Sponsored By

Sign in to follow this  
wybuckaroo

Xvid Virus, Wagner

Recommended Posts

Howdy wybuck and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".


Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes log
Thanks
Chuck

 

Share this post


Link to post
Share on other sites

# AdwCleaner v3.014 - Report created 03/12/2013 at 19:41:06
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Coleen Wagner - COLEENWAGNER-PC
# Running from : C:\Users\Coleen Wagner\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Coleen Wagner\AppData\Local\ext_offermosquito
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\Common\LuaRT
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\DataMgr
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\Intermediate
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\SCheck
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\Snz
Folder Deleted : C:\Users\Coleen Wagner\AppData\Roaming\SSync
Folder Deleted : C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
File Deleted : C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\Extensions\[email protected]
File Deleted : C:\Users\Coleen Wagner\AppData\Local\omesuperv.exe
File Deleted : C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\searchplugins\search.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [iLivid]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [intermediate]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OMESupervisor]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [scheck]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [snoozer]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_quickbooks-simple-start[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_quickbooks-simple-start[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\OfferMosquito
Key Deleted : HKCU\Software\Protector
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\prefs.js ]



Line Deleted : user_pref("om.config", "{\"active\":true,\"name\":\"october2013\",\"id\":35,\"dispId\":\"CH-35\",\"aboutLink\":\"\",\"trackingGeneral\":false,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizr[...]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : icon_url
Deleted : search_url
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4456 octets] - [03/12/2013 19:40:09]
AdwCleaner[s0].txt - [4485 octets] - [03/12/2013 19:41:06]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4545 octets] ##########


 

Share this post


Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Coleen Wagner on Tue 12/03/2013 at 19:49:19.72
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r887-n-bi[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r887-n-bi[1]_RASMANCS



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Coleen Wagner\AppData\Roaming\mozilla\firefox\profiles\d4m1qp6g.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 12/03/2013 at 19:52:11.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Ok cause it's a Malware infection we gonna remove/delete it !! Look to see if it's in your add/remove uninstall panel, if present get rid of it !!

 

Thank Ya

Chuck

 

I think it may be gone !!

Share this post


Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.04.01

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Coleen Wagner :: COLEENWAGNER-PC [administrator]

Protection: Enabled

12/3/2013 8:31:45 PM
mbam-log-2013-12-03 (20-31-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 193326
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Share this post


Link to post
Share on other sites

Wybuck that came back clean, lets dig a little deeper !!

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

 

Post Next:

1. Security Check log

2. OTL log(s)

 

Thanks

Chuck

 

Then i will read the log (takes about 10-15 minutes) then write a OTL fix for you to run !

 

 

Sometimes the OTL will make you think its froze, just let it do it's thing till you get the log !!

Share this post


Link to post
Share on other sites

OTL Extras logfile created on: 12/3/2013 8:51:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Coleen Wagner\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.96 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.80% Memory free
5.92 Gb Paging File | 4.46 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 265.83 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
 
Computer Name: COLEENWAGNER-PC | User Name: Coleen Wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{037AFA5F-D5BE-4A93-8941-83B1E76C7F05}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{10B06FF7-9514-4F40-B1A3-72BD18BAE905}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1C71840A-69C8-4E9D-B9FF-4D51AAE72B18}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2DF5E366-9123-4E58-8E87-ECF814BB5E1E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{60FF4533-B463-4254-859A-77F73BF7BBC1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6C1EFBA8-403D-41AE-B0AC-89AB7D8294E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{81A85D88-9D81-4160-B656-568045695BBE}" = rport=138 | protocol=17 | dir=out | app=system |
"{82FB23C4-CA49-40DC-B12A-72003AA0DD4E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{833BDDAF-4284-4B2B-80A4-46736F911715}" = rport=445 | protocol=6 | dir=out | app=system |
"{95679C95-C088-4E2C-8F08-9630702F00D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A35F9875-0922-4D64-BA73-A8B6F195514A}" = lport=138 | protocol=17 | dir=in | app=system |
"{CDE1BE9E-A275-4AFC-BB7F-2EDBA8449357}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF0FFACD-81C6-455C-8BE2-A9072D2FD7E1}" = rport=139 | protocol=6 | dir=out | app=system |
"{DD0C2D49-8B42-4958-813A-FD64A69FE33E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E13A4534-2083-4209-8F88-B8652AB071EC}" = lport=137 | protocol=17 | dir=in | app=system |
"{EBE09A80-D8A9-4B15-B260-8576A17CD748}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC80866F-7A3C-4FEE-8A77-0B80E1619EE5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7556C98-604D-4530-9B24-541EBDAA6490}" = lport=139 | protocol=6 | dir=in | app=system |
"{FAF084DB-8FFA-4ABD-AABF-106715DD0EAB}" = rport=137 | protocol=17 | dir=out | app=system |
"{FBEF68FF-CF0A-4BEA-B019-B646D8CE6A5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FEAC9F52-FCBD-4042-A9BD-60C0CD5BCE2B}" = lport=2869 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02ACDABC-73F7-42F4-AC62-DE06D8812575}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{06674719-8037-400A-A556-FD106DB8899B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{115AC56D-A06C-4474-BACC-ED9DFE463FC0}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{11D0B6F3-679C-4281-B14A-02661250EF29}" = protocol=1 | dir=out | [email protected],-28544 |
"{18B1A8E9-360C-435B-B581-A2B96B5B42B5}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{29C89E5A-3D4A-4D8B-BE86-78BD66DA4FB5}" = protocol=6 | dir=out | app=system |
"{2EB56FEF-1CF6-4438-A1F5-C147D018B6E4}" = protocol=58 | dir=out | [email protected],-28546 |
"{391D28E4-0C79-43AB-96F2-183E111F9B19}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{3D62FDD0-2E21-4A02-A1CE-B9D45D7F03AC}" = protocol=1 | dir=in | [email protected],-28543 |
"{400861CA-B1FB-4AAA-8F99-2FFB75552D33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4D3A9243-C628-4F42-967D-82C9686DA309}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{73853E6A-3290-48F2-80A3-010250BB5E03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8895DBFA-B00B-42B4-AED9-118BCD2CD5FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8AF9E195-8AEF-40F2-8D59-FA85D1397958}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D555E1C-CB3F-42CD-9CAD-9A51864A4428}" = protocol=58 | dir=in | [email protected],-28545 |
"{AB36FD86-F7DD-4948-A03A-F94D5CCB4AB6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{AC662F72-DDEC-45E9-AC75-455A3574573A}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{B39E3962-7206-4125-A027-D2D06A371A81}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgnsx.exe |
"{BA6E4CD3-54AE-41E3-B11D-C1D6F813E190}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgemcx.exe |
"{C30EC9CA-17AC-47CD-AEAE-DB8BCBA482B6}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{C9C08597-9469-4A77-84A9-E135D4A61751}" = protocol=17 | dir=in | app=c:\program files\avg\avg2014\avgmfapx.exe |
"{CB015494-4B4A-4F05-9499-FCD7E637CCE7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D719E97E-ED89-49F8-A133-E097508D9091}" = protocol=6 | dir=in | app=c:\program files\avg\avg2014\avgdiagex.exe |
"{DF1B0126-8752-4696-A1E3-8AA6CD0980D7}" = dir=in | app=c:\windows\system32\dleacoms.exe |
"{E2EBE4E5-5BC0-4C3F-914B-F05F544AD49A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3987087-6CF0-4D7D-B550-4809874D7EAF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA291D49-EECA-49AE-B269-86E6DB2C8B5F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F31EC0C8-D0DB-4187-9CE6-2EA2413E338B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A5C383-FE94-3B52-9627-CE70B9301A0F}" = Google Chrome Frame
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A419-40A5-BD20-04BF618CA0F9}" = QuickBooks Simple Start 2010 Free Edition
"{0CFC5C64-A7D1-42C0-B8BF-03DFF0E6C54E}" = QuickBooks File Doctor
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{3B97ADB7-3DA1-4964-BC10-68384BA6A66F}" = AVG 2014
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{82FB6F62-1EFC-4916-AA2C-19DC9EFCE978}" = AVG 2014
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B0585E15-E03C-4F62-B20E-84639D4A01E5}" = Dell Backup and Recovery Manager
"{B066A843-8978-4501-A900-A28C5EFE148B}" = O2Micro Flash Memory Card Windows Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2014
"Dell V310-V510 Series" = Dell V310-V510 Series
"Google Chrome" = Google Chrome
"InstallShield_{B066A843-8978-4501-A900-A28C5EFE148B}" = O2Micro Flash Memory Card Windows Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 12/3/2013 11:19:39 PM | Computer Name = ColeenWagner-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >
 

Share this post


Link to post
Share on other sites

OTL logfile created on: 12/3/2013 8:51:12 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Coleen Wagner\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.96 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 52.80% Memory free
5.92 Gb Paging File | 4.46 Gb Available in Paging File | 75.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 297.99 Gb Total Space | 265.83 Gb Free Space | 89.21% Space Free | Partition Type: NTFS
 
Computer Name: COLEENWAGNER-PC | User Name: Coleen Wagner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/12/03 20:51:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Coleen Wagner\Downloads\OTL.com
PRC - [2013/12/03 20:46:40 | 000,891,200 | ---- | M] () -- C:\Users\Coleen Wagner\Downloads\SecurityCheck(1).exe
PRC - [2013/11/18 21:59:36 | 000,590,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgcsrvx.exe
PRC - [2013/11/17 10:17:24 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
PRC - [2013/11/15 21:02:34 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgidsagent.exe
PRC - [2013/11/07 22:03:50 | 004,956,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgui.exe
PRC - [2013/11/07 22:00:48 | 000,680,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgemcx.exe
PRC - [2013/11/06 19:15:32 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/10/28 23:24:02 | 000,729,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgrsx.exe
PRC - [2013/10/28 23:17:36 | 000,892,976 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgnsx.exe
PRC - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe
PRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/01 19:27:40 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 05:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2010/05/21 16:19:52 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\dleacoms.exe
PRC - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 20:46:40 | 000,891,200 | ---- | M] () -- C:\Users\Coleen Wagner\Downloads\SecurityCheck(1).exe
MOD - [2013/11/17 10:17:23 | 016,237,448 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_152.dll
MOD - [2013/11/15 21:02:34 | 003,363,952 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/11/29 13:06:39 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/17 10:17:24 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/11 22:02:14 | 003,478,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/10/28 14:42:42 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/09/24 01:33:08 | 000,348,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/01 19:27:40 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2010/05/21 16:19:52 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dleacoms.exe -- (dlea_device)
SRV - [2010/05/21 16:19:46 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dleaserv.exe -- (dleaCATSCustConnectService)
SRV - [2009/07/23 20:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2007/02/12 15:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013/12/03 20:31:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgdiskx.sys -- (Avgdiskx)
DRV - [2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/31 23:00:28 | 000,176,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/10/31 22:30:08 | 000,222,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/10/24 22:28:32 | 000,147,768 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/10/01 00:49:38 | 000,102,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/09/17 00:57:26 | 000,022,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/09/10 00:43:20 | 000,027,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/08/01 15:08:52 | 000,193,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/05/22 16:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)
DRV - [2009/05/07 16:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)
DRV - [2009/03/24 15:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 70 C9 04 67 D2 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_enUS559
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "msn.com"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\bebomedia.com/OfferMosquitoIEHelper: C:\Users\Coleen Wagner\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/11/03 20:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Extensions
[2013/12/03 19:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions
[2013/11/13 09:30:48 | 000,004,379 | ---- | M] () (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions\snt[email protected]
[2013/11/15 21:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/15 21:02:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url = null,
CHR - homepage: http://www.google.com
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Any New Tab = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfenflmklmpohipcckmagnmbmbibnolo\1.0.0_0\
CHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Coleen Wagner\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=a1dd6391707b47d3b6ed4105a31b2edf-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=1113a File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Application Restart #1] C:\Program Files\Google\Chrome Frame\Application\chrome.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02ECEA61-086A-4675-BD33-B0527B65CCB6}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\31.0.1650.57\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/12/03 20:29:40 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/03 20:29:40 | 000,000,000 | ---D | C] -- C:\Users\Coleen Wagner\AppData\Roaming\Malwarebytes
[2013/12/03 20:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/03 20:29:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/03 20:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/03 20:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/03 19:49:18 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/03 19:39:55 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/30 22:10:18 | 000,000,000 | ---D | C] -- C:\Users\Coleen Wagner\AppData\Roaming\MyTurboPC.com
[2013/11/30 22:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTurboPC.com
[2013/11/30 15:53:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/29 13:06:40 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/29 13:06:40 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/29 13:06:40 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/29 13:06:40 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/29 13:06:40 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/29 13:06:40 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/29 13:06:40 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/29 13:06:40 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/29 13:06:40 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/29 13:06:40 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/29 13:06:40 | 000,244,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/29 13:06:40 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/29 13:06:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/29 13:06:40 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/29 13:06:40 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/29 13:06:40 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/29 13:06:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/29 13:06:40 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/29 13:06:40 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/29 13:06:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/29 13:06:40 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/29 13:06:40 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/29 13:06:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/29 13:06:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/29 13:06:40 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/29 13:06:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/29 13:06:40 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/29 13:06:39 | 004,240,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/29 13:06:39 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/29 13:06:39 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/29 13:06:39 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/29 13:06:39 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/29 13:06:39 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/29 13:06:39 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/29 13:06:39 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/29 13:06:39 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/29 13:06:39 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/29 13:06:39 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/29 13:06:39 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/29 13:06:39 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/29 13:06:39 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/29 13:06:39 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/29 13:06:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/28 21:21:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/11/15 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/13 19:30:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013/11/13 19:30:55 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 19:30:50 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll
[2013/11/13 19:30:50 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 19:30:43 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/11/13 19:30:43 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll
[2013/11/09 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Coleen Wagner\AppData\Local\Macromedia
[2013/11/06 19:15:32 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/11/06 19:15:07 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/11/06 19:15:07 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/11/06 19:15:07 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/11/06 19:15:07 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/06 19:15:07 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/11/06 19:15:07 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/11/06 19:15:07 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/11/06 19:15:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/11/06 19:15:07 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/11/06 19:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/11/06 19:15:07 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/11/06 19:15:06 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/06 19:15:06 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/11/06 19:15:06 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/11/06 19:15:06 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/11/06 19:15:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/11/06 19:15:06 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/11/06 19:15:06 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/11/06 19:15:06 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/11/06 19:15:05 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/11/06 19:13:01 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/11/06 18:31:57 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidclass.sys
[2013/11/06 18:31:57 | 000,025,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys
[2013/11/06 18:31:52 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2013/11/06 18:28:55 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2013/11/06 18:28:33 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013/11/06 18:28:32 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013/11/06 18:28:31 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2013/11/06 18:28:26 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013/11/06 18:28:17 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/11/06 18:28:16 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/11/06 18:28:15 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll
[2013/11/06 18:28:09 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013/11/06 18:28:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013/11/06 18:28:03 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2013/11/06 18:28:00 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2013/11/06 18:28:00 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2013/11/06 18:28:00 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2013/11/06 18:28:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2013/11/06 18:27:57 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2013/11/06 18:27:57 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2013/11/06 18:27:56 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2013/11/06 18:27:21 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/11/06 18:27:18 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/11/06 18:26:48 | 002,348,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/11/06 18:26:05 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2013/11/06 18:25:39 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2013/11/06 18:25:39 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2013/11/06 18:25:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2013/11/06 18:25:13 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/11/06 18:25:13 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/11/06 18:25:13 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/11/06 18:25:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/11/06 18:25:13 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/11/06 18:25:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/11/06 18:25:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/11/06 18:25:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/11/06 18:25:12 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/11/06 18:25:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/11/06 18:25:12 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/11/06 18:25:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/11/06 18:25:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/11/06 18:25:12 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/11/06 18:25:12 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/11/06 18:16:25 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013/11/05 21:50:48 | 000,120,600 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
[2013/11/04 21:57:30 | 000,209,176 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/11/04 21:43:58 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview
[2013/11/04 21:42:42 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2013/11/03 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla
[2013/11/03 20:56:33 | 000,000,000 | ---D | C] -- C:\Users\Coleen Wagner\AppData\Local\Mozilla
[2013/11/03 20:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2013/12/03 20:42:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/03 20:31:37 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013/12/03 20:29:35 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/03 20:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/03 19:49:43 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 19:49:43 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 19:46:50 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/03 19:46:50 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/03 19:42:39 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 19:42:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/03 19:42:30 | 2385,211,392 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/30 15:53:03 | 239,023,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/29 13:06:40 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/11/29 13:06:40 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/11/29 13:06:40 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2013/11/29 13:06:40 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2013/11/29 13:06:40 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2013/11/29 13:06:40 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll
[2013/11/29 13:06:40 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2013/11/29 13:06:40 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/11/29 13:06:40 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2013/11/29 13:06:40 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/11/29 13:06:40 | 000,244,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2013/11/29 13:06:40 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/11/29 13:06:40 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/11/29 13:06:40 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013/11/29 13:06:40 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll
[2013/11/29 13:06:40 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2013/11/29 13:06:40 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2013/11/29 13:06:40 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2013/11/29 13:06:40 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2013/11/29 13:06:40 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/11/29 13:06:40 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2013/11/29 13:06:40 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/29 13:06:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013/11/29 13:06:40 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/11/29 13:06:40 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/11/29 13:06:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013/11/29 13:06:40 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/11/29 13:06:40 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/29 13:06:39 | 004,240,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/11/29 13:06:39 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2013/11/29 13:06:39 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/11/29 13:06:39 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/11/29 13:06:39 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2013/11/29 13:06:39 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2013/11/29 13:06:39 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013/11/29 13:06:39 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2013/11/29 13:06:39 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2013/11/29 13:06:39 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2013/11/29 13:06:39 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2013/11/29 13:06:39 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2013/11/29 13:06:39 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/11/29 13:06:39 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2013/11/29 13:06:39 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/11/29 13:06:39 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2013/11/28 21:21:16 | 000,000,935 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
[2013/11/17 10:17:24 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/11/17 10:17:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/11/17 09:25:24 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/11 14:38:44 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/06 20:53:41 | 000,281,968 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/06 19:15:32 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/11/06 19:15:07 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll
[2013/11/06 19:15:07 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/11/06 19:15:07 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2013/11/06 19:15:07 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2013/11/06 19:15:07 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2013/11/06 19:15:07 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/11/06 19:15:07 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/11/06 19:15:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/11/06 19:15:07 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/11/06 19:15:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
[2013/11/06 19:15:07 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/11/06 19:15:07 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/11/06 19:15:06 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/11/06 19:15:06 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/11/06 19:15:06 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/11/06 19:15:06 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/11/06 19:15:06 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2013/11/06 19:15:06 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/11/06 19:15:06 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2013/11/06 19:15:06 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/11/06 19:15:05 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2013/11/06 19:13:01 | 001,505,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013/11/05 21:50:48 | 000,120,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgdiskx.sys
[2013/11/04 21:57:30 | 000,209,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2013/11/04 21:55:24 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msclmd.dll
[2013/11/03 20:56:26 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013/12/03 20:29:35 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/30 15:53:02 | 239,023,850 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/29 13:06:40 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/11 14:38:44 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/11/03 20:56:26 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/03 20:56:26 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/10/27 08:26:24 | 000,000,428 | ---- | C] () -- C:\Users\Coleen Wagner\Deaver-Frannie Cemetery District.ND
[2013/10/27 08:26:23 | 011,653,120 | R--- | C] () -- C:\Users\Coleen Wagner\Deaver-Frannie Cemetery District.QBW
[2013/10/26 18:06:00 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2013/10/26 10:12:31 | 000,442,368 | ---- | C] ( ) -- C:\Windows\System32\dleacoin.dll
[2013/10/26 10:12:31 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dleavs.dll
[2013/10/26 10:12:30 | 000,294,912 | ---- | C] () -- C:\Windows\System32\dleacui.dll
[2013/10/26 10:12:30 | 000,110,592 | ---- | C] () -- C:\Windows\System32\dleacuir.dll
[2013/10/26 10:12:30 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dleagcfg.dll
[2013/10/26 10:12:24 | 000,372,736 | ---- | C] () -- C:\Windows\System32\DLEAwupd.dll
[2013/10/26 10:12:24 | 000,213,672 | ---- | C] () -- C:\Windows\System32\DLEAwupd.exe
[2013/10/26 10:12:05 | 001,048,576 | ---- | C] ( ) -- C:\Windows\System32\dleaserv.dll
[2013/10/26 10:12:05 | 000,847,872 | ---- | C] ( ) -- C:\Windows\System32\dleausb1.dll
[2013/10/26 10:12:05 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dleainpa.dll
[2013/10/26 10:12:05 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\DLEAhcp.dll
[2013/10/26 10:12:05 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\dleaiesc.dll
[2013/10/26 10:12:05 | 000,331,776 | ---- | C] () -- C:\Windows\System32\DLEAinst.dll
[2013/10/26 10:12:04 | 000,802,816 | ---- | C] ( ) -- C:\Windows\System32\dleacomc.dll
[2013/10/26 10:12:04 | 000,688,128 | ---- | C] ( ) -- C:\Windows\System32\dleahbn3.dll
[2013/10/26 10:12:04 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dleapmui.dll
[2013/10/26 10:12:04 | 000,598,696 | ---- | C] ( ) -- C:\Windows\System32\dleacoms.exe
[2013/10/26 10:12:04 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\dlealmpm.dll
[2013/10/26 10:12:04 | 000,373,416 | ---- | C] ( ) -- C:\Windows\System32\dleacfg.exe
[2013/10/26 10:12:04 | 000,372,736 | ---- | C] ( ) -- C:\Windows\System32\dleacomm.dll
[2013/10/26 10:12:04 | 000,324,264 | ---- | C] ( ) -- C:\Windows\System32\dleaih.exe
[2013/10/26 10:12:04 | 000,323,584 | ---- | C] () -- C:\Windows\System32\dleains.dll
[2013/10/26 10:12:04 | 000,262,144 | ---- | C] () -- C:\Windows\System32\dleainsb.dll
[2013/10/26 10:12:04 | 000,253,952 | ---- | C] () -- C:\Windows\System32\dleacu.dll
[2013/10/26 10:12:04 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dleagrd.dll
[2013/10/26 10:12:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dleainsr.dll
[2013/10/26 10:12:04 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dleacub.dll
[2013/10/26 10:12:04 | 000,086,180 | ---- | C] () -- C:\Windows\System32\DLEAcfg.dll
[2013/10/26 10:12:04 | 000,057,344 | ---- | C] () -- C:\Windows\System32\dleajswr.dll
[2013/10/26 10:12:04 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dleacur.dll
[2013/10/26 10:11:56 | 000,299,008 | ---- | C] () -- C:\Windows\System32\DLEAsm.dll
[2013/10/26 10:11:56 | 000,028,672 | ---- | C] () -- C:\Windows\System32\DLEAsmr.dll
[2013/10/26 09:20:40 | 000,103,272 | ---- | C] () -- C:\Users\Coleen Wagner\GoToAssistDownloadHelper.exe
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

Share this post


Link to post
Share on other sites

Wybuck, ok lets run OTL fix !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL

:OTLIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SRIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7NDKB_enUS559FF - user.js - File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2013/11/03 20:56:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Extensions[2013/12/03 19:41:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions[2013/11/13 09:30:48 | 000,004,379 | ---- | M] () (No name found) -- C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions\[email protected][2013/11/15 21:02:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensionsCHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: No name found = C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKCU..\Run: [AVG-Secure-Search-Update_1113a] C:\Users\Coleen Wagner\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=a1dd6391707b47d3b6ed4105a31b2edf-b602d594afd2b0b327e07a06f36ca6a7e42546d0 /CMPID=1113a File not foundO13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post the OTL fix log !!

Thanks
Chuck
 

 

Share this post


Link to post
Share on other sites

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions folder moved successfully.
File C:\Users\Coleen Wagner\AppData\Roaming\Mozilla\Firefox\Profiles\d4m1qp6g.default\extensions\[email protected] not found.
C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\browser\extensions folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_TW folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_CN folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\vi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\uk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\tr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\th folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sv folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ru folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ro folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_PT folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_BR folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\no folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\nl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ms folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lv folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lt folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ko folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ja folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\it folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\id folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hu folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\he folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fil folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\eu folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\et folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es_419 folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_US folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_GB folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\el folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\de folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\da folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\cs folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ca folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\bg folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ar folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_TW folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\zh_CN folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\vi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\uk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\tr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\th folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sv folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\sk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ru folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ro folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_PT folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pt_BR folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\pl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\nb folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lv folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\lt folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ko folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ja folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\it folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\id folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hu folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\hi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fil folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\fi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\et folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es_419 folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\es folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en_GB folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\en folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\el folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\de folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\da folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\cs folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\ca folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales\bg folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\_locales folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\images folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\html folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\css folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX\_locales folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_TW folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_CN folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\vi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\uk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\tr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\th folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sk folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\se folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ru folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ro folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_PT folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_BR folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\no folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\nl folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lv folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lt folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ko folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ja folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\it folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\id folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hu folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fr folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fil folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fi folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\es folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\en folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\el folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\de folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\da folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\cs folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ca folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\bg folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ar folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales folder moved successfully.
C:\Users\Coleen Wagner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AVG-Secure-Search-Update_1113a deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Coleen Wagner
->Java cache emptied: 160684 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Coleen Wagner
->Flash cache emptied: 9229 bytes
 
User: Default
 
User: Default User
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Coleen Wagner
->Temp folder emptied: 618232122 bytes
->Temporary Internet Files folder emptied: 209788732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86838680 bytes
->Google Chrome cache emptied: 14031311 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 112992384 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 994.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 12032013_212440

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Share this post


Link to post
Share on other sites

Wybuck, good job !! Looks clean !

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

Let me know if your Xvid thing pops up anymore ??

How is it running ??

It may run a little slow until a few normal re-boots !!

 

If there is no more problems i have 1 last post !!

 

Chuck

Share this post


Link to post
Share on other sites

It will get faster after a few re-boots, if not let me know anyway how it's running in a few days !!

 

===================================

 

 

 

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:


 1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  * From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the  Security tab
   * Click once on the  Internet icon so it becomes highlighted.
   * Click once on the  Custom Level button.
   * Change the  Download signed ActiveX controls to Prompt
   * Change the  Download unsigned ActiveX controls to Disable
   * Change the  Initialize and script ActiveX controls not marked as safe to Disable
  *  Change the  Installation of desktop items to Prompt
   * Change the  Launching programs and files in an IFRAME to Prompt
   * Change the  Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the  OK button.
   * If it prompts you as to whether or not you want to save the settings, press the  Yes button.
  *  Next press the  Apply button and then the  OK to exit the Internet Properties page.


 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  *  Open  Internet Explorer
  *  Click on  Tools > Internet Options
  *  Press  Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
  *  Do the same for  Local Intranet, Trusted Sites and  Restricted Sites and then press  Apply
  *  Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.


NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free
Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
 regularly to download and install any critical updates and service packs.  Windows Vista/7 users can open the  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 6. Consider a custom hosts file such as MVPS HOSTS
 This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the  DNS Client service  before installing a custom hosts file.

 7. WOT (Web of Trust)
WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice
 


A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

Share this post


Link to post
Share on other sites

Since this issue seems resolved this topic is now closed ! if for any reason you need this unlocked please PM me or any Mod !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this