Sponsored By

krh71669

Members
  • Content Count

    19
  • Joined

  • Last visited

About krh71669

  • Rank
    Member
  1. krh71669

    Computer needs HELP!

    Thanks Chuck! Everything seems to be working great!! One quick question...and it may sound silly.... why at times does my computer sound like its an airplane trying to take off?? Kim
  2. krh71669

    Computer needs HELP!

    WOO HOO!! AVG IS GONE!!!
  3. krh71669

    Computer needs HELP!

    Chuck, I downloaded the Revo....but when it pulled up the list of things to uninstall it does not have AVG listed And yes the computer is running much better
  4. krh71669

    Computer needs HELP!

    Ok Windows Defender is on... Ran the OTL.... when computer rebooted the same message appeared... AVGUI.EXE --unable to locate component This application has failed to start because mfc110u.dll was not found. Re-installing the application may fix this problem. AVG 2014 is still in my program files but it still won't let me delete----and it won't even let me turn it on in security settings....so IDK what to do about it Never did see OfferMosquito in my programs..... Java, Flash Player, Adobe Reader have all been uninstalled and reinstalled
  5. krh71669

    Computer needs HELP!

    Umm how do I enable real time protection??
  6. krh71669

    Computer needs HELP!

    All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry value HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{426AA380-9A4E-41CE-93CB-B19C29F9B3C9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{426AA380-9A4E-41CE-93CB-B19C29F9B3C9}\ not found. Registry key HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DECA3892-BA8F-44b8-A993-A466AD694AE4}\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper\ not found. C:\Users\kim\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Extensions folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\META-INF folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\defaults\preferences folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\defaults folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\chrome\skin folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\chrome\locale folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\chrome\content folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected]\chrome folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected] folder moved successfully. C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully. Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\ not found. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}\ deleted successfully. C:\Users\kim\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. File Protocol\Handler\livecall - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully. File Protocol\Handler\msdaipp - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found. File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found. File Protocol\Handler\msdaipp\oledb - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully. File Protocol\Handler\ms-itss - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. File Protocol\Handler\msnim - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-offdap\ deleted successfully. File Protocol\Handler\mso-offdap - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully. File Protocol\Handler\skype4com - No CLSID value found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. File Protocol\Handler\wlmailhtml - No CLSID value found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully. File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully. File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found. C:\Users\kim\AppData\Local\ext_offermosquito folder moved successfully. C:\Users\kim\AppData\Roaming\OfferMosquito folder moved successfully. Folder C:\Users\kim\AppData\Roaming\OfferMosquito\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: AppData User: Default User: Default User User: kim ->Java cache emptied: 648062 bytes User: Public Total Java Files Cleaned = 1.00 mb [EMPTYFLASH] User: All Users User: AppData User: Default ->Flash cache emptied: 41 bytes User: Default User ->Flash cache emptied: 0 bytes User: kim ->Flash cache emptied: 506 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: AppData User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: kim ->Temp folder emptied: 174451510 bytes ->Temporary Internet Files folder emptied: 93905339 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 194251701 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1381512012 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 6043087 bytes Total Files Cleaned = 1,765.00 mb File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11052013_200002 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot...
  7. krh71669

    Computer needs HELP!

    I did not see OfferMosquito....so I ran the OTL when the computer rebooted the following box appeared... AVGUI.EXE --unable to locate component This application has failed to start because mfc110u.dll was not found. Re-installing the application may fix this problem. Didn't know if that was important or not in the process of things.... posting the OTL results now
  8. krh71669

    Computer needs HELP!

    RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : kim [Admin rights] Mode : Remove -- Date : 11/05/2013 08:34:58 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400AAKS-22A7B0 ATA Device +++++ --- User --- [MBR] a2b6d515125af9ca23903bf902c41c0b [bSP] 1101684babaf2f1ca532bb2ba749f057 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15868 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32499495 | Size: 594608 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_11052013_083458.txt >> RKreport[0]_D_11042013_211831.txt;RKreport[0]_S_11042013_211723.txt;RKreport[0]_S_11052013_083208.txt
  9. krh71669

    Computer needs HELP!

    Results of screen317's Security Check version 0.99.76 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! AVG AntiVirus Free Edition 2014 Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (25.0) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1 % ````````````````````End of Log``````````````````````
  10. krh71669

    Computer needs HELP!

    Yes Chuck....that it what I got when I ran the Security Check
  11. krh71669

    Computer needs HELP!

    OTL Extras logfile created on: 11/4/2013 9:25:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 47.04% Memory free 11.69 Gb Paging File | 8.74 Gb Available in Paging File | 74.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580.67 Gb Total Space | 430.06 Gb Free Space | 74.06% Space Free | Partition Type: NTFS Drive D: | 15.50 Gb Total Space | 8.01 Gb Free Space | 51.66% Space Free | Partition Type: NTFS Computer Name: KIM-PC | User Name: kim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = B7 4D 73 53 8A 51 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07F3F4EB-2506-427F-84CC-954885E1E323}" = rport=445 | protocol=6 | dir=out | app=system | "{0EFA5CC5-5913-42A9-9BC9-8011962756A3}" = lport=445 | protocol=6 | dir=in | app=system | "{111B29EE-C6E5-488A-8829-93E3EE124A15}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1636333F-78DA-4B8B-80D0-0335B35A27E1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2E56CAE2-1780-4799-97E6-2A2A5DF4396B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{2F55F7CC-AA40-4D81-9DE8-B41496F2340D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{3019BBB0-C8C9-4B47-BE57-C8E99CAA394A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{34C27F19-1606-4383-8FFD-3C557114CEAD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{581F4925-AEEB-4FDB-922F-41636A7DF45A}" = lport=139 | protocol=6 | dir=in | app=system | "{6917D2FF-EBF6-4FC7-8309-18FC539AA811}" = lport=137 | protocol=17 | dir=in | app=system | "{6F5F2FF2-8273-4D90-826B-FE5ACEB6216A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{76B24D94-C5EC-4690-AA6B-5D7C91D0D5EF}" = rport=139 | protocol=6 | dir=out | app=system | "{82995307-6676-4A29-8A01-C00263D3D570}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{88321329-3D76-491F-9464-984B352EC298}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{983CCFC2-5ECE-4A4A-9977-2AF59A3D2ECE}" = lport=138 | protocol=17 | dir=in | app=system | "{A5AC3994-4ABB-4F5D-9C30-3BDC13F4DC9C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BB8412C0-ECBB-4ACD-805E-97BBAA9E0272}" = lport=2869 | protocol=6 | dir=in | app=system | "{BD7798FF-D5F3-428D-87A2-DC23DDFBC224}" = rport=138 | protocol=17 | dir=out | app=system | "{DA9710E2-F3CF-4157-9BAE-3F2A7A394D99}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{F69DD6D3-1B4A-4224-A2DF-3B329F8A0F57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FBDFC71F-7F02-425B-8E8D-43468C348EE0}" = rport=137 | protocol=17 | dir=out | app=system | "{FC72388B-1E34-4CC0-B02A-7F732A0ADF40}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00C2E06B-A34D-44E3-A752-3C0E95B14250}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{01B85DC7-178A-4C53-839E-DCC0D3DA4280}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{04D8D5A6-06CF-4CD0-8FF0-6342170D2406}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0AC2E789-7464-4614-A301-DC00FB7807DC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{0EE52386-D9F8-43E6-82EA-FE5FA1C36DD7}" = protocol=17 | dir=in | app=c:\users\kim\appdata\local\temp\bundlesweetimsetup.exe | "{175D6CE0-548F-4CF0-85C0-C7ABE813784A}" = protocol=1 | dir=out | [email protected],-28544 | "{19ED6B19-A9DD-4D2D-9C63-F86FC947EF38}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1A42EFA7-CD26-4B1C-8743-BA21EDE41AA1}" = dir=in | app=c:\program files (x86)\file type assistant\tsassist.exe | "{2108CF2E-D935-4690-9854-857C8DD138D1}" = protocol=58 | dir=in | [email protected],-28545 | "{2268ACD6-D163-4D35-8D03-9241F1BCF8F7}" = protocol=1 | dir=in | [email protected],-28543 | "{22EAE56E-CA5A-43CC-946B-8EF3410E4B60}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{2F910DDD-1ABF-4C25-A607-BD4D6A1806D1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{3EFB4402-3B7B-4309-A04F-2F4B24EEFECF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{42A82EA9-A992-40C9-ADBD-FEFD8524B211}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{43D8281F-D7BB-44AF-8870-F6B722D6265F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{4540EB74-87AE-4983-81A6-233B32DEB336}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{462B6A62-9DBC-4ABF-8F24-262544D766E0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{481A21F3-1BC6-460B-966B-661A9F19F597}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | "{4A3EF15D-CFCD-4727-8144-C51B1F1DEA91}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{4A498E29-C335-4A26-831E-AB7D94DAD471}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxducoms.exe | "{4AC21C92-18A9-4020-B9DD-41EC7D234BE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{4C01DDA0-EAD8-41ED-BB35-5B9AD0DB301E}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe | "{5020C428-F995-4C81-89A4-527535B79737}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{56B11C1B-ED95-4CAC-822A-16C7887CC7F9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeenc2.exe | "{582A7C2F-CB15-4C6C-A966-ADB2F3982772}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{5ACEB2D9-879E-4652-A842-4016578E1210}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{5F8B2A60-72E1-44B6-A199-3BF0C2F896AD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{69513CB0-0187-436D-A909-DF994C98A494}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6AD6176C-FACC-4641-97C3-C8435B6C3F48}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{70227990-D4B7-4E9E-986F-4ECDF4911B9B}" = protocol=17 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe | "{72A9BEF8-AB90-4CB3-B639-DDCBE6C9A357}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{7483D81E-F05A-4E86-A830-D64130ADEDA4}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{757E2B75-0E80-4695-83F8-EAEC695EAEF7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C44D7F8-1B83-413A-ABDA-9DE6BC39D22A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | "{809E5772-F348-4DB9-AB4D-98D951ED1992}" = protocol=58 | dir=out | [email protected],-28546 | "{81C8ABCC-A060-43C4-9EA5-7785857E27A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{87B6BA15-F0E7-42C9-8B46-B6C4763DCD7A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8866EB0F-2204-4B52-9F24-C10A6688A500}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8A3A2401-F003-4412-8BEB-A1C5D42640C5}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8DC58C3C-33FC-4B3F-AE1B-1E185D70B563}" = dir=in | app=c:\users\kim\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{924EFF19-5E7C-4439-BBD3-34E5A86E48B5}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | "{96510256-5CE3-4C12-9133-83E738AEC7BF}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{9D9C8892-2B95-45F8-97F2-7CE3C9A1B0FF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | "{A8B9C980-184D-4A10-BC4E-33ED92C127F3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifecam.exe | "{AAB51C22-406B-4778-BE9C-D460F639FD23}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{ACC899ED-8A99-4C46-BC93-77C1088C60F0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B1D9D942-3D44-4903-85BA-2291CE6C6437}" = protocol=17 | dir=in | app=c:\windows\system32\lxducoms.exe | "{B3A6B35F-1819-4333-AFE8-DB2734E2C4F7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{B41CD27E-BD13-43B4-B409-CAD27FC2ED0F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{BB215B64-00C1-4C44-844A-BAA5BA62AF26}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{BD1119F1-3898-4EDA-9C96-4DC3D8CDD9EA}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | "{BDE2D029-A5AD-41C7-AB03-8653C29FB6AE}" = protocol=17 | dir=in | app=c:\users\kim\appdata\local\temp\imsetup.exe | "{C0A89730-2339-47FA-984C-54162166F8AD}" = protocol=6 | dir=in | app=c:\users\kim\appdata\local\temp\bundlesweetimsetup.exe | "{C236CA33-8E97-47F2-9684-D6D7EF98856E}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxducoms.exe | "{C539C6A9-6852-4D29-A27B-0FA7A3081779}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{C8D22254-59AF-4F96-8A6D-F71CC4866803}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifeexp.exe | "{CB211F90-2CE7-4B9E-AED8-4F61C3AE7545}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{CC96466F-D611-4910-9490-64B5809C66D6}" = protocol=6 | dir=in | app=c:\windows\system32\lxducoms.exe | "{D3E01323-2530-40B1-8220-A47F2691BA89}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D89AEB2D-E954-438E-9A00-A60E126B547F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{DE284563-A387-4A36-9044-0B4153C8F5EC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{DF1DE825-F308-4C7A-9426-C8E847DF6955}" = protocol=6 | dir=in | app=c:\users\kim\appdata\local\temp\imsetup.exe | "{E20ECC1F-7F68-4D30-96FE-EA8DAEFF9745}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | "{E3895B0C-B19A-464F-90ED-5AB597729550}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{F5B5B178-14C2-4260-ADD2-FD3BD8ADFC80}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft lifecam\lifetray.exe | "{F8DE897B-43F6-4E06-AEFD-685590666571}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | "{FB0A453E-0F4E-4C4C-B766-4706ACE98119}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\lxduamon.exe | "{FB563425-8B3A-41C4-A758-6D5EFE998807}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{FEF9E0B3-65E1-41C5-B46A-96163610E9BE}" = protocol=6 | dir=in | app=c:\program files (x86)\lexmark 5600-6600 series\frun.exe | "TCP Query User{12E8C586-BC91-4808-8EF9-8D1B65784CC0}C:\users\kim\desktop\backup assistant plus\verizon.exe" = protocol=6 | dir=in | app=c:\users\kim\desktop\backup assistant plus\verizon.exe | "TCP Query User{36C55E6B-A664-482D-9CFE-CD8D5DBE9DF9}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "TCP Query User{53B72BAC-8765-41B0-B183-CB48F34EA0B0}C:\users\kim\desktop\backup assistant plus\v cast backup scheduler.exe" = protocol=6 | dir=in | app=c:\users\kim\desktop\backup assistant plus\v cast backup scheduler.exe | "UDP Query User{3224A36C-778F-456A-B16B-E9680F9E4FA0}C:\program files (x86)\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\real\realplayer\realplay.exe | "UDP Query User{63A9E9E3-19CC-437B-9306-90683A8137CE}C:\users\kim\desktop\backup assistant plus\verizon.exe" = protocol=17 | dir=in | app=c:\users\kim\desktop\backup assistant plus\verizon.exe | "UDP Query User{76F4BAF8-FF6D-4CAC-BC99-6F8C43132E15}C:\users\kim\desktop\backup assistant plus\v cast backup scheduler.exe" = protocol=17 | dir=in | app=c:\users\kim\desktop\backup assistant plus\v cast backup scheduler.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{19150532-B022-ED76-E4A0-8CCDA2392865}" = ATI Catalyst Install Manager "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam "{602F3A04-8E58-D94D-C4AE-3639EE32A86C}" = ccc-utility64 "{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{AA50158A-AE06-4806-8BFB-340442BD4B4C}" = AVG 2014 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "AVG" = AVG 2014 "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP "Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64) "{06B58440-68A7-38D8-8E9E-196562DED794}" = Catalyst Control Center Localization Finnish "{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth "{0A2EC2D0-3CC4-DAD7-5FF3-6DBE23C425AE}" = ccc-core-static "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{21868F30-2552-F0BB-E306-1F1B51DE93F8}" = Catalyst Control Center Localization French "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64) "{30D703EE-4DFB-E49A-0A22-6730843CCBF4}" = Catalyst Control Center Localization Norwegian "{3F80158B-24BB-8F79-ACBE-4B97DF295B8C}" = CCC Help French "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0 "{4677674C-59CE-41B0-AA32-44A30A9D1EEB}" = Catalyst Control Center - Branding "{490FFEA3-C381-408D-A6EF-36ECEC96F6DA}" = Catalyst Control Center Graphics Light "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.9 "{50792301-7B8B-2DC7-68B8-C5519E6923FA}" = Catalyst Control Center Graphics Full Existing "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{522A4AEA-8307-1E11-770A-A374EE0BCA26}" = CCC Help Finnish "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{5C479D2C-064D-3BEF-A863-5330B04AC830}" = Catalyst Control Center Localization Spanish "{5D6ADEB4-5463-8AA3-6A8D-2803C28F0DFE}" = CCC Help Spanish "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries "{5F8019FE-EA36-30DF-0065-FFD123831056}" = Catalyst Control Center Localization Danish "{64B19FE7-19F6-F51A-AC02-36D5D5CB8CC8}" = CCC Help Norwegian "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{786DDE28-1D18-F15A-30D0-DF50AFFC9F6E}" = CCC Help Japanese "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{79207BEE-6CD3-483C-824C-944663BACAC4}" = TaxCut Premium + Efile 2008 "{7CDE7547-641A-71C8-D45F-E9AF198508AD}" = Skins "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{83F70099-5F0D-162B-8714-685FAD21BABB}" = Catalyst Control Center Localization Japanese "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8EA21272-8991-E1D9-262F-5AF96AB47204}" = CCC Help Dutch "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{92A0792A-E771-4C4A-9A4A-C2917AA19EEA}" = H&R Block Basic + Efile 2009 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth "{96E91B3F-6BDF-4B50-AE8E-CB9EA7860D07}" = Catalyst Control Center Graphics Full New "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A2BF7B16-A53E-E364-E1F7-D636B88494CF}" = CCC Help Italian "{A561534E-5DCF-9BC3-A1A1-123C60FEA8AD}" = CCC Help Danish "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8) "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BB218AF1-A6C5-6C18-7AEB-A12EB861E82C}" = Catalyst Control Center Localization Dutch "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{C2525F94-F192-FB03-1057-F00D37E098CF}" = Catalyst Control Center Graphics Previews Vista "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CD386248-1FE5-8B04-740C-CF1C34894BD5}" = CCC Help Swedish "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D57009CB-452D-C9DA-DDD4-5F2A75A44124}" = CCC Help English "{D8614D9C-504E-50E9-3F67-CE6B0E343296}" = Catalyst Control Center Localization German "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F20F7666-75B6-9A90-53B6-3A3B4F3196DD}" = Catalyst Control Center Localization Italian "{F25F87C7-93FA-EF45-D2FB-7985245C000B}" = Catalyst Control Center Localization Swedish "{F3BFDF56-2D0F-FE46-59CB-FA055AE014CB}" = Catalyst Control Center Core Implementation "{FC3190B1-D1B0-0FB2-7261-4AAA9B2831B0}" = CCC Help German "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Aleks 3.12" = Aleks 3.12 "AST Android SMS Transfer_is1" = AST Android SMS Transfer 1.5 "Backup Assistant Plus" = Backup Assistant Plus "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19] "Google Updater" = Google Updater "HTC_WModemDriver" = WModem Driver Installer "IECT3310511" = SweetPacks Toolbar for IE "InstallShield_{AB938897-211A-4999-9749-236D2E8E464A}" = NETGEAR WPN311 Wireless Adapter "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "Money2007b" = Microsoft Money Essentials "Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "Pdf995" = Pdf995 (installed by H&R Block) "PdfEdit995" = PdfEdit995 (installed by H&R Block) "RealPlayer 15.0" = RealPlayer "Smart Copy" = Smart Copy 3.0.5.8 "SQLite ODBC Driver" = SQLite ODBC Driver (remove only) "The Weather Channel App" = The Weather Channel App "The Weather Channel Desktop 6" = The Weather Channel Desktop 6 "Trusted Software Assistant_is1" = File Type Assistant "WinLiveSuite" = Windows Live Essentials "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DSite" = Update for PDF Reader "PDF Reader" = PDF Reader "PDF Reader Packages" = PDF Reader Packages < End of report >
  12. krh71669

    Computer needs HELP!

    OTL logfile created on: 11/4/2013 9:25:04 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kim\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.75 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 47.04% Memory free 11.69 Gb Paging File | 8.74 Gb Available in Paging File | 74.75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 580.67 Gb Total Space | 430.06 Gb Free Space | 74.06% Space Free | Partition Type: NTFS Drive D: | 15.50 Gb Total Space | 8.01 Gb Free Space | 51.66% Space Free | Partition Type: NTFS Computer Name: KIM-PC | User Name: kim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/04 21:23:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.scr PRC - [2013/10/30 07:45:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2013/10/09 04:30:40 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe PRC - [2013/07/10 07:57:23 | 013,103,104 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe PRC - [2013/05/14 12:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/19 11:58:52 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\real\realplayer\Update\realsched.exe PRC - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/05/10 23:38:48 | 000,049,152 | ---- | M] (IOI) -- C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe PRC - [2007/04/10 19:09:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe ========== Modules (No Company Name) ========== MOD - [2013/10/30 07:45:00 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2013/10/09 04:30:40 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll MOD - [2013/10/09 02:42:18 | 018,109,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\60608b811724b2711cb96817043c4dd8\System.ServiceModel.ni.dll MOD - [2013/10/09 02:34:07 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\17e7f8ef847e92778b1bdd3886c268c9\System.Windows.Input.Manipulations.ni.dll MOD - [2013/10/09 02:33:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll MOD - [2013/10/09 02:33:53 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\10ef07233e429503b5bc942aa6194fe8\System.Runtime.DurableInstancing.ni.dll MOD - [2013/10/09 02:33:50 | 002,659,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\10519c5a16fab95707f40b55941647b5\System.Runtime.Serialization.ni.dll MOD - [2013/10/09 02:33:48 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\f58dc6b661c4fb91c68945da9b701135\System.Xml.Linq.ni.dll MOD - [2013/10/09 02:33:34 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\50ff73d7b2903b00d86f91eefa62d1c9\System.Deployment.ni.dll MOD - [2013/10/09 02:20:57 | 018,003,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll MOD - [2013/10/09 02:20:40 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll MOD - [2013/10/09 02:20:37 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e40d894a772b2cff5ffd5a84ef20d2d4\System.Windows.Forms.ni.dll MOD - [2013/10/09 02:20:32 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll MOD - [2013/10/09 02:20:27 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll MOD - [2013/10/09 02:20:26 | 001,014,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll MOD - [2013/08/29 02:27:29 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\4b2e892995b8cdefb1e2cddb96f32736\UIAutomationProvider.ni.dll MOD - [2013/08/29 02:27:09 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\af7d7a2e47e0ac57b4f0fe5e0c1cda9a\SMDiagnostics.ni.dll MOD - [2013/08/29 02:26:39 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll MOD - [2013/08/29 02:12:50 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll MOD - [2013/08/29 02:12:45 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3a3fc0216674bdea0be809b305517c98\System.Drawing.ni.dll MOD - [2013/08/29 02:12:45 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\228b114c79c5d9024bdb4cc580e32c09\PresentationFramework.Aero.ni.dll MOD - [2013/08/29 02:12:42 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll MOD - [2013/07/21 15:58:41 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2013/07/21 15:58:40 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2013/07/10 09:00:08 | 000,196,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\cb5671235362c8e17b1a1f0b67bfc8d9\UIAutomationTypes.ni.dll MOD - [2013/07/10 08:08:48 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll MOD - [2013/04/22 16:00:21 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/12/11 22:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/10/05 03:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/10/05 03:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011/08/22 00:18:06 | 000,925,696 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2011/02/14 06:55:16 | 000,043,520 | R--- | M] () -- C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe MOD - [2009/03/29 21:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2008/05/10 23:38:46 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\IOI\Smart Copy\IOIUSBLib.dll MOD - [2008/05/10 23:38:46 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\IOI\Smart Copy\IOIHIDLib.dll MOD - [2007/04/10 19:09:06 | 001,695,744 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WPN311\wlancfg5.exe ========== Services (SafeList) ========== SRV:64bit: - [2013/09/06 09:32:06 | 000,288,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe -- (McComponentHostService) SRV:64bit: - [2010/12/13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2008/05/23 05:58:53 | 001,040,552 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxducoms.exe -- (lxdu_device) SRV:64bit: - [2008/05/23 05:58:45 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV:64bit: - [2008/03/18 22:03:54 | 000,866,816 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility) SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2007/06/29 09:11:36 | 000,412,672 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.exe -- (XAudioService) SRV - [2013/10/30 07:45:01 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/10/09 04:30:41 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/10/03 21:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2013/09/25 20:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013/05/14 12:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 21:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/05/23 05:58:45 | 000,033,960 | ---- | M] () [Auto | Running] -- C:\Windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe -- (lxduCATSCustConnectService) SRV - [2008/05/23 05:58:34 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxducoms.exe -- (lxdu_device) SRV - [2007/05/31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/09/25 20:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgdiska.sys -- (Avgdiska) DRV:64bit: - [2013/09/08 21:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013/09/02 09:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2013/09/02 09:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgloga.sys -- (Avgloga) DRV:64bit: - [2013/09/02 09:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2013/09/02 09:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2013/08/20 21:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2013/08/01 15:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/12/02 22:30:36 | 000,031,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2008/04/30 22:17:40 | 000,065,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR) DRV:64bit: - [2008/03/18 22:56:44 | 004,247,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2008/03/18 22:56:44 | 004,247,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag) DRV:64bit: - [2008/03/16 06:37:34 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys -- (mdmxsdk) DRV:64bit: - [2008/02/27 19:36:00 | 000,174,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2008/01/20 19:47:27 | 000,214,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2008/01/20 19:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2007/12/28 10:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2007/07/26 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2007/06/29 09:11:24 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\xaudio64.sys -- (XAudio) DRV:64bit: - [2007/06/20 04:32:58 | 001,478,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2007/06/20 04:30:22 | 000,409,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAXHWBS2.sys -- (CAXHWBS2) DRV:64bit: - [2007/06/20 04:29:14 | 000,740,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2007/03/06 17:06:48 | 000,963,072 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\WPN311x.sys -- (athr) DRV:64bit: - [2006/10/06 19:13:22 | 000,550,912 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=&Br=GTW&Loc=ENG_US&Sys=DTP&M=DX4200-UB001A IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\..\SearchScopes\{426AA380-9A4E-41CE-93CB-B19C29F9B3C9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GWYE IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-rog IE - HKU\S-1-5-21-1911233463-590595397-3226711343-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.useDBForOrder: "false" FF - prefs.js..extensions.enabledAddons: toolbar%40shopathome.com:6.0.6.0 FF - prefs.js..extensions.enabledAddons: %7B97E22097-9A2F-45b1-8DAF-36AD648C7EF4%7D:15.0.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\kim\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper: C:\Users\kim\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/19 12:00:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/30 07:44:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/30 07:44:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/10/30 07:44:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/30 07:44:55 | 000,000,000 | ---D | M] [2008/11/29 16:00:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Extensions [2013/11/04 13:17:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions [2010/05/26 05:54:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012/11/22 08:47:09 | 000,000,000 | ---D | M] (ShopAtHome.com Toolbar) -- C:\Users\kim\AppData\Roaming\Mozilla\Firefox\Profiles\xjj069ks.default\extensions\[email protected] [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/10/30 07:44:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013/10/30 07:45:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012/07/19 12:00:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012/07/19 11:59:07 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll O1 HOSTS File: ([2006/09/18 14:37:24 | 000,000,736 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (OfferMosquito) - {82B16A3D-F03E-4565-A532-666B219C9A53} - C:\Users\kim\AppData\Local\ext_offermosquito\OfferMosquitoIEPlaceholder.dll (Bebo Media Ltd) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [smart Copy] C:\Program Files (x86)\IOI\Smart Copy\ButtonMonitor.exe (IOI) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe () O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1911233463-590595397-3226711343-1000..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" File not found O4 - HKU\S-1-5-21-1911233463-590595397-3226711343-1000..\Run: [Facebook Update] C:\Users\kim\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-1911233463-590595397-3226711343-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks) O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 72.21.70.3 67.215.21.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{263E278B-2718-43B6-8651-BA7D66361707}: DhcpNameServer = 72.21.70.3 67.215.21.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BA4117E-9D28-4DBE-9337-83FDBD16ED42}: DhcpNameServer = 72.21.70.3 67.215.21.202 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\kim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\kim\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/03/16 07:49:12 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ] O33 - MountPoints2\{6a0f90b6-2eb6-11e0-86b8-001fe205120f}\Shell - "" = AutoRun O33 - MountPoints2\{6a0f90b6-2eb6-11e0-86b8-001fe205120f}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O33 - MountPoints2\{71b69d4d-88e2-11e1-b1d6-001fe205120f}\Shell - "" = AutoRun O33 - MountPoints2\{71b69d4d-88e2-11e1-b1d6-001fe205120f}\Shell\AutoRun\command - "" = L:\TL-Bootstrap.exe O33 - MountPoints2\{ca107752-1ac3-11e3-a4c8-001fe205120f}\Shell - "" = AutoRun O33 - MountPoints2\{ca107752-1ac3-11e3-a4c8-001fe205120f}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\{e46a417d-a09a-11e2-9e69-001fe205120f}\Shell - "" = AutoRun O33 - MountPoints2\{e46a417d-a09a-11e2-9e69-001fe205120f}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\{e46a41de-a09a-11e2-9e69-001fe205120f}\Shell - "" = AutoRun O33 - MountPoints2\{e46a41de-a09a-11e2-9e69-001fe205120f}\Shell\AutoRun\command - "" = F:\TL-Bootstrap.exe O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/11/04 21:23:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.scr [2013/11/04 21:15:04 | 000,000,000 | ---D | C] -- C:\Users\kim\Desktop\RK_Quarantine [2013/11/04 15:29:31 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Malwarebytes [2013/11/04 15:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/11/04 15:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/11/04 15:28:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/11/04 15:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/11/04 15:27:26 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\kim\Desktop\mbam-setup-1.75.0.1300.exe [2013/11/04 13:25:06 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/11/04 13:22:49 | 001,033,335 | ---- | C] (Thisisu) -- C:\Users\kim\Desktop\JRT.exe [2013/11/04 13:05:59 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/11/04 12:52:19 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Local\ext_offermosquito [2013/11/04 12:49:51 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\OfferMosquito [2013/11/04 12:49:51 | 000,000,000 | ---D | C] -- C:\Users\kim\AppData\Roaming\Common [2013/11/04 12:49:32 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Users\kim\Desktop\avg_remover_stf_x86_2011_1149.exe [2013/11/04 12:12:18 | 000,718,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\kim\Desktop\avgremover.exe [2013/10/30 07:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/10/21 11:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2013/10/21 11:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan [2013/10/16 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\kim\Desktop\ITEMS FOR SALE [2013/10/10 07:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013/10/09 02:09:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/10/09 02:09:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/10/09 02:09:58 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/10/09 02:09:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/10/09 02:09:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/10/09 02:09:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/10/09 02:09:57 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/10/09 02:09:57 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/10/09 02:09:56 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/10/09 02:09:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/10/09 02:09:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/10/09 02:09:55 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/10/09 02:09:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/10/09 02:09:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/10/09 02:09:55 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/10/08 21:32:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll [2013/10/08 21:31:55 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/10/08 21:31:54 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/10/08 21:31:54 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/10/08 21:31:54 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/10/08 21:31:54 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/10/08 21:31:54 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/10/08 21:31:54 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/10/08 21:31:54 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/10/08 21:31:53 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/10/08 21:31:53 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/10/08 21:31:53 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/10/08 21:31:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/10/08 21:31:51 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys [2013/10/08 21:31:50 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll [2013/10/08 21:31:50 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll [2013/10/08 21:31:49 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2013/10/08 21:31:46 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys [2013/10/08 21:31:46 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/11/04 23:17:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/04 23:17:25 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/04 22:46:40 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/04 22:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/04 22:01:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1911233463-590595397-3226711343-1000UA.job [2013/11/04 21:23:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kim\Desktop\OTL.scr [2013/11/04 21:23:17 | 000,891,184 | ---- | M] () -- C:\Users\kim\Desktop\SecurityCheck.exe [2013/11/04 21:22:40 | 000,891,184 | ---- | M] () -- C:\Users\kim\Desktop\SecurityCheck(1).exe [2013/11/04 21:14:44 | 003,538,944 | ---- | M] () -- C:\Users\kim\Desktop\RogueKiller.exe [2013/11/04 16:46:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/04 15:28:55 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/04 15:27:40 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\kim\Desktop\mbam-setup-1.75.0.1300.exe [2013/11/04 14:07:15 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013/11/04 13:23:39 | 000,756,378 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/11/04 13:23:39 | 000,640,636 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/11/04 13:23:39 | 000,118,888 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/11/04 13:22:50 | 001,033,335 | ---- | M] (Thisisu) -- C:\Users\kim\Desktop\JRT.exe [2013/11/04 13:17:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/04 13:17:20 | 1878,188,031 | -HS- | M] () -- C:\hiberfil.sys [2013/11/04 13:05:25 | 001,073,258 | ---- | M] () -- C:\Users\kim\Desktop\adwcleaner.exe [2013/11/04 13:01:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1911233463-590595397-3226711343-1000Core.job [2013/11/04 12:49:33 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Users\kim\Desktop\avg_remover_stf_x86_2011_1149.exe [2013/11/04 12:12:18 | 000,718,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\kim\Desktop\avgremover.exe [2013/11/02 20:59:01 | 000,000,113 | ---- | M] () -- C:\Users\kim\AppData\Roaming\WB.CFG [2013/11/02 20:59:01 | 000,000,006 | ---- | M] () -- C:\Users\kim\AppData\Roaming\WBPU-TTL.DAT [2013/10/25 09:57:57 | 000,020,306 | ---- | M] () -- C:\Users\kim\Desktop\RESUME CHANGES 1 SD.rtf [2013/10/21 11:27:40 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/10/21 11:27:40 | 000,001,886 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2013/10/18 11:31:59 | 003,897,784 | ---- | M] () -- C:\Users\kim\Desktop\Big Horn.pdf [2013/10/10 07:18:18 | 000,005,990 | ---- | M] () -- C:\Windows\SysWow64\userawacs.cfg [2013/10/10 07:18:16 | 000,000,320 | ---- | M] () -- C:\Windows\SysWow64\usergui.cfg [2013/10/09 04:30:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/10/09 04:30:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/10/09 03:02:09 | 000,303,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/10/09 02:22:34 | 000,751,292 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [9 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/04 21:22:39 | 000,891,184 | ---- | C] () -- C:\Users\kim\Desktop\SecurityCheck(1).exe [2013/11/04 21:20:47 | 000,891,184 | ---- | C] () -- C:\Users\kim\Desktop\SecurityCheck.exe [2013/11/04 21:14:43 | 003,538,944 | ---- | C] () -- C:\Users\kim\Desktop\RogueKiller.exe [2013/11/04 15:28:55 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/04 13:05:20 | 001,073,258 | ---- | C] () -- C:\Users\kim\Desktop\adwcleaner.exe [2013/10/25 09:57:57 | 000,020,306 | ---- | C] () -- C:\Users\kim\Desktop\RESUME CHANGES 1 SD.rtf [2013/10/21 11:27:40 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk [2013/10/18 11:32:10 | 003,897,784 | ---- | C] () -- C:\Users\kim\Desktop\Big Horn.pdf [2013/09/09 12:51:58 | 000,000,000 | ---- | C] () -- C:\Users\kim\AppData\Roaming\wklnhst.dat [2013/07/26 20:59:11 | 000,000,113 | ---- | C] () -- C:\Users\kim\AppData\Roaming\WB.CFG [2013/06/18 20:59:03 | 000,000,006 | ---- | C] () -- C:\Users\kim\AppData\Roaming\WBPU-TTL.DAT [2013/04/09 16:00:24 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\sqlite3_mod_fts3.dll [2013/04/09 16:00:24 | 000,059,392 | ---- | C] () -- C:\Windows\SysWow64\sqlite3_mod_csvtable.dll [2013/04/09 16:00:24 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\sqlite3_mod_extfunc.dll [2013/04/09 16:00:24 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\sqlite3_mod_rtree.dll [2013/04/09 16:00:24 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\sqlite3_mod_impexp.dll [2013/04/09 16:00:24 | 000,000,537 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012/11/20 17:36:03 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012/08/20 01:18:30 | 000,602,112 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll [2012/03/06 19:59:15 | 000,751,292 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/01/03 18:57:33 | 000,047,616 | ---- | C] () -- C:\Windows\SysWow64\pdf995mon64.dll [2012/01/03 18:57:33 | 000,000,142 | ---- | C] () -- C:\Windows\wpd99.drv [2010/05/06 20:10:28 | 000,000,000 | ---- | C] () -- C:\Users\kim\AppData\Local\prvlcl.dat [2010/03/15 19:25:36 | 000,000,732 | ---- | C] () -- C:\Users\kim\AppData\Local\d3d9caps64.dat [2010/02/06 17:24:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/01/04 21:42:17 | 000,000,036 | ---- | C] () -- C:\Users\kim\AppData\Local\housecall.guid.cache [2009/02/24 21:44:24 | 000,720,896 | ---- | C] () -- C:\Users\kim\AFTER2.JPG [2009/01/07 18:36:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2008/12/03 20:18:16 | 000,112,032 | ---- | C] () -- C:\Users\kim\8-budget-friendly-cookbook-091608.pdf [2008/11/29 17:00:26 | 000,012,800 | ---- | C] () -- C:\Users\kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/08/16 19:30:40 | 000,000,680 | ---- | C] () -- C:\Users\kim\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/09/27 15:39:31 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG [2013/09/23 05:09:48 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\AVG2014 [2013/11/04 13:17:16 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Common [2011/08/17 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\GARMIN [2009/06/24 04:32:45 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\GetRightToGo [2011/08/17 16:43:12 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\IrfanView [2009/06/23 10:10:35 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Lexmark Productivity Studio [2013/11/04 12:49:51 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\OfferMosquito [2013/04/14 20:59:34 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\PDF Reader Packages [2011/12/31 19:07:47 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\pdf995 [2011/07/02 13:01:24 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\SampleView [2013/04/14 20:59:56 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\SumatraPDF [2011/12/31 19:07:53 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\TaxCut [2013/09/09 12:52:00 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\Template [2012/09/27 19:57:24 | 000,000,000 | ---D | M] -- C:\Users\kim\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report >
  13. krh71669

    Computer needs HELP!

    UNSUPPORTED OPERATING SYSTEM! ABORTED!
  14. krh71669

    Computer needs HELP!

    RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : kim [Admin rights] Mode : Scan -- Date : 11/04/2013 21:17:23 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] V CAST Backup Scheduler.exe -- C:\Users\kim\Desktop\Backup Assistant Plus\V CAST Backup Scheduler.exe [-] -> KILLED [TermProc] ¤¤¤ Registry Entries : 7 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : HLBackupScheduler (C:\Users\kim\Desktop\Backup Assistant Plus\V CAST Backup Scheduler.exe [-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1911233463-590595397-3226711343-1000\[...]\Run : HLBackupScheduler (C:\Users\kim\Desktop\Backup Assistant Plus\V CAST Backup Scheduler.exe [-]) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ -> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] -> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND] ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD6400AAKS-22A7B0 ATA Device +++++ --- User --- [MBR] a2b6d515125af9ca23903bf902c41c0b [bSP] 1101684babaf2f1ca532bb2ba749f057 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15868 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32499495 | Size: 594608 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_11042013_211723.txt >>
  15. krh71669

    Computer needs HELP!

    Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.04.08 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 kim :: KIM-PC [administrator] Protection: Enabled 11/4/2013 9:05:05 PM mbam-log-2013-11-04 (21-05-05).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 256176 Time elapsed: 7 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCR\CLSID\{3bc93e76-92f8-5fda-b676-5afee3735bf1} (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1} (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully. HKCR\TypeLib\{B83C16AE-3C3D-5362-85D6-D19F9FB51262} (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully. HKCR\Interface\{2C0830EC-8559-5E15-9DC7-5BB830020064} (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 20 C:\Users\kim\Desktop\SoftonicDownloader_for_avg-remover.exe (PUP.Optional.Softonic.A) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\BundleSweetIMSetup.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\Shortcut_Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully. C:\Users\kim\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\AO6330VP\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\AO6330VP\checktbexist[2].exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\AO6330VP\mgsqlite3[1].7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\AO6330VP\sweetpacks[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\B1QKZY9D\bundlesweetimsetup[1].exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\B1QKZY9D\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\B1QKZY9D\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\OW6S6CKF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully. C:\Users\kim\Local Settings\Temporary Internet Files\Content.IE5\OW6S6CKF\SweetPacks[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end)