [2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini [2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/26 11:10:20 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat [2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat [2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini [2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol [2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC [2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg [2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg [2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg [2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf [2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf [2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip [2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf [2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll [2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol [2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt [2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk [2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK [2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK [2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll [2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL [2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll [2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin [2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini [2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection [2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin [2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr [2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux [2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report >
  3. ??? What are you talking about ??
  4. OTL Log OTL logfile created on: 7/26/2013 8:37:35 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free 3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe PRC - [2013/07/17 11:26:12 | 004,760,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2013/06/21 02:16:28 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccsvchst.exe PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe PRC - [2009/03/31 10:00:24 | 000,483,428 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe PRC - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe PRC - [2009/03/31 09:18:54 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/03/31 09:18:34 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/03/31 09:18:32 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/03/31 09:18:32 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/10 07:15:28 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe ========== Modules (No Company Name) ========== MOD - [2013/04/23 17:57:26 | 004,554,752 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/05/30 09:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\wincfi39.dll MOD - [2009/08/06 08:25:29 | 000,798,720 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll MOD - [2009/08/06 08:25:29 | 000,786,432 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll MOD - [2009/08/06 08:25:29 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll MOD - [2009/08/06 08:25:29 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll MOD - [2009/08/06 08:25:29 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll MOD - [2009/08/06 08:25:29 | 000,233,472 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll MOD - [2009/08/06 08:25:29 | 000,159,744 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll MOD - [2009/08/06 08:25:29 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll MOD - [2009/08/06 08:25:28 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll MOD - [2009/08/06 08:25:28 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll MOD - [2009/08/06 08:25:28 | 000,872,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll MOD - [2009/08/06 08:25:27 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll MOD - [2009/08/06 08:25:26 | 000,128,512 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll MOD - [2009/08/06 08:25:26 | 000,086,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll MOD - [2009/08/06 08:25:26 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll MOD - [2009/08/06 08:25:26 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll MOD - [2009/08/06 08:25:25 | 000,466,944 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll MOD - [2009/08/06 08:25:25 | 000,403,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll MOD - [2009/08/06 08:25:25 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll MOD - [2009/08/06 08:25:25 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll MOD - [2009/08/06 08:25:24 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll MOD - [2009/08/06 08:25:24 | 000,354,816 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll MOD - [2009/08/06 08:25:24 | 000,311,296 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx MOD - [2009/08/06 08:25:24 | 000,258,560 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll MOD - [2009/08/06 08:25:24 | 000,232,448 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx MOD - [2009/08/06 08:25:24 | 000,096,256 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx MOD - [2009/08/06 08:25:23 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx MOD - [2009/08/06 08:25:23 | 000,171,008 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx MOD - [2009/08/06 08:25:23 | 000,117,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx MOD - [2009/08/06 08:25:23 | 000,083,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx MOD - [2009/08/06 08:25:22 | 001,229,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx MOD - [2009/08/06 08:25:22 | 000,757,760 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx MOD - [2009/08/06 08:25:22 | 000,675,840 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx MOD - [2009/08/06 08:25:22 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost) SRV - File not found [On_Demand | Stopped] -- -- (gupdatem) SRV - [2013/07/22 10:02:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 23:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe -- (NCO) SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/02 03:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE -- (BBUpdate) SRV - [2013/04/02 03:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE -- (BBSvc) SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4) SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2010/04/17 18:58:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009/10/02 14:46:00 | 000,656,624 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/31 10:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\stacsv.exe -- (STacSV) SRV - [2009/03/31 10:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\AEstSrv.exe -- (AESTFilters) SRV - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/07 17:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfSysMon.sys -- (TfSysMon) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\TfNetMon.sys -- (TfNetMon) DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\TfFsMon.sys -- (TfFsMon) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PCD5SRVC{3F6A8B78-EC003E00-05040104}) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (MREMPR5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\user\AppData\Local\Temp\catchme.sys -- (catchme) DRV - [2013/05/07 10:54:06 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2013/04/15 21:41:14 | 000,134,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\NST\7DD04000.00A\ccsetx86.sys -- (ccSet_NST) DRV - [2012/08/23 09:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012/08/23 09:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009/03/31 10:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/03/31 09:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/12/21 13:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\..\SearchScopes,DefaultScope = {05F36679-2397-4BBF-8F10-307359AF6D10} IE - HKCU\..\SearchScopes\{05F36679-2397-4BBF-8F10-307359AF6D10}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111044,17681,0,18,0 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=MDDC IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/11/13 19:44:52 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\user\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/03/24 11:20:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013/07/26 08:30:42 | 000,000,000 | ---D | M] [2010/09/22 13:43:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions [2013/07/23 11:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions [2010/09/22 13:54:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013/07/12 09:12:39 | 000,000,000 | ---D | M] (Cool Smiley Bar for Facebook) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ze0c1pb3.default\extensions\pluswinks@PlusWinks [2010/09/22 13:54:26 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml ========== Chrome ========== O1 HOSTS File: ([2013/07/24 12:49:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2013.4.0.10\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED [2009/11/16 15:39:51 | 000,000,000 | -H-D | M] O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: amazon.com ([www] https in Trusted sites) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fb.familylink.com/we_are_related/stream/core/lib/AurigmaImageUploader/ImageUploader5.cab (Image Uploader Control) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (GMNRev Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl) O16 - DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} http://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab (MySpaceOutlookContactFinder Class) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04E69768-4FAE-495E-BEED-3435FA3351B3}: DhcpNameServer = 68.105.28.11 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CA88BDC-C6DB-4A04-8DB9-A9FB6577EDEA}: DhcpNameServer = 10.0.0.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\user\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/26 08:34:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/24 12:51:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp [2013/07/24 12:39:27 | 000,000,000 | ---D | C] -- C:\ComboFix [2013/07/24 09:16:00 | 005,092,950 | R--- | C] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:51 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\RK_Quarantine [2013/07/23 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\iMesh [2013/07/23 11:28:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/07/23 11:26:59 | 000,560,934 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:12:56 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | C] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/07/22 10:00:51 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe [2013/07/22 09:50:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013/07/22 09:18:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple [2013/07/19 17:41:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/07/19 16:46:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Malwarebytes [2013/07/19 16:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/19 16:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/07/19 16:45:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/07/19 16:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/07/19 14:13:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/19 14:13:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/19 14:13:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/19 14:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/19 14:13:09 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/19 13:11:40 | 000,000,000 | ---D | C] -- C:\found.000 [2013/07/17 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Acelogix [2013/07/17 11:30:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller [2013/07/17 11:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group [2013/07/17 11:25:06 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SUPERAntiSpyware.com [2013/07/17 11:24:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2013/07/17 11:24:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2013/07/17 11:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/17 11:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System TuneUp [2013/07/17 11:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Acelogix [2013/07/17 11:21:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ace Utilities [2013/07/17 11:21:02 | 000,000,000 | ---D | C] -- C:\Program Files\Ace Utilities [2013/07/08 11:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\uPlayer [2013/07/08 11:20:15 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\DefineExt [2011/08/13 13:36:09 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\Users\user\roboex32.dll [2011/08/13 13:36:09 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Users\user\PCDLIB32.DLL [2011/08/13 13:36:09 | 000,150,528 | ---- | C] (Wintertree Software Inc.) -- C:\Users\user\ssce5132.dll [2011/08/13 13:36:08 | 000,415,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltkrn13n.dll [2011/08/13 13:36:08 | 000,338,432 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LFCMP13n.DLL [2011/08/13 13:36:08 | 000,310,272 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltimg13n.dll [2011/08/13 13:36:08 | 000,255,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\LTDIS13n.dll [2011/08/13 13:36:08 | 000,205,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltefx13n.dll [2011/08/13 13:36:08 | 000,137,216 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\ltfil13n.DLL [2011/08/13 13:36:08 | 000,128,000 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lftif13n.dll [2011/08/13 13:36:08 | 000,084,480 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffpx13n.dll [2011/08/13 13:36:08 | 000,072,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lffax13n.dll [2011/08/13 13:36:08 | 000,055,296 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpsd13n.dll [2011/08/13 13:36:08 | 000,049,152 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\Lfwmf13n.dll [2011/08/13 13:36:08 | 000,048,640 | ---- | C] (America Online, Inc.\0) -- C:\Users\user\launch32.dll [2011/08/13 13:36:08 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lttwn13n.dll [2011/08/13 13:36:08 | 000,031,744 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflmb13n.dll [2011/08/13 13:36:08 | 000,029,696 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfbmp13n.dll [2011/08/13 13:36:08 | 000,029,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lflma13n.dll [2011/08/13 13:36:08 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcx13n.dll [2011/08/13 13:36:08 | 000,020,992 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfimg13n.dll [2011/08/13 13:36:08 | 000,019,968 | ---- | C] (LEAD Technologies, Inc.) -- C:\Users\user\lfpcd13n.dll [2011/08/13 13:36:07 | 005,517,312 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbmp32.dll [2011/08/13 13:36:07 | 000,925,696 | ---- | C] (Amyuni Technologies http://www.amyuni.com) -- C:\Users\user\cdintf210.dll [2011/08/13 13:36:07 | 000,548,864 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwstr32.dll [2011/08/13 13:36:07 | 000,102,400 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwbub32.dll [2011/08/13 13:36:07 | 000,061,440 | ---- | C] ( Aqueduct Software, Inc.) -- C:\Users\user\aqueduct.dll [2011/08/13 13:36:07 | 000,048,640 | ---- | C] (Blue Sky Software) -- C:\Users\user\INETWH32.dll [2011/08/13 13:36:07 | 000,045,056 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Ftwmsc32.dll [2011/08/13 13:36:06 | 000,293,360 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.drv [2011/08/13 13:36:06 | 000,231,896 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdf.dll [2011/08/13 13:36:06 | 000,154,893 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfu.dll [2011/08/13 13:36:06 | 000,152,292 | ---- | C] (AMYUNI Technologies http://www.amyuni.com) -- C:\Users\user\acfpdfui.dll [2011/08/13 13:21:36 | 005,967,872 | ---- | C] (MyFamily.com, Inc.) -- C:\Users\user\Family Treemaker.exe [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 08:37:57 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/26 08:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/26 08:34:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2013/07/26 08:30:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/26 08:30:23 | 1581,010,944 | -HS- | M] () -- C:\hiberfil.sys [2013/07/25 19:49:20 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job [2013/07/25 19:49:20 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job [2013/07/25 14:57:10 | 000,000,036 | ---- | M] () -- C:\Users\user\Desktop\defrag.bat [2013/07/24 12:49:15 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013/07/24 09:16:01 | 005,092,950 | R--- | M] (Swearware) -- C:\Users\user\Desktop\ComboFix.exe [2013/07/23 12:29:41 | 000,915,968 | ---- | M] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | M] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/23 11:27:08 | 000,560,934 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user\Desktop\JRT.exe [2013/07/22 15:13:00 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\user\Desktop\dds.scr [2013/07/22 15:11:27 | 000,353,352 | ---- | M] (Malwarebytes Corporation) -- C:\Users\user\Desktop\mbam-check-2.0.0.1000.exe [2013/07/22 09:49:01 | 000,628,554 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/07/22 09:49:01 | 000,108,700 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/07/19 16:45:39 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/18 10:03:54 | 000,007,335 | ---- | M] () -- C:\Windows\wininit.ini [2013/07/18 09:08:06 | 000,000,005 | ---- | M] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2013/07/17 11:30:09 | 000,001,224 | ---- | M] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | M] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | M] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:12 | 000,002,234 | ---- | M] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | M] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/13 18:31:53 | 000,002,362 | ---- | M] () -- C:\Users\user\Desktop\Google Chrome.lnk [2013/07/12 11:14:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/12 11:14:41 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/12 08:54:38 | 000,000,258 | RHS- | M] () -- C:\Users\user\ntuser.pol [2013/07/12 01:40:31 | 000,343,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.ftw [2013/07/06 10:13:05 | 001,102,848 | ---- | M] () -- C:\Users\user\Louis David Geneology.FBK [2013/07/06 10:13:05 | 000,001,781 | ---- | M] () -- C:\Users\user\FTW.ini [2013/07/01 12:09:03 | 003,686,425 | ---- | M] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/25 14:57:10 | 000,000,036 | ---- | C] () -- C:\Users\user\Desktop\defrag.bat [2013/07/23 12:29:41 | 000,915,968 | ---- | C] () -- C:\Users\user\Desktop\RogueKiller.exe [2013/07/23 11:27:33 | 000,666,633 | ---- | C] () -- C:\Users\user\Desktop\AdwCleaner.exe [2013/07/19 16:45:39 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/19 14:13:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/19 14:13:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/19 14:13:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/19 14:13:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/19 14:13:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/18 10:03:10 | 000,007,335 | ---- | C] () -- C:\Windows\wininit.ini [2013/07/17 11:30:09 | 000,001,224 | ---- | C] () -- C:\Users\user\Desktop\Revo Uninstaller.lnk [2013/07/17 11:24:52 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2013/07/17 11:23:42 | 000,001,218 | ---- | C] () -- C:\Users\user\Desktop\Spybot - Search & Destroy.lnk [2013/07/17 11:22:51 | 000,001,865 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk [2013/07/17 11:22:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013/07/17 11:21:30 | 000,001,216 | ---- | C] () -- C:\Users\user\Desktop\System TuneUp.lnk [2013/07/17 11:21:11 | 000,002,234 | ---- | C] () -- C:\Users\user\Desktop\Ace Utilities.lnk [2013/07/14 01:20:51 | 000,002,968 | ---- | C] () -- C:\{A89EC46B-77E1-4FAD-83A8-AA057BBE83A6} [2013/07/12 08:54:38 | 000,000,258 | RHS- | C] () -- C:\Users\user\ntuser.pol [2013/07/01 12:09:01 | 003,686,425 | ---- | C] () -- C:\Users\user\Documents\Fluorescent lighting.pdf [2013/06/16 18:50:03 | 000,000,005 | ---- | C] () -- C:\Users\user\AppData\Roaming\WBPU-TTL.DAT [2012/08/05 14:20:38 | 000,470,869 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBC [2012/04/30 21:53:55 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg.jpeg [2012/04/30 21:51:32 | 000,316,390 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg.jpeg [2012/04/30 21:47:36 | 000,128,443 | ---- | C] () -- C:\Users\user\David Hernandez.jpeg [2012/02/01 15:45:26 | 000,143,476 | ---- | C] () -- C:\Users\user\February 2012 Activity Update.pdf [2012/02/01 15:45:26 | 000,102,116 | ---- | C] () -- C:\Users\user\Feb 2012 Calendar.pdf [2012/01/29 11:41:05 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc [2011/08/21 13:46:00 | 000,009,519 | ---- | C] () -- C:\Users\user\LDS Program.zip [2011/08/21 13:13:10 | 000,118,784 | ---- | C] () -- C:\Users\user\LDS Program.paf [2011/08/13 13:36:09 | 000,023,120 | ---- | C] () -- C:\Users\user\pkwdcl.dll [2011/08/13 13:36:09 | 000,010,432 | ---- | C] () -- C:\Users\user\winsock.aol [2011/08/13 13:36:09 | 000,004,544 | ---- | C] () -- C:\Users\user\New Journal Document.jnt [2011/08/13 13:36:09 | 000,001,096 | ---- | C] () -- C:\Users\user\OLD Documents and Settings - Shortcut.lnk [2011/08/13 13:36:09 | 000,000,412 | ---- | C] () -- C:\Users\user\prd.bin [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.ftw [2011/08/13 13:36:08 | 001,102,848 | ---- | C] () -- C:\Users\user\Louis David Geneology.FBK [2011/08/13 13:36:08 | 001,018,368 | ---- | C] () -- C:\Users\user\Louis David Geneology Backup.FBK [2011/08/13 13:36:08 | 000,338,944 | ---- | C] () -- C:\Users\user\lffpx7.dll [2011/08/13 13:36:08 | 000,122,880 | ---- | C] () -- C:\Users\user\LFKODAK.DLL [2011/08/13 13:36:07 | 001,519,616 | ---- | C] () -- C:\Users\user\ftwmfc.dll [2011/08/13 13:36:07 | 000,435,200 | ---- | C] () -- C:\Users\user\ftwsys.bin [2011/08/13 13:36:07 | 000,001,781 | ---- | C] () -- C:\Users\user\FTW.ini [2009/11/05 13:39:36 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png [2009/08/05 14:48:09 | 000,014,560 | ---- | C] () -- C:\Users\user\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/10/27 08:33:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Clip Art Collection [2011/06/14 14:17:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Garmin [2011/03/23 17:59:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ParetoLogic [2010/12/21 11:51:30 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCDr [2009/08/06 08:34:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Skinux [2009/11/16 15:40:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Template [2011/06/11 18:42:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Tific ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:E965A533 @Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:D1B5B4F1 @Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 152 bytes -> C:\Users\user\David Hernandez.jpeg.jpeg.jpeg:3or4kl4x13tuuug3Byamue2s4b @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report > ------------------------------------- extras OTL Extras logfile created on: 7/26/2013 8:37:35 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.96 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.68% Memory free 3.93 Gb Paging File | 2.59 Gb Available in Paging File | 66.08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 134.36 Gb Total Space | 95.99 Gb Free Space | 71.44% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0CE8E15E-F345-4672-970C-22310B0AE962}" = lport=2869 | protocol=6 | dir=in | app=system | "{1C7BACF9-D1A9-4913-B314-E37EDBA8C4A2}" = lport=139 | protocol=6 | dir=in | app=system | "{375951B1-7932-440A-B431-B160B7914EA4}" = lport=10243 | protocol=6 | dir=in | app=system | "{37599CE3-595C-4077-BA69-B651B5751EC9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{4018BF1A-2D51-416A-AE68-EE2F8B000165}" = lport=138 | protocol=17 | dir=in | app=system | "{44D252A7-EAD9-463E-A6D4-001FE2C88016}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdater.exe | "{4E5D8F7B-4CBA-40DE-B72A-F29186EEF930}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | "{56FBD8AD-49BA-4691-9C65-48D877BEAC02}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{79440DC0-D5AF-40CB-B810-23DF494B1A13}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7E8BD1DC-1C1E-4B02-824A-7ACD0EE99B23}" = rport=445 | protocol=6 | dir=out | app=system | "{92850AA4-B933-4F3F-8744-1939ACA217D0}" = rport=139 | protocol=6 | dir=out | app=system | "{9AA0188C-7BBA-4F05-9EA2-1DD48AE63622}" = lport=2869 | protocol=6 | dir=in | app=system | "{A5275BD9-7E19-41CB-9D40-992FFC7C322D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{B516556D-928A-4EE4-ABB4-21EEB76166C1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{B64D09DC-9FCE-4B8F-8FA1-D20D10475A05}" = rport=137 | protocol=17 | dir=out | app=system | "{BDC048B5-32ED-4501-8D22-DF7BAD46DEC8}" = lport=137 | protocol=17 | dir=in | app=system | "{C9556971-C60F-4CF5-B505-7B35068A81B9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D32FD47B-D2FD-4B49-B824-FFF03AD29799}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | "{D40081B3-CDFE-4098-9587-523203DB3294}" = lport=445 | protocol=6 | dir=in | app=system | "{E2BB1B06-94AD-48FF-B4C2-3628F9EE1CA1}" = rport=10243 | protocol=6 | dir=out | app=system | "{F03F5324-1247-430E-90C2-4F5E60C6EEDB}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service v4\intuitupdateservice.exe | "{F6124371-8D69-41B7-845F-590126F93996}" = rport=138 | protocol=17 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{05F8B144-1705-404A-8B37-2BE81536FEA1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{105247D6-2BF8-45A9-A14D-F5EDF17F71B5}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{20033045-D444-41EF-8FC9-A412D807CAB5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{2222A6BA-2F4E-462B-9072-EAD0A4E83F4C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{2B9D0DF8-CCDD-4C82-9EAC-4796AC73D0BF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{388598CE-028D-4369-AFFF-F230183773BA}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{3B408F0E-EA9E-48BE-925B-8D2EC2CC537B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe | "{43FC0982-5852-4EEC-80C9-744651A4F60B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{4414946B-12C6-40EE-AFFD-CB2AAFA7883D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{4A102BC7-791E-4D88-AD53-9BDE79606197}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{55E95D4F-6997-4C5F-96EB-507EF6AE80EB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{5751CB74-85E3-4F43-9965-8BB472977F12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{593A503C-264C-4CCC-A52E-41D8192EC2C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5E76ED78-1533-44BE-9764-D76F173DB562}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{5EC3B2FD-FE79-4DC8-BB47-BBD7230D8433}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{5F08B597-55BD-4286-A20F-2ED1CAA3023D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6ECEA834-86C1-49EB-80CE-FAD9845C7DD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6FFDB25A-D307-46A1-87CA-C430BF28E680}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{738F7D03-E5C5-4C0C-898E-98C2736EA12D}" = protocol=6 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{76437AF3-E165-44BA-84B0-4EDFFB6B5319}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{794A86B7-E9BF-4CE1-A50B-93AB6E155E6F}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{8FFD5803-A3D1-4F2D-A2FD-1E2C1EB8C6D2}" = protocol=6 | dir=out | app=system | "{91ED1260-3988-4E07-A467-C8E02DDCB040}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{9CB1F707-474B-41AE-8A8D-0298376E9CE2}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{A6A36ADF-FF03-4270-9F49-99188D5999DC}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{A7C4B8D6-5024-4EE8-BF81-44A1FE6711F9}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | "{A86820F8-1932-468D-B09A-7282E3BE568C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B5CABDCA-3189-4E8A-9C67-D4117240C2C7}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{B8B4BA07-8BAE-4B7A-A421-5C8F5D49C97E}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe | "{BAA2B23C-0BBE-461B-A5BC-31CEB3FFA8FB}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | "{BD3C18B3-9446-4962-AC0D-8EF66D363F91}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{BEC37ADD-1232-4C02-B788-6AB12D12278D}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{C514BF3D-BC22-47DB-A1C7-39383EBAE473}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe | "{CDC07AB7-D3FB-4276-B4B2-59D847091CB4}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{D1BA8EF3-ADE7-4B22-A3B9-7EB67A445AC0}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | "{DC663758-03E7-440E-8298-16049962EEA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F6DEF0D9-548F-48E3-B4FB-D74C0B08017A}" = protocol=17 | dir=in | app=c:\program files\common files\motive\pcservicehost.exe | "{F7388795-27EE-42D4-9F05-627C4B8F9CEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{157EE23B-E16C-44A1-B678-E4F7D31E9138}" = TurboTax 2012 wlaiper "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001 "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D63FAE5C-121F-4D15-AC91-13E4F73DFFBC}" = Family Tree Maker "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby "{E461E45A-2B48-42FA-90E1-6F36D85DF101}" = Bing Bar "{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips "{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper "{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase "{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS "{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset "{FC65A49B-D0F4-4CFE-9304-4C6B4412433F}" = TurboTax 2011 wlaiper "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0) "Ace Utilities_is1" = Ace Utilities "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility "CCleaner" = CCleaner "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Defraggler" = Defraggler "ESET Online Scanner" = ESET Online Scanner v3 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NST" = Norton Identity Safe "Revo Uninstaller" = Revo Uninstaller 1.93 "System TuneUp_is1" = System TuneUp "TurboTax 2011" = TurboTax 2011 "TurboTax 2012" = TurboTax 2012 "TVWiz" = Intel® TV Wizard "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Mail" = att.net Internet Mail "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8 ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 7/24/2013 10:11:59 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 7/24/2013 10:12:01 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842785 Description = Activation context generation failed for "c:\program files\cool smiley bar for facebook\BackgroundHost64.exe". Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error - 7/24/2013 10:13:02 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 7/24/2013 10:32:24 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 11:04:47 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 11:31:48 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error - 7/25/2013 11:32:47 AM | Computer Name = user-PC | Source = SideBySide | ID = 16842815 Description = Activation context generation failed for "c:\program files\spybot - search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program files\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid. Error - 7/25/2013 3:03:28 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/25/2013 8:52:57 PM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = Error - 7/26/2013 9:32:16 AM | Computer Name = user-PC | Source = WinMgmt | ID = 10 Description = [ Dell Events ] Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 11/17/2009 2:56:02 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = Failed or canceled Error - 11/17/2009 5:48:55 PM | Computer Name = user-PC | Source = DataSafe | ID = 3 Description = The process has been interrupted and ends prematurely [ OSession Events ] Error - 2/5/2010 12:30:58 PM | Computer Name = user-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 7/24/2013 1:40:06 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7034 Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s). Error - 7/24/2013 1:40:10 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 1:44:40 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 1:49:17 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7030 Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error - 7/24/2013 2:15:45 PM | Computer Name = user-PC | Source = DCOM | ID = 10010 Description = Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = DCOM | ID = 10005 Description = Error - 7/25/2013 12:44:35 PM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdatem) service failed to start due to the following error: %%3 Error - 7/25/2013 3:01:45 PM | Computer Name = user-PC | Source = EventLog | ID = 6008 Description = The previous system shutdown at 1:52:38 PM on ?7/?25/?2013 was unexpected. Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = DCOM | ID = 10005 Description = Error - 7/26/2013 9:32:01 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000 Description = The Google Update Service (gupdatem) service failed to start due to the following error: %%3 < End of report >
  5. Before reading this, after it locked up again, I downloaded defraggler and did a whole dick defrag. Well I tried to run malware again and this time it went all the way to the end. This is what it found. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.23.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16635 user :: USER-PC [administrator] 7/25/2013 4:43:49 PM mbam-log-2013-07-25 (16-43-49).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 410969 Time elapsed: 1 hour(s), 12 minute(s), 58 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 5 HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) So do I proceed with the otl download?
  6. I did and this is why I was sent here.
  7. Wished their was a way to edit a post, I just tried to run malware again, and once it got into filesystem scan it found 5 infection but locks up at this point. When it locks up I must turn off the pc and reboot. So still not sure why it locks up, while everything else will run with no problems.
  8. jerky but malwarebytes still locks up when running
  9. C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Program Files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll.vir Win32/Toolbar.Besttoolbars.C application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart64.exe.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap64.dll.vir Win64/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Users\user\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe.vir Win32/Toolbar.DefaultTab.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (2).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (3).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (4).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup (5).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\FPP_Setup.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup (1).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup (2).exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\MapsSetup.exe Win32/Toolbar.Inbox.A application cleaned by deleting - quarantined C:\Users\user\Downloads\Setup (1).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined C:\Users\user\Downloads\Setup (2).exe a variant of Win32/ExFriendAlert.B application cleaned by deleting - quarantined C:\Users\user\Downloads\setup.exe (1).exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\setup.exe.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined C:\Users\user\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined C:\Users\user\Downloads\uplayermediaplayer-setup.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (1).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (2).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup (3).exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined C:\Users\user\Downloads\VideoPerformerSetup.exe a variant of Win32/InstallBrain.AJ application cleaned by deleting - quarantined
  10. ComboFix 13-07-24.02 - user 07/24/2013 12:41:19.3.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1236 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe Command switches used :: c:\users\user\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\Tasks\AmiUpdXp.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Cool Smiley Bar for Facebook c:\program files\Cool Smiley Bar for Facebook\AddonsFramework.Typelib.dll c:\program files\Cool Smiley Bar for Facebook\background.html c:\program files\Cool Smiley Bar for Facebook\BackgroundHost.exe c:\program files\Cool Smiley Bar for Facebook\BackgroundHost64.exe c:\program files\Cool Smiley Bar for Facebook\BackgroundHostPS.dll c:\program files\Cool Smiley Bar for Facebook\ButtonSite.dll c:\program files\Cool Smiley Bar for Facebook\ButtonSite64.dll c:\program files\Cool Smiley Bar for Facebook\config.xml c:\program files\Cool Smiley Bar for Facebook\content.js c:\program files\Cool Smiley Bar for Facebook\icon128.png c:\program files\Cool Smiley Bar for Facebook\icon16.png c:\program files\Cool Smiley Bar for Facebook\icon48.png c:\program files\Cool Smiley Bar for Facebook\jquery-1.9.1.min.js c:\program files\Cool Smiley Bar for Facebook\json2.min.js c:\program files\Cool Smiley Bar for Facebook\mz\background.js c:\program files\Cool Smiley Bar for Facebook\mz\content.js c:\program files\Cool Smiley Bar for Facebook\ScriptHost.dll c:\program files\Cool Smiley Bar for Facebook\uninst.exe c:\program files\Cool Smiley Bar for Facebook\uninstall.exe c:\program files\Cool Smiley Bar for Facebook\updater.js c:\program files\Cool Smiley Bar for Facebook\updaterWrapper.js c:\users\user\AppData\Local\SwvUpdater c:\users\user\AppData\Local\SwvUpdater\status.cfg c:\users\user\AppData\Local\SwvUpdater\Updater.exe c:\users\user\AppData\Local\SwvUpdater\Updater.xml c:\users\user\AppData\Roaming\PlusWinks c:\users\user\AppData\Roaming\PlusWinks\pluswinks.crx c:\users\user\AppData\Roaming\SpeedAnalysis2 c:\users\user\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx . . ((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 ))))))))))))))))))))))))))))))) . . 2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\user\AppData\Local\temp 2013-07-24 17:49 . 2013-07-24 17:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh 2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT 2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java 2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:00 . 2013-07-24 14:31 -------- d-----w- c:\users\user\AppData\Local\Adobe 2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT 2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple 2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET 2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000 2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix 2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group 2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com 2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities 2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer 2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec 2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "<NO NAME>"= . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400] R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x] R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . --- Other Services/Drivers In Memory --- . *Deregistered* - EraserUtilRebootDrv *Deregistered* - SPBBCDrv *Deregistered* - SYMDNS *Deregistered* - SYMFW *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI . Contents of the 'Scheduled Tasks' folder . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . . ------- Supplementary Scan ------- . Trusted Zone: $talisma_url$ Trusted Zone: amazon.com\www TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-Cool Smiley Bar for Facebook - c:\program files\Cool Smiley Bar for Facebook\uninstall.exe AddRemove-PlusWinks - c:\program files\Cool Smiley Bar for Facebook\uninst.exe AddRemove-{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} - c:\users\user\AppData\Local\SwvUpdater\Updater.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-24 12:50:58 ComboFix-quarantined-files.txt 2013-07-24 17:50 ComboFix2.txt 2013-07-24 14:27 ComboFix3.txt 2013-07-19 19:35 . Pre-Run: 102,627,860,480 bytes free Post-Run: 102,581,096,448 bytes free . - - End Of File - - D42E0C266D5DBC8881F93E9C724F71B2 A36C5E4F47E84449FF07ED3517B43A31
  11. ComboFix 13-07-24.02 - user 07/24/2013 9:17.2.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2010.1111 [GMT -5:00] Running from: c:\users\user\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2013-06-24 to 2013-07-24 ))))))))))))))))))))))))))))))) . . 2013-07-24 14:25 . 2013-07-24 14:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-07-23 17:24 . 2013-07-23 17:24 -------- d-----w- c:\users\user\AppData\Local\SwvUpdater 2013-07-23 17:17 . 2013-07-23 17:17 -------- d-----w- c:\program files\iMesh 2013-07-23 16:54 . 2013-07-23 16:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2013-07-23 16:28 . 2013-07-23 16:28 -------- d-----w- c:\windows\ERUNT 2013-07-22 15:06 . 2013-07-22 15:06 -------- d-----w- c:\program files\Common Files\Java 2013-07-22 15:06 . 2013-07-22 15:05 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-22 15:00 . 2013-07-22 15:02 -------- d-----w- c:\users\user\AppData\Local\Adobe 2013-07-22 14:50 . 2013-07-22 14:52 -------- d-----w- c:\windows\system32\MRT 2013-07-22 14:38 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-07-22 14:38 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys 2013-07-22 14:38 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll 2013-07-22 14:38 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll 2013-07-22 14:38 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll 2013-07-22 14:18 . 2013-07-22 14:18 -------- d-----w- c:\users\user\AppData\Local\Apple 2013-07-19 22:41 . 2013-07-19 22:41 -------- d-----w- c:\program files\ESET 2013-07-19 21:46 . 2013-07-19 21:46 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\programdata\Malwarebytes 2013-07-19 21:45 . 2013-07-19 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-07-19 21:45 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-07-19 19:28 . 2013-07-24 14:25 -------- d-----w- c:\users\user\AppData\Local\temp 2013-07-19 18:11 . 2013-07-19 18:11 -------- d-----w- C:\found.000 2013-07-17 19:10 . 2013-07-17 19:10 -------- d-----w- c:\users\user\AppData\Local\Acelogix 2013-07-17 16:30 . 2013-07-17 16:30 -------- d-----w- c:\program files\VS Revo Group 2013-07-17 16:25 . 2013-07-17 16:25 -------- d-----w- c:\users\user\AppData\Roaming\SUPERAntiSpyware.com 2013-07-17 16:24 . 2013-07-17 16:26 -------- d-----w- c:\program files\SUPERAntiSpyware 2013-07-17 16:22 . 2013-07-17 16:22 -------- d-----w- c:\program files\CCleaner 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Acelogix 2013-07-17 16:21 . 2013-07-17 16:21 -------- d-----w- c:\program files\Ace Utilities 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\PlusWinks 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\users\user\AppData\Roaming\SpeedAnalysis2 2013-07-12 14:12 . 2013-07-12 14:12 -------- d-----w- c:\program files\Cool Smiley Bar for Facebook 2013-07-11 18:41 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll 2013-07-11 18:41 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-11 18:41 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll 2013-07-11 18:41 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys 2013-07-11 18:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll 2013-07-11 18:41 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll 2013-07-11 18:41 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll 2013-07-11 18:41 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL 2013-07-11 18:41 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll 2013-07-11 18:41 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll 2013-07-11 18:41 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll 2013-07-08 16:23 . 2013-07-09 11:28 -------- d-----w- c:\program files\uPlayer 2013-07-08 16:21 . 2013-02-05 07:25 632656 ----a-w- c:\windows\system32\msvcr80.dll 2013-07-08 16:21 . 2013-02-05 07:25 554832 ----a-w- c:\windows\system32\msvcp80.dll 2013-07-08 16:21 . 2013-02-05 07:25 479232 ----a-w- c:\windows\system32\msvcm80.dll 2013-07-08 16:21 . 2013-02-05 07:25 773968 ----a-w- c:\windows\system32\msvcr100.dll 2013-07-08 16:21 . 2013-02-05 07:25 421200 ----a-w- c:\windows\system32\msvcp100.dll 2013-07-08 16:20 . 2013-07-23 16:21 -------- d-----w- c:\users\user\AppData\Local\DefineExt . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-07-22 15:05 . 2012-06-20 00:16 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-22 15:02 . 2012-03-29 11:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-22 15:02 . 2011-05-16 13:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-06-13 02:48 . 2011-03-24 14:39 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-22 17:32 . 2013-05-22 17:32 8281168 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE 2013-05-13 04:45 . 2013-06-13 00:28 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-05-13 04:45 . 2013-06-13 00:28 1160192 ----a-w- c:\windows\system32\crypt32.dll 2013-05-13 04:45 . 2013-06-13 00:28 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-05-13 03:08 . 2013-06-13 00:28 903168 ----a-w- c:\windows\system32\certutil.exe 2013-05-13 03:08 . 2013-06-13 00:28 43008 ----a-w- c:\windows\system32\certenc.dll 2013-05-10 03:20 . 2013-06-13 00:28 24576 ----a-w- c:\windows\system32\cryptdlg.dll 2013-05-08 05:38 . 2013-06-13 00:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-05-06 05:06 . 2013-06-13 00:28 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-05-06 05:06 . 2013-06-13 00:28 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-05-01 08:59 . 2013-05-01 08:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2013-05-01 08:59 . 2013-05-01 08:59 69632 ----a-w- c:\windows\system32\QuickTime.qts 2013-04-30 04:36 . 2013-04-30 04:36 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-04-30 04:36 . 2013-04-30 04:36 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-04-30 04:36 . 2013-04-30 04:36 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-04-30 04:36 . 2013-04-30 04:36 61952 ----a-w- c:\windows\system32\tdc.ocx 2013-04-30 04:36 . 2013-04-30 04:36 523264 ----a-w- c:\windows\system32\vbscript.dll 2013-04-30 04:36 . 2013-04-30 04:36 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-04-30 04:36 . 2013-04-30 04:36 38400 ----a-w- c:\windows\system32\imgutil.dll 2013-04-30 04:36 . 2013-04-30 04:36 361984 ----a-w- c:\windows\system32\html.iec 2013-04-30 04:36 . 2013-04-30 04:36 23040 ----a-w- c:\windows\system32\licmgr10.dll 2013-04-30 04:36 . 2013-04-30 04:36 185344 ----a-w- c:\windows\system32\elshyph.dll 2013-04-30 04:36 . 2013-04-30 04:36 158720 ----a-w- c:\windows\system32\msls31.dll 2013-04-30 04:36 . 2013-04-30 04:36 150528 ----a-w- c:\windows\system32\iexpress.exe 2013-04-30 04:36 . 2013-04-30 04:36 1441280 ----a-w- c:\windows\system32\inetcpl.cpl 2013-04-30 04:36 . 2013-04-30 04:36 138752 ----a-w- c:\windows\system32\wextract.exe 2013-04-30 04:36 . 2013-04-30 04:36 137216 ----a-w- c:\windows\system32\ieUnatt.exe 2013-04-30 04:36 . 2013-04-30 04:36 12800 ----a-w- c:\windows\system32\mshta.exe 2013-04-30 04:36 . 2013-04-30 04:36 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-04-26 04:55 . 2013-06-13 00:28 492544 ----a-w- c:\windows\system32\win32spl.dll 2013-04-25 23:30 . 2013-06-13 00:28 1505280 ----a-w- c:\windows\system32\d3d11.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}] 2013-04-02 08:01 1467528 ----a-w- c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "GoogleChromeAutoLaunch_4E874A737D5662A34EBBEADB3A9C4A09"="c:\users\user\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-07-12 846288] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-07-17 4760816] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-09 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-03-31 217088] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-31 483428] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-2-27 1316192] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -hx [2008-5-10 282624] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-2-27 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI] 2008-12-21 18:34 3810304 ----a-w- c:\windows\System32\WLTRAY.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2008-05-07 22:41 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launcher] 2009-10-02 19:48 165104 ----a-w- c:\program files\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] 2009-02-05 02:26 128232 ----a-w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" "Google Update"="c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "blspcloader"="c:\program files\ATT Internet Tools\blsloader.exe" "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "<NO NAME>"= . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.exe [2013-04-02 193672] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-23 40776] R3 PCD5SRVC{3F6A8B78-EC003E00-05040104};PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver; [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-04-17 1343400] R4 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [x] R4 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x] R4 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x] R4 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x] S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccSetx86.sys [2013-04-16 134744] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_4c73f4a9a59a84bb\aestsrv.exe [2009-03-31 81920] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672] S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe [2013-05-21 144368] S2 SftService;SoftThinks Agent Service;c:\program files\Dell DataSafe Local Backup\sftservice.exe [2009-10-02 656624] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.exe [2013-04-02 240264] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - TRUESIGHT *Deregistered* - EraserUtilRebootDrv *Deregistered* - SPBBCDrv *Deregistered* - SYMDNS *Deregistered* - SYMFW *Deregistered* - SYMNDISV *Deregistered* - SYMREDRV *Deregistered* - SYMTDI *Deregistered* - TrueSight . Contents of the 'Scheduled Tasks' folder . 2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 15:02] . 2013-07-24 c:\windows\Tasks\AmiUpdXp.job - c:\users\user\AppData\Local\SwvUpdater\Updater.exe [2013-07-23 17:24] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 03:40] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000Core.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . 2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3094632099-2433005807-751425020-1000UA.job - c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-07 10:47] . . ------- Supplementary Scan ------- . Trusted Zone: $talisma_url$ Trusted Zone: amazon.com\www TCP: DhcpNameServer = 10.0.0.1 . - - - - ORPHANS REMOVED - - - - . AddRemove-DSite - c:\users\user\AppData\Roaming\DSite\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO] "ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-07-24 09:27:05 ComboFix-quarantined-files.txt 2013-07-24 14:27 ComboFix2.txt 2013-07-19 19:35 . Pre-Run: 102,558,375,936 bytes free Post-Run: 102,565,122,048 bytes free . - - End Of File - - 4D4845E579B58B743D7654B894B681EC A36C5E4F47E84449FF07ED3517B43A31
  12. # AdwCleaner v2.306 - Logfile created 07/23/2013 at 11:33:03 # Updated 19/07/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits) # User : user - USER-PC # Boot Mode : Normal # Running from : C:\Users\user\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files\Common Files\ParetoLogic Folder Deleted : C:\ProgramData\ParetoLogic ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\SearchProtect Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4E77-A640-78EE8EC8673B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} Key Deleted : HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FB6D58DD787439A4995AF3C00FEA8843 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB05974.TBSB05974Toolbar Key Deleted : HKLM\Software\SearchProtect Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16635 [OK] Registry is clean. -\\ Mozilla Firefox v [unable to get version] -\\ Google Chrome v28.0.1500.72 ************************* AdwCleaner[s1].txt - [4845 octets] - [23/07/2013 11:33:04] ########## EOF - C:\AdwCleaner[s1].txt - [4905 octets] ########## -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.2.2 (07.22.2013:2) OS: Windows 7 Home Premium x86 Ran by user on Tue 07/23/2013 at 11:28:41.56 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] cltmngsvc Successfully deleted: [service] cltmngsvc ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\bho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\defaulttabbho.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\appid\{18b9b16e-716f-43df-a6ad-512c7d2eb983} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\default tab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\default tab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\defaulttab Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\defaulttab Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\fun web products Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\funwebproducts Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\mywebsearch Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\stats\{8736c681-37a0-40c6-a0f0-4c083409151c} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\defaulttabbho.defaulttabbrowseractivex.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\webcakedesktop_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3279411 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3289663 Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{112A7E09-6595-D1C3-2C4E-CDFD9E56B66C} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{456DADC9-06DC-42DF-AD83-C3196CDB1625} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B1E3D3CE-3549-430F-8822-01240E400989} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{CECB5D17-5B44-4CED-8179-BD0AF911C5FC} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EA7D7B9C-C5AE-405E-ACA7-F4673BED1900} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{13796C65-BBE9-4BB0-8E72-B7A26F519A0D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Successfully deleted: [Registry Key] "hkey_local_machine\software\apn" Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\interface\{ac71b60e-94c9-4ede-ba46-e146747bb67e}" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e" Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef" ~~~ Files Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll" Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll" ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\tarma installer" Successfully deleted: [Folder] "C:\ProgramData\wecarereminder" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\defaulttab" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\drivercure" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\dsite" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\file scout" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\performersoft" Successfully deleted: [Folder] "C:\Users\user\AppData\Roaming\registry mechanic" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\funwebproducts" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\mywebsearch" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\pricegong" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\sweetim" Successfully deleted: [Folder] "C:\Users\user\appdata\locallow\toolbar4" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\searchprotect" Successfully deleted: [Folder] "C:\ProgramData\ask" Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}" ~~~ Chrome Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 07/23/2013 at 11:31:19.67 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -------------------------------------------------------------------------- RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Remove -- Date : 07/23/2013 12:34:41 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1) [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> DELETED [V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> DELETED ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++ --- User --- [MBR] 04fed4a20147b5da2437ac64a81ba55f [bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_07232013_123441.txt >> RKreport[0]_S_07232013_123257.txt ------------------------------------------------------------------- RogueKiller V8.6.3 [Jul 17 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : user [Admin rights] Mode : Scan -- Date : 07/23/2013 12:32:57 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 7 ¤¤¤ [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] IHUninstallTrackingTASK : CMD - /C DEL C:\Users\user\AppData\Local\Temp\IHUC447.tmp.exe [x][x] -> FOUND [V2][sUSP PATH] TidyNetwork Update : C:\Users\user\AppData\Local\TidyNetwork.com\tidy2update.exe [x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: TOSHIBA MK1655GSX +++++ --- User --- [MBR] 04fed4a20147b5da2437ac64a81ba55f [bSP] b36e7300d4773d7b7ca0cc43aaba9b3e : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 137586 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_07232013_123257.txt >>
  13. I tried to run Malware again and it locked up once it gets into system file scans. Here are the other reports. AdwCleanerS1.txt JRT.txt RKreport0_D_07232013_123441.txt RKreport0_S_07232013_123257.txt
  14. Sorry you meant to add it to Norton, I no longer have Norton installed I removed it, so do I attempt to run Malware again?
  15. Ok I am up to step 4, but I don't see where to add this in the malware program Please add in exclusions in Norton Internet Security Malwarebytes' Anti-Malware. I am looking but don't see a exclusions tab or where it may be. Sorry.