Sign in to follow this  
bigodude60

help I'm broken

Recommended Posts

Computer is constantly having pop ups, and redirects me to pages that I have not chosen.  I often have to shut down the internet and begin again, each time just getting one page farther before I am bombarded with popup pages again.  

Share this post


Link to post
Share on other sites

Howdy bigodude60 and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

Post each log as you get them then move to the next one !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

You can type here asking questions or make comments !!

 

Chuck

Share this post


Link to post
Share on other sites

Run these for me & post the logs !!

 

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop.


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".

 

 

Thanks

Chuck
 

Share this post


Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Microsoft Windows XP x86

Ran by MOM on Sat 01/04/2014 at 20:35:45.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\discoveryhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\gifanimator.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iminent.webbooster.internetexplorer.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\imtrprogress.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\imweb.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\umbrella

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411281122}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Documents and Settings\MOM\appdata\locallow\SkwConfig.bin"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\MOM\Local Settings\Application Data\cre"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\we-care reminder"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/04/2014 at 20:41:11.14

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Share this post


Link to post
Share on other sites

Looks like it removed a bunch ! Now post the Malwarebytes log !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Sorry for the delay but it's been real busy today !!

 

Go here & download the free version Malwarebytes & run it with my instructions above !!

http://www.malwarebytes.org/mbam-download.php

 

Post that log next !

 

 

 

NEXT

 

 

 

Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

Thanks

Chuck

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.06.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MOM :: KMC-953C5353487 [administrator]
 
Protection: Enabled
 
1/5/2014 6:38:38 PM
mbam-log-2014-01-05 (18-38-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213873
Time elapsed: 12 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 10
HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.
 
Files Detected: 53
C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.
C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shoppingchip_2310-3861dc78.exe (Adware.Agent) -> Quarantined and deleted successfully.
 
(end)

 

Share this post


Link to post
Share on other sites

bigodude, i need you to open Malwarebytes & look in the logs tab and see if your scan log is there if it is place a check beside everything it found, then click the "Remove Selected" button, then post that log back here !

 

Also look in control panel. add/remove and uninstall >>> OptimizerPro

 

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS
Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Sweetpacks (Enabled)
CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\
CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes
[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job
[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job
[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm
[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm
[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat
[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe
[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st
[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Purity Check ==========
 
 
 
< End of report >

Share this post


Link to post
Share on other sites

OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free
2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS
Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com
PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE
PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE
PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE
PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll
MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll
MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll
MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll
MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll
MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll
MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll
MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll
MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll
MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Sweetpacks (Enabled)
CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\
CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe
O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes
[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job
[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job
[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm
[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll
[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm
[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat
[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe
[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi
[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st
[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat
 
========== ZeroAccess Check ==========
 
[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Purity Check ==========
 
 
 
< End of report >

Share this post


Link to post
Share on other sites
OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free

2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll

MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll

MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll

MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll

MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll

MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll

MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll

MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll

MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll

MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll

MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll

MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll

MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Sweetpacks (Enabled)

CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23

CHR - default_search_provider: suggest_url = ,


CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\

CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes

[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job

[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job

[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat

[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe

[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st

[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat

 

========== ZeroAccess Check ==========

 

[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Purity Check ==========

 

 

 

< End of report >

Share this post


Link to post
Share on other sites

Thanks for the OTL logs, while i look them over if you look above you will see my other post about the Malwarebytes scan, please do that post next while i find everything that needs removed in the OTL scan !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Is this what you need from  www.malwarebytes.org there are two logs.  I posted them both.

 
Database version: v2014.01.06.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MOM :: KMC-953C5353487 [administrator]
 
Protection: Enabled
 
1/5/2014 6:38:38 PM
mbam-log-2014-01-05 (18-38-38).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213873
Time elapsed: 12 minute(s), 38 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 10
HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 4
C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.
 
Files Detected: 53
C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.
C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.
C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shoppingchip_2310-3861dc78.exe (Adware.Agent) -> Quarantined and deleted successfully.
 
(end)
 

Share this post


Link to post
Share on other sites

That is your scan log, what i need you to do is place a check beside everyone on the left in the small boxes, then select the "remove selected" button !!

Share this post


Link to post
Share on other sites

I am having trouble posting on the computer so I hope you will excuse the multiple postings of the last logs. I see the malwarebytes is showing nothing has been removed. When I go to logs. I get

Item.

C documents and settings\MOM\applicationdata\malwarebytes\malwarebytes anti malware\logs\mbam- log-2014-01-05(18-38-38).txt

C\documents and settings\all users\application data\malwarebytes\malwarebytesanti-malware\logs\protection log 2014-01-05.txt

My options are: OPEN. DELETE. DELETE ALL

There are boxes next to the two lines with pencil icons, however clicking on them changes nothing

Share this post


Link to post
Share on other sites

When you open it does it look like this ??

 

You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image. Make sure that everything is Checked (ticked) and click on the Remove Selected button.

malwarebytes-virus-removal-1.jpg
 

Share this post


Link to post
Share on other sites
2014/01/05 20:06:46 -0700 KMC-953C5353487 MOM IP-BLOCK 162.210.192.26 (Type: outgoing)

2014/01/05 20:06:46 -0700 KMC-953C5353487 MOM IP-BLOCK 162.210.192.26 (Type: outgoing)

Share this post


Link to post
Share on other sites

Ok, i want you to go to Control panel, add/remove programs and delete/uninstall Malwarebytes ! I am gonna have you download & run it again !!

 

 

1. You can download Malwarebytes Anti-Malware Free from the below link, then double click on it to install this program.
    MALWAREBYTES ANTI-MALWARE DOWNLOAD LINK >>>  http://www.malwarebytes.org/mbam-download.php  <<<   On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer. (This link will open a download page in a new window from where you can download Malwarebytes Anti-Malware Free)
2. When the installation begins, keep following the prompts in order to continue with the setup process. DO NOT make any changes to default settings and when the program has finished installing, click on the Finish button.

malwarebytes-installation.jpg

3. On the Scanner tab, select Perform quick scan and then click on the Scan button to start scanning your computer.

malwarebytes-quick-scan.jpg

4. Malwarebytes’ Anti-Malware will now start scanning your computer as shown below.

malwarebytes-scan.jpg

5. When the Malwarebytes scan will be completed, click on Show Result.

malwarebytes-scan-results.jpg

6. You will now be presented with a screen showing you the malware infections that Malwarebytes’ Anti-Malware has detected.Please note that the infections found may be different than what is shown in the image. Make sure that everything is Checked (ticked) and click on the Remove Selected button.

malwarebytes-virus-removal-1.jpg
 

Lets see if that will remove those lines !!

 

Post the new log !!

 

Chuck

Share this post


Link to post
Share on other sites
Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.06.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MOM :: KMC-953C5353487 [administrator]

 

Protection: Disabled

 

1/5/2014 8:20:51 PM

mbam-log-2014-01-05 (20-20-51).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213712

Time elapsed: 10 minute(s), 6 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 10

HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.

HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 4

C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.

 

Files Detected: 52

C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.

C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.

 

(end)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this