Sponsored By

jonbutch

Members
  • Content Count

    19
  • Joined

  • Last visited

About jonbutch

  • Rank
    Member
  1. Thank you so much it is running great. I appreciate you spending all the time with me and being so thurale in explaining everything to me. Thank you so much.
  2. I did remove that update 37, but it scanned adobe when I downloaded it.
  3. All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E42C384F-5050-482E-946A-75D19B6ABF00}\ not found. HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ not found. ========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: JoAn ->Java cache emptied: 406311 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 56468 bytes User: Default User ->Flash cache emptied: 0 bytes User: JoAn ->Flash cache emptied: 39918 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: JoAn ->Temp folder emptied: 4800449 bytes ->Temporary Internet Files folder emptied: 74805720 bytes ->Java cache emptied: 0 bytes ->Google Chrome cache emptied: 444571693 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3149183 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 39354085 bytes Total Files Cleaned = 540.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11142013_092050 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  4. TL logfile created on: 11/14/2013 8:31:03 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JoAn\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.92% Memory free 5.99 Gb Paging File | 4.19 Gb Available in Paging File | 70.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFS Computer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/14 08:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL (1).com PRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.com PRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe PRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe PRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE PRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE PRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE PRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe ========== Modules (No Company Name) ========== MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll MOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll MOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll MOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dll MOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dll MOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll MOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll MOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll MOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dll MOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll MOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll MOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll MOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll MOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll MOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe MOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe MOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll MOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll MOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll MOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll MOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll MOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll MOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll MOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll MOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll MOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll MOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dll MOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll MOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll MOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dll MOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll MOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll MOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll MOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dll MOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dll MOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll MOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dll MOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll MOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll MOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dll MOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll MOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ========== Services (SafeList) ========== SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService) SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper) SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV) SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters) SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr) DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15) DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG) DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86) DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA) DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS) DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP) DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS) DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON) DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022) DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022) DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR) DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR) DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS) DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013 IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\ CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\ CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRun O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine [2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes [2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll [2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill ========== Files - Modified Within 30 Days ========== [2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe [2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys [2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe [2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0} [2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini ========== ZeroAccess Check ========== [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Purity Check ========== < End of report >
  5. OTL logfile created on: 11/14/2013 8:29:16 AM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JoAn\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16736) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.89% Memory free 5.99 Gb Paging File | 4.16 Gb Available in Paging File | 69.47% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFS Computer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.com PRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe PRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe PRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE PRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE PRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE PRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe PRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe ========== Modules (No Company Name) ========== MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll MOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll MOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll MOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dll MOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dll MOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll MOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll MOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll MOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll MOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dll MOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll MOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll MOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll MOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll MOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll MOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe MOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe MOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll MOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll MOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll MOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll MOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll MOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll MOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll MOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll MOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll MOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll MOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dll MOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll MOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll MOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dll MOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll MOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll MOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll MOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dll MOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dll MOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll MOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dll MOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll MOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll MOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dll MOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll MOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll ========== Services (SafeList) ========== SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360) SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService) SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper) SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV) SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc) SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters) SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr) DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15) DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG) DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86) DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86) DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA) DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS) DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP) DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS) DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON) DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022) DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022) DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022) DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY) DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR) DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR) DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS) DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013 IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback> ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dll CHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\ CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\ CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\ CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\ O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRun O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine [2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes [2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner [2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll [2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll [2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll [2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll [2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL [2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill ========== Files - Modified Within 30 Days ========== [2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe [2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys [2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job [2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job ========== Files Created - No Company Name ========== [2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe [2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0} [2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini ========== ZeroAccess Check ========== [2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report >
  6. RogueKiller V8.7.8 [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : JoAn [Admin rights] Mode : Remove -- Date : 11/14/2013 07:44:24 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0) [Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38) [Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0) [Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40) [Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518) [Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8) [Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310) [Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150) [Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8) [Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0) [Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0) [Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230) [Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970) [Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08) [Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0) [Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70) [Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830) [Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630) [Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448) [Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700) [Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588) [Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470) [Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0) [Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98) [Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30) [Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648) [Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798) [Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68) [Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30) [Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00) [Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8) [Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8) [Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108) [Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298) [Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8) [Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608) [Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38) [Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730) [Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840) [Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8) [Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380) [Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BJKT-75F4T0 +++++ --- User --- [MBR] 9e7c972dce97891ed157f05fa49b80c7 [bSP] f2a9a93ae10556041b7062f54cfa9146 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_11142013_074424.txt >> RKreport[0]_D_11142013_072144.txt;RKreport[0]_D_11142013_073115.txt;RKreport[0]_S_11142013_071832.txt RKreport[0]_S_11142013_072510.txt;RKreport[0]_S_11142013_074147.txt
  7. ogueKiller V8.7.8 [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : JoAn [Admin rights] Mode : Remove -- Date : 11/14/2013 07:31:15 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0) [Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38) [Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0) [Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40) [Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518) [Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8) [Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310) [Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150) [Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8) [Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0) [Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0) [Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230) [Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970) [Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08) [Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0) [Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70) [Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830) [Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630) [Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448) [Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700) [Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588) [Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470) [Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0) [Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98) [Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30) [Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648) [Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798) [Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68) [Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30) [Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00) [Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8) [Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8) [Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108) [Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298) [Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8) [Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608) [Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38) [Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730) [Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840) [Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8) [Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380) [Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts
  8. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 45 Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.48 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  9. ogueKiller V8.7.8 [Nov 14 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version Started in : Normal mode User : JoAn [Admin rights] Mode : Scan -- Date : 11/14/2013 07:25:10 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0) [Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38) [Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0) [Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40) [Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518) [Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8) [Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310) [Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150) [Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8) [Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0) [Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0) [Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230) [Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970) [Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08) [Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0) [Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70) [Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830) [Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630) [Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448) [Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700) [Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588) [Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470) [Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0) [Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98) [Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30) [Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648) [Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798) [Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68) [Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30) [Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00) [Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8) [Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8) [Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108) [Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298) [Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8) [Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608) [Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38) [Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730) [Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840) [Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8) [Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380) [Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)
  10. Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 6 Update 37 Java 7 Update 45 Adobe Reader 10.1.8 Adobe Reader out of Date! Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.48 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  11. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/20/2010 7:06:34 AM System Uptime: 11/14/2013 6:49:42 AM (1 hours ago) . Motherboard: Dell Inc. | | 0T808J Processor: Intel® Core2 Duo CPU P7570 @ 2.26GHz | U2E1 | 2267/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 218 GiB total, 176.262 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP270: 10/19/2013 9:39:10 AM - Scheduled Checkpoint RP271: 10/27/2013 6:35:47 AM - Scheduled Checkpoint RP272: 11/3/2013 7:29:17 AM - Scheduled Checkpoint RP273: 11/10/2013 8:48:19 AM - Scheduled Checkpoint RP274: 11/12/2013 5:12:44 AM - Installed Java 7 Update 45 RP275: 11/14/2013 3:00:37 AM - Windows Update . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader X (10.1.8) ArcSoft WebCam Companion 3 AXIS Media Control Embedded Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module D3DX10 Dell Backup and Recovery Manager Dell Edoc Viewer Dell Support Center Dell Touchpad Dell Wireless WLAN Card Utility Google Chrome Google Earth Google Toolbar for Internet Explorer Google Update Helper Java 7 Update 45 Java Auto Updater Java 6 Update 37 Junk Mail filter update Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.75.0.1300 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Basic 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MiFi4510 Mobile Broadband Drivers Mobile Broadband Generic Drivers MSVCRT NETGEAR Genie Norton 360 Norton Internet Security NVIDIA Drivers OGA Notifier 2.0.0048.0 PowerDVD DX Remote Control USB Driver Roxio Creator Audio Roxio Creator Copy Roxio Creator Data Roxio Creator DE 10.3 Roxio Creator Tools Roxio Express Labeler 3 Roxio Update Manager Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2) Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition Simple Start Online Edition Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources . ==== End Of File ===========================
  12. DS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2 Run by JoAn at 7:05:18 on 2013-11-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3067.1838 [GMT -7:00] . AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe C:\Windows\System32\alg.exe C:\Windows\system32\dllhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\msdtc.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe C:\Windows\system32\DRIVERS\o2flash.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\DellTPad\Apoint.exe C:\Program Files\IDT\WDM\sttray.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Windows\system32\conhost.exe C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k defragsvc C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted . ============== Pseudo HJT Report ===============
  13. warebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16736 JoAn :: JOAN-PC [administrator] Protection: Enabled 11/14/2013 6:40:25 AM mbam-log-2013-11-14 (06-40-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197496 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 8 C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RKEANGH.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RMKWVIY.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RRPC3GZ.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully. C:\Users\JoAn\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\JoAn\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\JoAn\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\JoAn\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. C:\Users\JoAn\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully. (end)