Sponsored By

Sign in to follow this  
jonbutch

computer freeze

Recommended Posts

Howdy Jo and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log

 

Thanks
Chuck

 

 

Run these as time permits you !

Each program will produce a log & i will need you to copy & paste it here into your topic !!

Share this post


Link to post
Share on other sites
# AdwCleaner v3.012 - Report created 14/11/2013 at 06:18:10

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)

# Username : JoAn - JOAN-PC

# Running from : C:\Users\JoAn\Downloads\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\Zynga

Folder Deleted : C:\Users\JoAn\AppData\Local\Conduit

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\JoAn\AppData\LocalLow\Zynga

File Deleted : C:\END

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage

File Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT243872

Share this post


Link to post
Share on other sites
unkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Home Premium x86

Ran by JoAn on Thu 11/14/2013 at  6:30:20.20

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsing

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savings

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4529C960-5E21-4B6F-802A-08CC67043474}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B4D34AE6-138D-4EDA-B003-CC968F3E14F6}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\JoAn\appdata\local\cre"

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{02D13854-C28D-450F-9DEC-D3510DF9F317}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{053B9556-130F-46B2-A94B-73F21D72E199}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{108218FD-9D0A-45C6-AC85-9B93AC07B6E9}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{13142F40-12BE-4BB1-9BE3-911C86A91463}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{154DCBCA-0D9D-4371-98E0-706C63A43BAB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{1F30D05F-6E23-4147-BB29-8B63164BAFFF}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{20C6C53C-3F1D-41EC-86C0-309FE20BC0B0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{32BB2673-9D65-4791-B8DF-416C1B37FB47}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3568F696-3A9E-4302-85A1-02FD77CAF03C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{38631EF5-2802-427D-8721-027E01BFE326}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3A4B9FCD-C1DF-4099-BC63-DF6060600C9E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C5A8F06-9D87-423C-8BBB-95FC00FD7F50}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C80469B-3925-493F-8D45-53BF1AEA6253}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3F5DF6AB-2016-4BF6-BCCA-38D8115657A6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{43609A0C-B866-4018-9E30-7BD7DA97BC39}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{52034484-0B1D-425F-88AB-82589F172A7D}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{59E51816-6347-47E8-A46F-8028CE5DCABB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5BB34597-9C49-4A72-BBE7-ADBD557FB2E6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5DBD5D01-6CF7-44F3-B9B0-D4E29CAF5E3E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{615DDFDA-0542-446D-9E53-02EA45729562}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6206BDE6-C4F0-4CD1-A990-16B5FB0E9B3B}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{626D93D0-47A5-4B0B-B8BF-87CACB2C01EF}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{64CD6248-1A34-4E4E-97D8-B37CF276EC1E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{670A5B4D-DD68-461B-9BAA-20C9E0D6809E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{676BC263-A013-4FBE-8ACF-2D90FD64F9CC}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{685535F2-9D2F-44FC-A6E6-52B0966ED2C7}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6DDF1C74-083C-418D-B5D8-B0423EAF85E4}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{72AD51B9-7579-4672-8748-3C42816865A0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7BE5D585-0BB3-4FD8-B710-ED8711B546D0}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7D10E315-187C-441B-A548-EAB702CA9C1F}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8BBACCF1-6096-4BC2-BCAD-6799ED19811C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8CDC8783-A7D3-44E6-9055-E58644919653}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{901F6FDE-6AAF-475E-822D-BB1E28B3DE83}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9222C060-3A70-47DE-A902-3D15C5AF085A}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{92BB9E7C-BE19-4FED-817B-AE86F990D93C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{97E83BC3-17FC-487E-A0F3-7A39B65FF401}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9815BB70-F05C-47E0-9AC2-AD2B3CC42EA9}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{ABC3FC02-4097-4BE3-8FDB-CEAAF12D810F}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{B3074EE4-3397-42F0-B5E5-DE40450A8C98}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BD8C27A4-45F5-4056-8500-C393DDCC83A5}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BF4E6D1D-04FF-43FF-A62F-57FB65D31C80}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C0765A32-6FFF-41DA-BA0A-013571618413}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C1D6C0C1-8AD6-4E5D-80C1-1BA30AC42EAB}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C9B82883-040C-4FD5-B455-18E246200E4D}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{D2ED1257-9C60-4A3A-AFDF-27E13AFFE525}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{DD0D9345-851D-47E4-84BA-3AB1D6DD7675}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E0FBDB52-5FEC-4863-B3C8-6EF156168A69}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E1181BAA-AA1F-45B2-8DA5-7044E99E61DC}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E16E9F6C-D391-4670-B3CE-74372B35CBC6}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E9A7C4DF-F46B-4BB4-96D3-9FDF912ABEEE}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{EE153A69-0A29-4B16-AFB2-64DD4F608D8C}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{F3C06A47-DFF3-4A38-8C6C-8E97D69F619E}

Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{FBCAE21E-ECFD-4D5E-ADF8-2C7987B7AE9A}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 11/14/2013 at  6:32:58.96

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Jo, do not remove these tools/programs we may have to run 1 again ! That way it's already installed. We will remove them when we are threw with the cleaning !

 

Chuck

Share this post


Link to post
Share on other sites
013/11/14 06:37:50 -0700 JOAN-PC JoAn MESSAGE Executing scheduled update:  Daily

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting protection

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Protection started successfully

2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting IP protection

2013/11/14 06:38:15 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Starting database refresh

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Stopping IP protection

2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2013.11.14.05

2013/11/14 06:39:49 -0700 JOAN-PC JoAn MESSAGE IP Protection stopped successfully

2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Database refreshed successfully

2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Starting IP protection

2013/11/14 06:39:55 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting protection

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Protection started successfully

2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting IP protection

2013/11/14 06:50:16 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully

Thank you so much. Is this the last one?

Share this post


Link to post
Share on other sites
warebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.14.05

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 10.0.9200.16736

JoAn :: JOAN-PC [administrator]

 

Protection: Enabled

 

11/14/2013 6:40:25 AM

mbam-log-2013-11-14 (06-40-25).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 197496

Time elapsed: 6 minute(s), 2 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 8

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RKEANGH.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RMKWVIY.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RRPC3GZ.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

C:\Users\JoAn\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.

 

(end)

Share this post


Link to post
Share on other sites

Jo,  we have more cleaning to do !! I will let ya know when we have you all clean !

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com


NEXT


Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.





NEXT





Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.



Post Next:
1. DDS logs (2)
2. Security Check log
3. RogueKiller log


Thanks
Chuck
 

Share this post


Link to post
Share on other sites
DS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.45.2

Run by JoAn at 7:05:18 on 2013-11-14

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3067.1838 [GMT -7:00]

.

AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\dllhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\msdtc.exe

C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe

C:\Windows\system32\DRIVERS\o2flash.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\rundll32.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\DellTPad\Apoint.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\conhost.exe

C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k defragsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

Share this post


Link to post
Share on other sites
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium 

Boot Device: \Device\HarddiskVolume2

Install Date: 3/20/2010 7:06:34 AM

System Uptime: 11/14/2013 6:49:42 AM (1 hours ago)

.

Motherboard: Dell Inc. |  | 0T808J

Processor: Intel® Core2 Duo CPU     P7570  @ 2.26GHz | U2E1 | 2267/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 218 GiB total, 176.262 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP270: 10/19/2013 9:39:10 AM - Scheduled Checkpoint

RP271: 10/27/2013 6:35:47 AM - Scheduled Checkpoint

RP272: 11/3/2013 7:29:17 AM - Scheduled Checkpoint

RP273: 11/10/2013 8:48:19 AM - Scheduled Checkpoint

RP274: 11/12/2013 5:12:44 AM - Installed Java 7 Update 45

RP275: 11/14/2013 3:00:37 AM - Windows Update

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.8)

ArcSoft WebCam Companion 3

AXIS Media Control Embedded

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

D3DX10

Dell Backup and Recovery Manager

Dell Edoc Viewer

Dell Support Center

Dell Touchpad

Dell Wireless WLAN Card Utility

Google Chrome

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

Java 7 Update 45

Java Auto Updater

Java 6 Update 37

Junk Mail filter update

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Basic 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MiFi4510 Mobile Broadband Drivers

Mobile Broadband Generic Drivers

MSVCRT

NETGEAR Genie

Norton 360

Norton Internet Security

NVIDIA Drivers

OGA Notifier 2.0.0048.0

PowerDVD DX

Remote Control USB Driver

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE 10.3

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 

Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 

Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 

Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition 

Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 

Simple Start Online Edition

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites
Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton 360    

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 37  

 Java 7 Update 45  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Google Chrome 30.0.1599.101  

 Google Chrome 31.0.1650.48  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites

Jo,i see you have Norton installed, are you using Norton for your antivirus ??

 

I need you to go to add/control panel uninstall Javaâ„¢ 6 Update 37 !!

We will make sure all is up to date when done !

 

Chuck

Share this post


Link to post
Share on other sites
ogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : JoAn [Admin rights]

Mode : Scan -- Date : 11/14/2013 07:25:10

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)

[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)

[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)

[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)

[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)

[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)

[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)

[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)

[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)

[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)

[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)

[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)

[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)

[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)

[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)

[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)

[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)

[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)

[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)

[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)

[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)

[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)

[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)

[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)

[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)

[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)

[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)

[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)

[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)

[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)

[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)

[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)

[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)

[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)

[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)

[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)

[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)

[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)

[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)

Share this post


Link to post
Share on other sites
Results of screen317's Security Check version 0.99.77  

 Windows 7 Service Pack 1 x86 (UAC is enabled)  

 Internet Explorer 10 Out of date! 

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton 360    

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 7 Update 45  

 Adobe Reader 10.1.8 Adobe Reader out of Date!  

 Google Chrome 30.0.1599.101  

 Google Chrome 31.0.1650.48  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 2% 

````````````````````End of Log`````````````````````` 

Share this post


Link to post
Share on other sites
ogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : JoAn [Admin rights]

Mode : Remove -- Date : 11/14/2013 07:31:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)

[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)

[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)

[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)

[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)

[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)

[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)

[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)

[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)

[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)

[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)

[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)

[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)

[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)

[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)

[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)

[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)

[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)

[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)

[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)

[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)

[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)

[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)

[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)

[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)

[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)

[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)

[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)

[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)

[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)

[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)

[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)

[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)

[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)

[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)

[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)

[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)

[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)

[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  Â¤Â¤Â¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

Share this post


Link to post
Share on other sites

Jo, lets run this  !

 

 

Open RogueKiller :

     
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+

 

 

Post that log before we continue with the cleaning !!

 

Thanks

Chuck
 

Share this post


Link to post
Share on other sites
RogueKiller V8.7.8 [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : JoAn [Admin rights]

Mode : Remove -- Date : 11/14/2013 07:44:24

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 0 ¤¤¤

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)

[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)

[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)

[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)

[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)

[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)

[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)

[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)

[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)

[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)

[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)

[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)

[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)

[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)

[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)

[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)

[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)

[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)

[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)

[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)

[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)

[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)

[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)

[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)

[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)

[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)

[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)

[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)

[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)

[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)

[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)

[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)

[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)

[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)

[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)

[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)

[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)

[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)

[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)

[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)

[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)

[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  Â¤Â¤Â¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BJKT-75F4T0 +++++

--- User ---

[MBR] 9e7c972dce97891ed157f05fa49b80c7

[bSP] f2a9a93ae10556041b7062f54cfa9146 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_D_11142013_074424.txt >>

RKreport[0]_D_11142013_072144.txt;RKreport[0]_D_11142013_073115.txt;RKreport[0]_S_11142013_071832.txt

RKreport[0]_S_11142013_072510.txt;RKreport[0]_S_11142013_074147.txt

Share this post


Link to post
Share on other sites

Jo lets continue !!

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

We are close to being done i think, we shall see soon !

 

Chuck

Share this post


Link to post
Share on other sites
OTL logfile created on: 11/14/2013 8:29:16 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JoAn\Downloads

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.89% Memory free

5.99 Gb Paging File | 4.16 Gb Available in Paging File | 69.47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFS

 

Computer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.com

PRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

PRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe

PRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

PRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

PRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

PRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe

PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll

MOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll

MOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll

MOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dll

MOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dll

MOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll

MOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll

MOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dll

MOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll

MOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll

MOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll

MOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

MOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

MOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

MOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

MOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

MOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll

MOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

MOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

MOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll

MOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll

MOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

MOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

MOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll

MOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll

MOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dll

MOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll

MOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll

MOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dll

MOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll

MOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll

MOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll

MOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dll

MOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dll

MOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll

MOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dll

MOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll

MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll

MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll

MOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

MOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dll

MOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll

MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll

MOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)

SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper)

SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV)

SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters)

SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG)

DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86)

DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86)

DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)

DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)

DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)

DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)

DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)

DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022)

DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022)

DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)

DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)

DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS)

DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\

CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\

CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

 

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRun

O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine

[2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes

[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll

[2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe

[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

 

========== Files Created - No Company Name ==========

 

[2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe

[2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0}

[2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

< End of report >

Share this post


Link to post
Share on other sites
TL logfile created on: 11/14/2013 8:31:03 AM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JoAn\Downloads

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16736)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.92% Memory free

5.99 Gb Paging File | 4.19 Gb Available in Paging File | 70.03% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFS

 

Computer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/11/14 08:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL (1).com

PRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.com

PRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

PRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe

PRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

PRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe

PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

PRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe

PRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE

PRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE

PRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE

PRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe

PRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dll

MOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dll

MOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll

MOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dll

MOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dll

MOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dll

MOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll

MOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll

MOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll

MOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dll

MOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dll

MOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dll

MOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dll

MOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dll

MOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll

MOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exe

MOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe

MOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll

MOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dll

MOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dll

MOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll

MOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dll

MOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dll

MOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll

MOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dll

MOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dll

MOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dll

MOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dll

MOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dll

MOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dll

MOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dll

MOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dll

MOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dll

MOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dll

MOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dll

MOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dll

MOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dll

MOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dll

MOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dll

MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dll

MOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dll

MOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dll

MOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dll

MOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dll

MOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dll

MOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)

SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper)

SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)

SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)

SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV)

SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)

SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters)

SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG)

DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86)

DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86)

DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)

DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)

DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)

DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)

DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)

DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)

DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022)

DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022)

DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022)

DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)

DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)

DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)

DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)

DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS)

DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)

DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBox

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1

IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013

IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},


CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dll

CHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\

CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\

CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

 

O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe ()

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRun

O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine

[2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes

[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll

[2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll

[2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll

[2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL

[2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

[2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle

[2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill

 

========== Files - Modified Within 30 Days ==========

 

[2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe

[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys

[2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll

[2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll

[2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe

[2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe

[2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

[2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll

[2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

 

========== Files Created - No Company Name ==========

 

[2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe

[2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0}

[2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

 

========== ZeroAccess Check ==========

 

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Purity Check ==========

 

 

 

< End of report >

Share this post


Link to post
Share on other sites

Jo lets clean what OTL found !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBoxIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKCU\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =  FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRun :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.



Post that return log so i can see if we got it all !

 

Chuck

Share this post


Link to post
Share on other sites
All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E42C384F-5050-482E-946A-75D19B6ABF00}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.


Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: JoAn

->Java cache emptied: 406311 bytes

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 56468 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: JoAn

->Flash cache emptied: 39918 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: JoAn

->Temp folder emptied: 4800449 bytes

->Temporary Internet Files folder emptied: 74805720 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 444571693 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3149183 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 39354085 bytes

 

Total Files Cleaned = 540.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 11142013_092050

 

Files\Folders moved on Reboot...

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this