View Full Version : Meredrop and FBI lockout
Tntjacobs
2012-12-28, 23:13
This morning I started my computer and this FBI lockout screen came up prompting me to pay $300 to get my computer unlocked. I restarted the computer and it came up what seemed to be normally. Avira then popped up saying D:/Users/Jacobs Family/wgsdgsdgdsgsd.dll was infected with Meredrop. When I clicked to remove it Avira would attempt to scan and would just disappear. I opened a manual removal thread on this forum and the registry keys it suggested were not modified. I downloaded Spybot and ran it. Fixed all the things that it found. Avira continued to pop up with the warning, so I tried to delete the wgsdgsdgdsgsd.dll file and it would not let me. I restarted the computer in safe mode and the FBI lockout came back. Restarted the computer running Windows XP (have installed on another partition) and removed the wgsdgsdgdsgsd.dll file. Now the Avira warning is gone but Windows Security Center wont start. I was trying not to have to post here but I need your help. Thank you.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Jacobs Family at 15:19:45 on 2012-12-28
.
============== Running Processes ================
.
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\atiesrxx.exe
D:\Windows\system32\atieclxx.exe
D:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Windows\system32\taskhost.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
D:\Windows\system32\Dwm.exe
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
D:\Windows\Explorer.EXE
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Kodak\KODAK Share Button App\Listener.exe
D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
D:\Program Files\Real\RealPlayer\Update\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
D:\Program Files\Steam\steam.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Windows\system32\conhost.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Common Files\Steam\SteamService.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\conhost.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\svchost.exe -k WindowsMobile
D:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - d:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - d:\program files\ask.com\GenericAskToolbar.dll
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [KGShareApp] d:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [GoogleDriveSync] "d:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [EPSON NX300 Series] d:\windows\system32\spool\drivers\w32x86\3\e_fatieja.exe /fu "d:\windows\temp\E_S5270.tmp" /EF "HKCU"
uRun: [BYR_AGENT] d:\lgmobileupgrade\lgmobileax\byr_client\VZWNotiAgent.exe
uRun: [Spybot-S&D Cleaning] "d:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "d:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Windows Mobile Device Center] d:\windows\windowsmobile\wmdc.exe
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [BYR_AGENT] d:\programdata\lgmobileax\byr_client\VZWNotiAgent.exe
mRun: [Launch PC Probe II] "d:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{337AE17F-5C22-4479-9234-0E7582AA9796} : DHCPNameServer = 192.168.1.1
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\jacobs family\appdata\roaming\mozilla\firefox\profiles\monq11y0.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=100486&babsrc=KW_ss&mntrId=04be9d2c0000000000008000600fe800&q=
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: d:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: d:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\users\jacobs family\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: d:\windows\system32\npdeployJava1.dll
FF - plugin: d:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-04 17:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.hardId - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:16:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dmvsc;dmvsc
R? EagleXNt;EagleXNt
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Realtime Protection
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-DNS;PCTools Firewall - DNS driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? RTL8167;Realtek 8167 NT Driver
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
.
=============== Created Last 30 ================
.
2012-12-28 19:08:16 -------- d-----w- D:\sh4ldr
2012-12-28 19:08:16 -------- d-----w- d:\program files\Enigma Software Group
2012-12-28 19:07:56 -------- d-----w- d:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-28 19:07:55 -------- d-----w- d:\program files\common files\Wise Installation Wizard
2012-12-28 18:27:36 -------- d-----w- d:\windows\pss
2012-12-28 17:32:01 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2012-12-28 17:31:53 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-12-28 17:31:51 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2012-12-28 17:30:59 -------- d-----w- d:\users\jacobs family\appdata\local\Programs
2012-12-28 09:26:19 6812136 ----a-w- d:\programdata\microsoft\windows defender\definition updates\{931999c0-0505-4800-af8c-39443d5449f7}\mpengine.dll
2012-12-21 09:00:25 34304 ----a-w- d:\windows\system32\atmlib.dll
2012-12-21 09:00:25 295424 ----a-w- d:\windows\system32\atmfd.dll
2012-12-11 19:33:39 2345984 ----a-w- d:\windows\system32\win32k.sys
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2012-12-05 19:25:09 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-12-11 22:22:43 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 22:22:43 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-12-05 19:24:41 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-12-05 19:24:41 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- d:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- d:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- d:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- d:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- d:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- d:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- d:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- d:\windows\system32\dpnet.dll
2012-10-25 09:12:26 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- d:\windows\system32\QuickTime.qts
2012-10-16 07:39:52 561664 ----a-w- d:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- d:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- d:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- d:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- d:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- d:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- d:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- d:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- d:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- d:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- d:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- d:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- d:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- d:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- d:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 15:20:42.94 ===============
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-28 15:38:48
-----------------------------
15:38:48.293 OS Version: Windows 6.1.7601 Service Pack 1
15:38:48.293 Number of processors: 4 586 0x402
15:38:48.293 ComputerName: JACOBSFAMILY-PC UserName: Jacobs Family
15:38:57.637 Initialize success
15:39:08.401 AVAST engine defs: 12122800
15:39:11.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
15:39:11.677 Disk 0 Vendor: AMD_____ 1.10 Size: 610490MB BusType: 8
15:39:11.693 Disk 0 MBR read successfully
15:39:11.693 Disk 0 MBR scan
15:39:11.724 Disk 0 Windows 7 default MBR code
15:39:11.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300002 MB offset 63
15:39:11.724 Disk 0 Partition - 00 0F Extended LBA 310474 MB offset 614405925
15:39:11.739 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 310474 MB offset 614405988
15:39:11.739 Disk 0 scanning sectors +1250258625
15:39:11.802 Disk 0 scanning D:\Windows\system32\drivers
15:39:22.832 Service scanning
15:39:43.112 Modules scanning
15:39:46.934 Disk 0 trace - called modules:
15:39:47.497 ntkrnlpa.exe CLASSPNP.SYS disk.sys storport.sys halmacpi.dll amdsbs.sys
15:39:47.512 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8617d030]
15:39:47.528 3 CLASSPNP.SYS[8bb9759e] -> nt!IofCallDriver -> \Device\00000069[0x85e69b78]
15:39:48.729 AVAST engine scan D:\Windows
15:39:51.225 AVAST engine scan D:\Windows\system32
15:44:08.062 AVAST engine scan D:\Windows\system32\drivers
15:44:30.917 AVAST engine scan D:\Users\Jacobs Family
15:46:59.153 Disk 0 MBR has been saved successfully to "D:\Users\Jacobs Family\Desktop\MBR.dat"
15:46:59.159 The log file has been saved successfully to "D:\Users\Jacobs Family\Desktop\aswMBR.txt"
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
Tntjacobs
2012-12-30, 23:47
First of all, thank you for your help.
ComboFix 12-12-30.01 - Jacobs Family 12/30/2012 16:31:20.1.4 - x86
Running from: d:\users\Jacobs Family\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\dsgsdgdsgdsgw.pad
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\_ctypes.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\_elementtree.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\_hashlib.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\_socket.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\_ssl.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\pyexpat.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\pysqlite2._sqlite.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\python26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\pythoncom26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\PyWinTypes26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\select.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\unicodedata.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32api.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32com.shell.shell.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32crypt.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32event.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32file.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32inet.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32pdh.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32process.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32profile.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32security.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\win32ts.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\windows._cacheinvalidation.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._controls_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._core_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._gdi_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._html2.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._misc_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._windows_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wx._wizard.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxbase293u_net_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxbase293u_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxmsw293u_adv_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxmsw293u_core_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxmsw293u_html_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI33762\wxmsw293u_webview_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\_ctypes.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\_elementtree.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\_hashlib.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\_socket.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\_ssl.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\pyexpat.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\pysqlite2._sqlite.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\python26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\pythoncom26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\PyWinTypes26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\select.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\unicodedata.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32api.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32com.shell.shell.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32crypt.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32event.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32file.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32inet.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32pdh.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32process.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32profile.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32security.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\win32ts.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\windows._cacheinvalidation.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._controls_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._core_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._gdi_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._html2.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._misc_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._windows_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wx._wizard.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxbase293u_net_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxbase293u_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxmsw293u_adv_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxmsw293u_core_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxmsw293u_html_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI33762\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2012-12-28 21:49 . 2012-12-28 21:49 -------- d-----w- D:\Extracted S&D log
2012-12-28 21:13 . 2012-12-28 21:17 -------- d-----w- d:\program files\ERUNT
2012-12-28 19:08 . 2012-12-28 20:40 -------- d-----w- D:\sh4ldr
2012-12-28 19:08 . 2012-12-28 19:08 -------- d-----w- d:\program files\Enigma Software Group
2012-12-28 19:07 . 2012-12-28 20:40 -------- d-----w- d:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-28 19:07 . 2012-12-28 19:07 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2012-12-28 17:32 . 2012-12-28 21:51 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2012-12-28 17:31 . 2009-01-25 18:14 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-12-28 17:31 . 2012-12-28 17:31 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2012-12-28 17:30 . 2012-12-28 17:30 -------- d-----w- d:\users\Jacobs Family\AppData\Local\Programs
2012-12-28 09:26 . 2012-11-08 18:00 6812136 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{931999C0-0505-4800-AF8C-39443D5449F7}\mpengine.dll
2012-12-26 14:41 . 2012-12-28 18:47 2964 ----a-w- d:\programdata\dsgsdgdsgdsgw.js
2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- d:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- d:\windows\system32\atmlib.dll
2012-12-11 19:33 . 2012-11-22 02:56 2345984 ----a-w- d:\windows\system32\win32k.sys
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-05 19:38 . 2012-12-05 19:39 -------- d-----w- d:\program files\QuickTime
2012-12-05 19:27 . 2012-12-05 19:27 -------- d-----w- d:\program files\Common Files\Java
2012-12-05 19:25 . 2012-12-05 19:24 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 22:22 . 2012-04-20 18:35 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-12-11 22:22 . 2012-01-16 12:30 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-05 19:24 . 2012-09-06 19:04 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-12-05 19:24 . 2012-01-16 12:40 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-11-17 06:05 . 2012-09-13 01:11 98304 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-11-17 06:05 . 2012-09-13 01:11 24576 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-11-17 06:05 . 2012-09-13 01:11 1347584 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- d:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-27 18:10 561664 ----a-w- d:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 05:18 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 05:18 193536 ----a-w- d:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 09:27 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 09:27 52224 ----a-w- d:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 09:27 242176 ----a-w- d:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 09:27 18944 ----a-w- d:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 09:27 175104 ----a-w- d:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 09:27 156672 ----a-w- d:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 09:27 499712 ----a-w- d:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 09:27 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys
2012-12-05 18:34 . 2012-11-21 22:51 262112 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2012-12-05 1354736]
"KGShareApp"="d:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"GoogleDriveSync"="d:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"BYR_AGENT"="d:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-12-10 392320]
"Spybot-S&D Cleaning"="d:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"00PCTFW"="d:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Monitor"="d:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TkBellExe"="d:\program files\Real\RealPlayer\Update\realsched.exe" [2012-06-13 296056]
"Launch PC Probe II"="d:\program files\ASUS\PC Probe II\Probe2.exe" [2009-05-15 2146816]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SDTray"="d:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleXNt;EagleXNt;d:\windows\system32\drivers\EagleXNt.sys [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 pctgntdi;pctgntdi;d:\windows\System32\drivers\pctgntdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 PCTAppEvent;PCTAppEvent Driver;d:\windows\system32\drivers\PCTAppEvent.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;d:\windows\system32\drivers\pctNdis-DNS.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;d:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
S3 pctNDIS;PC Tools Driver;d:\windows\system32\DRIVERS\pctNdis.sys [x]
S3 pctplfw;pctplfw;d:\windows\System32\drivers\pctplfw.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-28 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:22]
.
2012-12-30 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 01:59]
.
2012-12-28 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\users\Jacobs Family\AppData\Roaming\Mozilla\Firefox\Profiles\monq11y0.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=100486&babsrc=KW_ss&mntrId=04be9d2c0000000000008000600fe800&q=
FF - ExtSQL: 2012-11-04 17:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.hardId - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-BYR_AGENT - d:\programdata\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\atieclxx.exe
d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
d:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
d:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
d:\program files\PC Tools Firewall Plus\FWService.exe
d:\program files\CyberLink\Shared files\RichVideo.exe
d:\windows\system32\taskhost.exe
d:\program files\Kodak\KODAK Share Button App\Listener.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\windows\system32\conhost.exe
d:\windows\system32\conhost.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Common Files\Steam\SteamService.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-12-30 16:40:31 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-30 22:40
.
Pre-Run: 256,932,950,016 bytes free
Post-Run: 256,803,520,512 bytes free
.
- - End Of File - - 26BF2DC785A239A1DDFD17E025B07369
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Jacobs Family at 16:41:11 on 2012-12-30
.
============== Running Processes ================
.
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\atiesrxx.exe
D:\Windows\system32\atieclxx.exe
D:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
D:\Windows\system32\Dwm.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Windows\system32\taskhost.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\Kodak\KODAK Share Button App\Listener.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Windows\system32\conhost.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
D:\Program Files\Real\RealPlayer\Update\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
D:\Program Files\Steam\steam.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Windows\system32\SearchIndexer.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Program Files\Common Files\Steam\SteamService.exe
D:\Windows\Explorer.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\system32\sppsvc.exe
D:\Windows\system32\conhost.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - d:\programdata\wecarereminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [KGShareApp] d:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [GoogleDriveSync] "d:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [BYR_AGENT] d:\lgmobileupgrade\lgmobileax\byr_client\VZWNotiAgent.exe
uRun: [Spybot-S&D Cleaning] "d:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "d:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Windows Mobile Device Center] d:\windows\windowsmobile\wmdc.exe
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Launch PC Probe II] "d:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{337AE17F-5C22-4479-9234-0E7582AA9796} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\jacobs family\appdata\roaming\mozilla\firefox\profiles\monq11y0.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=100486&babsrc=KW_ss&mntrId=04be9d2c0000000000008000600fe800&q=
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: d:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: d:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\users\jacobs family\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: d:\windows\system32\npdeployJava1.dll
FF - plugin: d:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-04 17:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.hardId - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:16:54
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dmvsc;dmvsc
R? EagleXNt;EagleXNt
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Realtime Protection
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-DNS;PCTools Firewall - DNS driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? RTL8167;Realtek 8167 NT Driver
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
.
=============== Created Last 30 ================
.
2012-12-30 22:38:25 -------- d-sh--w- D:\$RECYCLE.BIN
2012-12-30 22:35:51 -------- d-----w- d:\users\jacobs family\appdata\local\temp
2012-12-30 22:35:43 60872 ----a-w- d:\programdata\microsoft\windows defender\definition updates\{931999c0-0505-4800-af8c-39443d5449f7}\offreg.dll
2012-12-30 22:29:36 98816 ----a-w- d:\windows\sed.exe
2012-12-30 22:29:36 256000 ----a-w- d:\windows\PEV.exe
2012-12-30 22:29:36 208896 ----a-w- d:\windows\MBR.exe
2012-12-30 22:29:33 -------- d-----w- D:\ComboFix
2012-12-28 21:49:22 -------- d-----w- D:\Extracted S&D log
2012-12-28 19:08:16 -------- d-----w- D:\sh4ldr
2012-12-28 19:08:16 -------- d-----w- d:\program files\Enigma Software Group
2012-12-28 19:07:56 -------- d-----w- d:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-28 19:07:55 -------- d-----w- d:\program files\common files\Wise Installation Wizard
2012-12-28 18:27:36 -------- d-----w- d:\windows\pss
2012-12-28 17:32:01 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2012-12-28 17:31:53 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-12-28 17:31:51 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2012-12-28 17:30:59 -------- d-----w- d:\users\jacobs family\appdata\local\Programs
2012-12-28 09:26:19 6812136 ----a-w- d:\programdata\microsoft\windows defender\definition updates\{931999c0-0505-4800-af8c-39443d5449f7}\mpengine.dll
2012-12-21 09:00:25 34304 ----a-w- d:\windows\system32\atmlib.dll
2012-12-21 09:00:25 295424 ----a-w- d:\windows\system32\atmfd.dll
2012-12-11 19:33:39 2345984 ----a-w- d:\windows\system32\win32k.sys
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2012-12-05 19:25:09 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-12-11 22:22:43 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 22:22:43 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-12-05 19:24:41 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-12-05 19:24:41 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- d:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- d:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- d:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- d:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- d:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- d:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- d:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- d:\windows\system32\dpnet.dll
2012-10-25 09:12:26 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- d:\windows\system32\QuickTime.qts
2012-10-16 07:39:52 561664 ----a-w- d:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- d:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- d:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- d:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- d:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- d:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- d:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- d:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- d:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- d:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- d:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- d:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- d:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- d:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- d:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 16:42:37.95 ===============
Hi,
Upload d:\programdata\dsgsdgdsgdsgw.js file to VirusTotal (http://www.virustotal.com) (reanalyse if prompted) and post back a link to the results.
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish. Copy-paste results back here.
Tntjacobs
2012-12-31, 06:28
https://www.virustotal.com/file/b526ad176f9cb430e655e6fe1b924b3ee2fd0c677c327c04560100060ed87c23/analysis/1356927599/
ESET scan
D:\Users\Jacobs Family\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\f00dbc8-4775deca Java/Agent.FH trojan
Of note: during the scan Avira came up with a warning stating d:/system volume information/.../A0002846.dll was infected with Meredrop.W32.
Hi again,
Of note: during the scan Avira came up with a warning stating d:/system volume information/.../A0002846.dll was infected with Meredrop.W32.
That will be cleaned when system restore is reseted (will be done a bit later).
Open notepad and copy/paste the text in the quotebox below into it:
ClearJavaCache::
File::
d:\programdata\dsgsdgdsgdsgw.js
Firefox::
FF - ProfilePath - d:\users\Jacobs Family\AppData\Roaming\Mozilla\Firefox\Profiles\monq11y0.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=100486&babsrc=KW_ss&mntrId=04be9d2c0000000000008000600fe800&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100486
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.hardId - 04be9d2c0000000000008000600fe800
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15450
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log + fresh DDS logs.
Tntjacobs
2012-12-31, 17:54
ComboFix 12-12-31.01 - Jacobs Family 12/31/2012 10:41:19.2.4 - x86
Running from: d:\users\Jacobs Family\Desktop\ComboFix.exe
Command switches used :: d:\users\Jacobs Family\Desktop\CFScript.txt
.
FILE ::
"d:\programdata\dsgsdgdsgdsgw.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\programdata\dsgsdgdsgdsgw.js
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\_ctypes.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\_elementtree.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\_hashlib.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\_socket.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\_ssl.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\pyexpat.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\python26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\pythoncom26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\PyWinTypes26.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\select.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\unicodedata.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32api.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32crypt.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32event.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32file.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32inet.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32pdh.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32process.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32profile.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32security.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\win32ts.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\windows._cacheinvalidation.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._controls_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._core_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._html2.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._misc_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._windows_.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wx._wizard.pyd
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxbase293u_net_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxbase293u_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxmsw293u_adv_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxmsw293u_core_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxmsw293u_html_vc.dll
d:\users\Jacobs Family\AppData\Local\Temp\_MEI31722\wxmsw293u_webview_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\_ctypes.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\_elementtree.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\_hashlib.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\_socket.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\_ssl.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\pyexpat.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\pysqlite2._sqlite.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\python26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\pythoncom26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\PyWinTypes26.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\select.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\unicodedata.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32api.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32com.shell.shell.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32crypt.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32event.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32file.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32inet.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32pdh.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32process.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32profile.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32security.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\win32ts.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\windows._cacheinvalidation.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._controls_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._core_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._gdi_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._html2.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._misc_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._windows_.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wx._wizard.pyd
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxbase293u_net_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxbase293u_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxmsw293u_adv_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxmsw293u_core_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxmsw293u_html_vc.dll
d:\users\JACOBS~1\AppData\Local\Temp\_MEI31722\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))
.
.
2012-12-31 16:45 . 2012-12-31 16:47 -------- d-----w- d:\users\Jacobs Family\AppData\Local\temp
2012-12-31 16:45 . 2012-12-31 16:45 -------- d-----w- d:\users\Default\AppData\Local\temp
2012-12-31 04:24 . 2012-12-31 04:24 -------- d-----w- d:\program files\ESET
2012-12-28 21:49 . 2012-12-28 21:49 -------- d-----w- D:\Extracted S&D log
2012-12-28 21:13 . 2012-12-28 21:17 -------- d-----w- d:\program files\ERUNT
2012-12-28 19:08 . 2012-12-28 20:40 -------- d-----w- D:\sh4ldr
2012-12-28 19:08 . 2012-12-28 19:08 -------- d-----w- d:\program files\Enigma Software Group
2012-12-28 19:07 . 2012-12-28 20:40 -------- d-----w- d:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-28 19:07 . 2012-12-28 19:07 -------- d-----w- d:\program files\Common Files\Wise Installation Wizard
2012-12-28 17:32 . 2012-12-28 21:51 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2012-12-28 17:31 . 2009-01-25 18:14 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-12-28 17:31 . 2012-12-28 17:31 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2012-12-28 17:30 . 2012-12-28 17:30 -------- d-----w- d:\users\Jacobs Family\AppData\Local\Programs
2012-12-28 09:26 . 2012-11-08 18:00 6812136 ----a-w- d:\programdata\Microsoft\Windows Defender\Definition Updates\{931999C0-0505-4800-AF8C-39443D5449F7}\mpengine.dll
2012-12-21 09:00 . 2012-12-16 14:13 295424 ----a-w- d:\windows\system32\atmfd.dll
2012-12-21 09:00 . 2012-12-16 14:13 34304 ----a-w- d:\windows\system32\atmlib.dll
2012-12-11 19:33 . 2012-11-22 02:56 2345984 ----a-w- d:\windows\system32\win32k.sys
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-05 19:39 . 2012-12-05 19:39 159744 ----a-w- d:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-12-05 19:38 . 2012-12-05 19:39 -------- d-----w- d:\program files\QuickTime
2012-12-05 19:27 . 2012-12-05 19:27 -------- d-----w- d:\program files\Common Files\Java
2012-12-05 19:25 . 2012-12-05 19:24 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 22:22 . 2012-04-20 18:35 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-12-11 22:22 . 2012-01-16 12:30 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-05 19:24 . 2012-09-06 19:04 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-12-05 19:24 . 2012-01-16 12:40 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-11-17 06:05 . 2012-09-13 01:11 98304 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2012-11-17 06:05 . 2012-09-13 01:11 24576 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2012-11-17 06:05 . 2012-09-13 01:11 1347584 ----a-w- d:\users\Jacobs Family\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- d:\windows\system32\QuickTime.qts
2012-10-16 07:39 . 2012-11-27 18:10 561664 ----a-w- d:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 05:18 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 05:18 193536 ----a-w- d:\windows\system32\dhcpcore6.dll
2012-10-03 16:58 . 2012-11-16 09:27 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-16 09:27 52224 ----a-w- d:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-16 09:27 242176 ----a-w- d:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-16 09:27 18944 ----a-w- d:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-16 09:27 175104 ----a-w- d:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-16 09:27 156672 ----a-w- d:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-16 09:27 499712 ----a-w- d:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-16 09:27 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys
2012-12-05 18:34 . 2012-11-21 22:51 262112 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-11-08 22:58 556056 ----a-w- d:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\program files\Steam\steam.exe" [2012-12-05 1354736]
"KGShareApp"="d:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]
"GoogleDriveSync"="d:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
"BYR_AGENT"="d:\lgmobileupgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe" [2012-12-10 392320]
"Spybot-S&D Cleaning"="d:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-09 348664]
"00PCTFW"="d:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-11-27 2971608]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Monitor"="d:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"Windows Mobile Device Center"="d:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"TkBellExe"="d:\program files\Real\RealPlayer\Update\realsched.exe" [2012-06-13 296056]
"Launch PC Probe II"="d:\program files\ASUS\PC Probe II\Probe2.exe" [2009-05-15 2146816]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SDTray"="d:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-11-13 3825176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
R2 SDWSCService;Spybot-S&D 2 Security Center Service;d:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 dmvsc;dmvsc;d:\windows\system32\drivers\dmvsc.sys [x]
R3 EagleXNt;EagleXNt;d:\windows\system32\drivers\EagleXNt.sys [x]
R3 TsUsbFlt;TsUsbFlt;d:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;d:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;d:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;d:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 pctgntdi;pctgntdi;d:\windows\System32\drivers\pctgntdi.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 PCTAppEvent;PCTAppEvent Driver;d:\windows\system32\drivers\PCTAppEvent.sys [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;d:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;d:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S3 PCTFW-DNS;PCTools Firewall - DNS driver;d:\windows\system32\drivers\pctNdis-DNS.sys [x]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;d:\windows\system32\drivers\pctNdis-PacketFilter.sys [x]
S3 pctNDIS;PC Tools Driver;d:\windows\system32\DRIVERS\pctNdis.sys [x]
S3 pctplfw;pctplfw;d:\windows\System32\drivers\pctplfw.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;d:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-31 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 22:22]
.
2012-12-31 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 01:59]
.
2012-12-31 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2012-06-18 01:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - d:\users\Jacobs Family\AppData\Roaming\Mozilla\Firefox\Profiles\monq11y0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2012-11-04 17:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\atieclxx.exe
d:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\program files\Avira\AntiVir Desktop\avguard.exe
d:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
d:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
d:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
d:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
d:\program files\PC Tools Firewall Plus\FWService.exe
d:\program files\CyberLink\Shared files\RichVideo.exe
d:\windows\system32\taskhost.exe
d:\program files\Kodak\KODAK Share Button App\Listener.exe
d:\program files\Avira\AntiVir Desktop\avshadow.exe
d:\windows\system32\conhost.exe
d:\windows\system32\conhost.exe
d:\program files\iPod\bin\iPodService.exe
d:\program files\Common Files\Steam\SteamService.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-12-31 10:49:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-31 16:49
ComboFix2.txt 2012-12-30 22:40
.
Pre-Run: 259,777,130,496 bytes free
Post-Run: 259,765,276,672 bytes free
.
- - End Of File - - D37F79BD2AABD20EEBAD7D45C6BC8600
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Jacobs Family at 10:51:48 on 2012-12-31
.
============== Running Processes ================
.
D:\Windows\system32\wininit.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\atiesrxx.exe
D:\Windows\system32\atieclxx.exe
D:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
D:\Program Files\PC Tools Firewall Plus\FWService.exe
D:\Program Files\CyberLink\Shared files\RichVideo.exe
D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
D:\Windows\system32\Dwm.exe
D:\Windows\system32\taskhost.exe
D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
D:\Windows\system32\taskeng.exe
D:\Windows\system32\taskeng.exe
D:\Program Files\Kodak\KODAK Share Button App\Listener.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Windows\system32\conhost.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
D:\Program Files\Real\RealPlayer\Update\realsched.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
D:\Program Files\Steam\steam.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
D:\Program Files\Google\Drive\googledrivesync.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Windows\system32\SearchIndexer.exe
D:\Program Files\Common Files\Steam\SteamService.exe
D:\Windows\Explorer.exe
D:\Program Files\Windows Media Player\wmpnetwk.exe
D:\Windows\system32\sppsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Windows\system32\conhost.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\System32\svchost.exe -k secsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - d:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - d:\program files\java\jre7\bin\jp2ssv.dll
uRun: [Steam] "d:\program files\steam\steam.exe" -silent
uRun: [KGShareApp] d:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [GoogleDriveSync] "d:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [BYR_AGENT] d:\lgmobileupgrade\lgmobileax\byr_client\VZWNotiAgent.exe
uRun: [Spybot-S&D Cleaning] "d:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [00PCTFW] "d:\program files\pc tools firewall plus\FirewallGUI.exe" -s
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Monitor] "d:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Windows Mobile Device Center] d:\windows\windowsmobile\wmdc.exe
mRun: [TkBellExe] "d:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Launch PC Probe II] "d:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SDTray] "d:\program files\spybot - search & destroy 2\SDTray.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{337AE17F-5C22-4479-9234-0E7582AA9796} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\users\jacobs family\appdata\roaming\mozilla\firefox\profiles\monq11y0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: d:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: d:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: d:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: d:\program files\virtools\3d life player\npvirtools.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: d:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: d:\users\jacobs family\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: d:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: d:\windows\system32\npdeployJava1.dll
FF - plugin: d:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-04 17:21; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? dmvsc;dmvsc
R? EagleXNt;EagleXNt
R? SDWSCService;Spybot-S&D 2 Security Center Service
R? StorSvc;Storage Service
R? TsUsbFlt;TsUsbFlt
R? TsUsbGD;Remote Desktop Generic USB Device
R? WatAdminSvc;Windows Activation Technologies Service
S? AMD External Events Utility;AMD External Events Utility
S? AntiVirSchedulerService;Avira Scheduler
S? AntiVirService;Avira Realtime Protection
S? avgntflt;avgntflt
S? avkmgr;avkmgr
S? PCTAppEvent;PCTAppEvent Driver
S? PCTFW-DNS;PCTools Firewall - DNS driver
S? PCTFW-PacketFilter;PCTools Firewall - Packet filter driver
S? pctgntdi;pctgntdi
S? pctNDIS;PC Tools Driver
S? PCToolsFirewallPlus;PC Tools Firewall Plus
S? pctplfw;pctplfw
S? RTL8167;Realtek 8167 NT Driver
S? SDScannerService;Spybot-S&D 2 Scanner Service
S? SDUpdateService;Spybot-S&D 2 Updating Service
.
=============== Created Last 30 ================
.
2012-12-31 16:47:48 -------- d-----w- D:\$RECYCLE.BIN
2012-12-31 16:45:20 -------- d-----w- d:\users\jacobs family\appdata\local\temp
2012-12-31 16:39:55 -------- d-----w- D:\ComboFix
2012-12-31 04:24:22 -------- d-----w- d:\program files\ESET
2012-12-30 22:29:36 98816 ----a-w- d:\windows\sed.exe
2012-12-30 22:29:36 256000 ----a-w- d:\windows\PEV.exe
2012-12-30 22:29:36 208896 ----a-w- d:\windows\MBR.exe
2012-12-28 21:49:22 -------- d-----w- D:\Extracted S&D log
2012-12-28 19:08:16 -------- d-----w- D:\sh4ldr
2012-12-28 19:08:16 -------- d-----w- d:\program files\Enigma Software Group
2012-12-28 19:07:56 -------- d-----w- d:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-28 19:07:55 -------- d-----w- d:\program files\common files\Wise Installation Wizard
2012-12-28 18:27:36 -------- d-----w- d:\windows\pss
2012-12-28 17:32:01 -------- d-----w- d:\programdata\Spybot - Search & Destroy
2012-12-28 17:31:53 15224 ----a-w- d:\windows\system32\sdnclean.exe
2012-12-28 17:31:51 -------- d-----w- d:\program files\Spybot - Search & Destroy 2
2012-12-28 17:30:59 -------- d-----w- d:\users\jacobs family\appdata\local\Programs
2012-12-28 09:26:19 6812136 ----a-w- d:\programdata\microsoft\windows defender\definition updates\{931999c0-0505-4800-af8c-39443d5449f7}\mpengine.dll
2012-12-21 09:00:25 34304 ----a-w- d:\windows\system32\atmlib.dll
2012-12-21 09:00:25 295424 ----a-w- d:\windows\system32\atmfd.dll
2012-12-11 19:33:39 2345984 ----a-w- d:\windows\system32\win32k.sys
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2012-12-05 19:39:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2012-12-05 19:25:09 93672 ----a-w- d:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-12-11 22:22:43 73656 ----a-w- d:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 22:22:43 697272 ----a-w- d:\windows\system32\FlashPlayerApp.exe
2012-12-05 19:24:41 821736 ----a-w- d:\windows\system32\npdeployJava1.dll
2012-12-05 19:24:41 746984 ----a-w- d:\windows\system32\deployJava1.dll
2012-11-14 02:09:22 1800704 ----a-w- d:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- d:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- d:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- d:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- d:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- d:\windows\system32\mshtml.tlb
2012-11-09 04:42:49 2048 ----a-w- d:\windows\system32\tzres.dll
2012-11-02 05:11:31 376832 ----a-w- d:\windows\system32\dpnet.dll
2012-10-25 09:12:26 94208 ----a-w- d:\windows\system32\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- d:\windows\system32\QuickTime.qts
2012-10-16 07:39:52 561664 ----a-w- d:\windows\apppatch\AcLayers.dll
2012-10-09 17:40:31 44032 ----a-w- d:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- d:\windows\system32\dhcpcore6.dll
2012-10-04 16:47:18 169984 ----a-w- d:\windows\system32\winsrv.dll
2012-10-04 16:43:05 293376 ----a-w- d:\windows\system32\KernelBase.dll
2012-10-04 14:57:58 271360 ----a-w- d:\windows\system32\conhost.exe
2012-10-04 14:41:50 6144 ---ha-w- d:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- d:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- d:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- d:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-03 16:58:30 1293680 ----a-w- d:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42:26 52224 ----a-w- d:\windows\system32\nlaapi.dll
2012-10-03 16:42:26 242176 ----a-w- d:\windows\system32\nlasvc.dll
2012-10-03 16:42:24 18944 ----a-w- d:\windows\system32\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- d:\windows\system32\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- d:\windows\system32\ncsi.dll
2012-10-03 16:40:35 499712 ----a-w- d:\windows\system32\iphlpsvc.dll
2012-10-03 15:21:38 35328 ----a-w- d:\windows\system32\drivers\tcpipreg.sys
.
============= FINISH: 10:52:33.12 ===============
Good :) Any issues remaining (if that system restore related item is not included)?
Tntjacobs
2013-01-02, 04:11
I ran a scan with Avira, it did find that file mentioned earlier in the restore, I moved it to quarantine. I still cannot start windows security center, and I also cannot remove the ask toolbar through add/remove programs.
Thanks
Tyson
Hi,
Does it give any error messages when you try to access Windows Security Center? Any errors when you try to uninstall Ask Toolbar?
Tntjacobs
2013-01-02, 19:08
I have attached screenshots of the errors that come up. When uninstalling asktoolbar there are no browsers open. I am set to administrator rights.
Thanks for the help.
Hi,
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
Tntjacobs
2013-01-03, 16:15
OTL logfile created on: 1/3/2013 8:59:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Jacobs Family\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 69.18% Memory free
6.48 Gb Paging File | 5.23 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 292.97 Gb Total Space | 276.81 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive D: | 303.20 Gb Total Space | 238.25 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
Computer Name: JACOBSFAMILY-PC | User Name: Jacobs Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Users\Jacobs Family\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
PRC - D:\Program Files\Steam\steam.exe (Valve Corporation)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - D:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - D:\Windows\System32\atieclxx.exe (AMD)
PRC - D:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - D:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._core_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._controls_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\windows._cacheinvalidation.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._windows_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._gdi_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._misc_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\_ssl.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\unicodedata.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\pysqlite2._sqlite.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\pythoncom26.dll ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\_hashlib.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32com.shell.shell.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\pyexpat.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._wizard.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32file.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32security.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\PyWinTypes26.dll ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32api.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\_elementtree.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\_ctypes.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\wx._html2.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\_socket.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32inet.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32process.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32ts.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32pdh.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32profile.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32event.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\win32crypt.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI31762\select.pyd ()
MOD - D:\Program Files\Steam\sdl.dll ()
MOD - D:\Program Files\Steam\bin\libcef.dll ()
MOD - D:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - D:\Program Files\Steam\bin\chromehtml.dll ()
MOD - D:\Program Files\Steam\bin\avformat-53.dll ()
MOD - D:\Program Files\Steam\bin\avutil-51.dll ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - D:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
========== Services (SafeList) ==========
SRV - (Winmgmt) -- D:\Users\JACOBS~1\wgsdgsdgdsgsd.dll File not found
SRV - (SDWSCService) -- D:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- D:\Program Files\Spybot File not found
SRV - (SDScannerService) -- D:\Program Files\Spybot File not found
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV - (PCToolsFirewallPlus) -- D:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (WcesComm) -- D:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- D:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (EagleXNt) -- D:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (catchme) -- D:\Users\JACOBS~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- D:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atikmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (USBModem) -- D:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- D:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- D:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- D:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- D:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- D:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- D:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pctNDIS) -- D:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTAppEvent) -- D:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- D:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- D:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplfw) -- D:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-DNS) -- D:\Windows\System32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsIO) -- D:\Windows\System32\drivers\AsIO.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 20 BF 73 7E 19 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=100486&babsrc=SP_ss&mntrId=04be9d2c0000000000008000600fe800
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: D:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: D:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: D:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\Jacobs Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/06 12:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/05 13:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/05 13:39:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
[2012/01/16 06:28:25 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jacobs Family\AppData\Roaming\Mozilla\Extensions
[2012/08/30 13:26:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jacobs Family\AppData\Roaming\Mozilla\Firefox\Profiles\monq11y0.default\extensions
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/05 12:34:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 13:17:48 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 06:34:40 | 000,002,058 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/12/31 10:45:21 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00PCTFW] D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch PC Probe II] D:\Program Files\ASUS\PC Probe II\Probe2.exe (ASUS)
O4 - HKLM..\Run: [Monitor] D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SDTray] D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BYR_AGENT] D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKCU..\Run: [GoogleDriveSync] D:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KGShareApp] D:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] D:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337AE17F-5C22-4479-9234-0E7582AA9796}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/15 16:43:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 08:58:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Jacobs Family\Desktop\OTL.exe
[2012/12/31 10:47:48 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN
[2012/12/31 10:45:20 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\AppData\Local\temp
[2012/12/31 10:39:55 | 000,000,000 | ---D | C] -- D:\ComboFix
[2012/12/30 22:24:22 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2012/12/30 17:12:45 | 000,000,000 | ---D | C] -- D:\Config.Msi
[2012/12/30 16:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2012/12/30 16:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2012/12/30 16:29:36 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2012/12/30 16:27:33 | 000,000,000 | ---D | C] -- D:\Qoobox
[2012/12/30 16:26:21 | 005,016,388 | R--- | C] (Swearware) -- D:\Users\Jacobs Family\Desktop\ComboFix.exe
[2012/12/28 15:51:20 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\Documents\ProcAlyzer Dumps
[2012/12/28 15:49:22 | 000,000,000 | ---D | C] -- D:\Extracted S&D log
[2012/12/28 15:38:04 | 000,000,000 | ---D | C] -- D:\Windows\Minidump
[2012/12/28 15:21:06 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\Jacobs Family\Desktop\aswMBR.exe
[2012/12/28 15:18:07 | 000,688,992 | R--- | C] (Swearware) -- D:\Users\Jacobs Family\Desktop\dds.scr
[2012/12/28 15:14:23 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2012/12/28 15:13:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/12/28 15:13:57 | 000,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2012/12/28 13:08:16 | 000,000,000 | ---D | C] -- D:\sh4ldr
[2012/12/28 13:08:16 | 000,000,000 | ---D | C] -- D:\Program Files\Enigma Software Group
[2012/12/28 13:07:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Wise Installation Wizard
[2012/12/28 12:27:36 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2012/12/28 11:32:01 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2012/12/28 11:31:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/28 11:31:53 | 000,015,224 | ---- | C] (Safer Networking Limited) -- D:\Windows\System32\sdnclean.exe
[2012/12/28 11:31:51 | 000,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy 2
[2012/12/28 11:30:59 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\AppData\Local\Programs
[2012/12/21 03:00:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2012/12/21 03:00:25 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2012/12/12 03:03:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012/12/12 03:03:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/12/12 03:03:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/12/12 03:03:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/12/12 03:03:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012/12/12 03:03:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/12/12 03:03:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/12/12 03:03:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/12/11 13:33:39 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012/12/11 13:33:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe
[2012/12/11 13:33:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll
[2012/12/11 13:33:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 13:33:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 13:33:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dpnet.dll
[2012/12/11 13:33:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2012/12/08 18:16:09 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\Desktop\Rebates
[2012/12/05 13:39:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/05 13:38:46 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2012/12/05 13:27:09 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2012/12/05 13:25:39 | 000,246,760 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/12/05 13:25:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/12/05 13:25:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/12/05 13:25:09 | 000,093,672 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/01/03 08:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Jacobs Family\Desktop\OTL.exe
[2013/01/03 08:22:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 08:14:00 | 000,000,900 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 04:01:20 | 000,020,512 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 04:01:20 | 000,020,512 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 03:54:09 | 000,000,896 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 03:54:06 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/01/03 03:54:01 | 2610,708,480 | -HS- | M] () -- D:\hiberfil.sys
[2013/01/02 12:07:44 | 000,028,756 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\Asktoolbarupdate.png
[2013/01/02 12:07:05 | 000,024,756 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\WindowsSC.png
[2013/01/02 12:06:30 | 000,039,317 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\Asktoolbar.png
[2012/12/31 10:54:28 | 000,001,424 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\attach.zip
[2012/12/31 10:45:21 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2012/12/31 10:39:22 | 005,016,388 | R--- | M] (Swearware) -- D:\Users\Jacobs Family\Desktop\ComboFix.exe
[2012/12/28 15:48:45 | 000,229,694 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\TeamSpybot-20121228-154844.cab
[2012/12/28 15:46:59 | 000,000,512 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\MBR.dat
[2012/12/28 15:37:55 | 364,728,945 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2012/12/28 15:21:52 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\Jacobs Family\Desktop\aswMBR.exe
[2012/12/28 15:18:10 | 000,688,992 | R--- | M] (Swearware) -- D:\Users\Jacobs Family\Desktop\dds.scr
[2012/12/28 15:17:22 | 000,000,875 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\ERUNT.lnk
[2012/12/28 11:34:33 | 000,000,809 | ---- | M] () -- D:\Users\Jacobs Family\Documents\jacksmith_backup_1.papa
[2012/12/27 04:38:01 | 000,660,280 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/12/27 04:38:01 | 000,121,208 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/12/21 03:17:54 | 000,368,024 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2012/12/11 16:22:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 16:22:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/05 13:24:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
[2012/12/05 13:24:42 | 000,246,760 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/12/05 13:24:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/12/05 13:24:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/12/05 13:24:41 | 000,821,736 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\npdeployJava1.dll
[2012/12/05 13:24:41 | 000,746,984 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\deployJava1.dll
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/01/02 11:54:29 | 000,039,317 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\Asktoolbar.png
[2013/01/02 11:52:55 | 000,024,756 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\WindowsSC.png
[2013/01/02 11:51:35 | 000,028,756 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\Asktoolbarupdate.png
[2012/12/31 10:54:28 | 000,001,424 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\attach.zip
[2012/12/30 16:29:36 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2012/12/30 16:29:36 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2012/12/30 16:29:36 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2012/12/30 16:29:36 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2012/12/30 16:29:36 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2012/12/28 15:48:45 | 000,229,694 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\TeamSpybot-20121228-154844.cab
[2012/12/28 15:46:59 | 000,000,512 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\MBR.dat
[2012/12/28 15:37:55 | 364,728,945 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2012/12/28 15:13:57 | 000,000,875 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\ERUNT.lnk
[2012/12/28 11:34:33 | 000,000,809 | ---- | C] () -- D:\Users\Jacobs Family\Documents\jacksmith_backup_1.papa
[2012/12/28 11:31:57 | 000,002,131 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/19 06:35:05 | 000,024,576 | R--- | C] () -- D:\Windows\System32\AsIO.dll
[2012/09/19 06:35:05 | 000,012,400 | R--- | C] () -- D:\Windows\System32\drivers\AsIO.sys
[2012/09/19 06:35:03 | 000,011,832 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp64.sys
[2012/09/19 06:35:03 | 000,010,216 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp32.sys
[2012/09/19 06:34:30 | 000,001,746 | ---- | C] () -- D:\Windows\Language_trs.ini
[2012/09/19 06:34:29 | 000,024,938 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2012/09/12 19:12:40 | 000,000,065 | ---- | C] () -- D:\Windows\System32\lgAxconfig.ini
[2012/05/07 07:58:35 | 000,000,376 | ---- | C] () -- D:\Windows\ODBC.INI
[2012/04/20 15:14:51 | 000,006,144 | ---- | C] () -- D:\Users\Jacobs Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 09:00:42 | 000,007,605 | ---- | C] () -- D:\Users\Jacobs Family\AppData\Local\Resmon.ResmonCfg
[2012/01/16 07:08:09 | 000,073,220 | ---- | C] () -- D:\Windows\System32\EPPICPrinterDB.dat
[2012/01/16 07:08:09 | 000,031,053 | ---- | C] () -- D:\Windows\System32\EPPICPattern131.dat
[2012/01/16 07:08:09 | 000,029,114 | ---- | C] () -- D:\Windows\System32\EPPICPattern1.dat
[2012/01/16 07:08:09 | 000,027,417 | ---- | C] () -- D:\Windows\System32\EPPICPattern121.dat
[2012/01/16 07:08:09 | 000,021,021 | ---- | C] () -- D:\Windows\System32\EPPICPattern3.dat
[2012/01/16 07:08:09 | 000,015,670 | ---- | C] () -- D:\Windows\System32\EPPICPattern5.dat
[2012/01/16 07:08:09 | 000,013,280 | ---- | C] () -- D:\Windows\System32\EPPICPattern2.dat
[2012/01/16 07:08:09 | 000,010,673 | ---- | C] () -- D:\Windows\System32\EPPICPattern4.dat
[2012/01/16 07:08:09 | 000,004,943 | ---- | C] () -- D:\Windows\System32\EPPICPattern6.dat
[2012/01/16 07:08:09 | 000,001,140 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_PT.dat
[2012/01/16 07:08:09 | 000,001,140 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_BP.dat
[2012/01/16 07:08:09 | 000,001,137 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_ES.dat
[2012/01/16 07:08:09 | 000,001,130 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_FR.dat
[2012/01/16 07:08:09 | 000,001,130 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_CF.dat
[2012/01/16 07:08:09 | 000,001,104 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_EN.dat
[2012/01/16 07:08:09 | 000,000,097 | ---- | C] () -- D:\Windows\System32\PICSDK.ini
[2012/01/15 22:45:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- D:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
========== ZeroAccess Check ==========
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:886133E1
@Alternate Data Stream - 107 bytes -> D:\ProgramData\TEMP:C31F31E6
< End of report >
Tntjacobs
2013-01-03, 16:16
OTL Extras logfile created on: 1/3/2013 8:59:56 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Jacobs Family\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.24 Gb Available Physical Memory | 69.18% Memory free
6.48 Gb Paging File | 5.23 Gb Available in Paging File | 80.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 292.97 Gb Total Space | 276.81 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive D: | 303.20 Gb Total Space | 238.25 Gb Free Space | 78.58% Space Free | Partition Type: NTFS
Computer Name: JACOBSFAMILY-PC | User Name: Jacobs Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- D:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"D:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = D:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00CFC2AA-2412-499B-BC47-BF527F88742D}" = lport=445 | protocol=6 | dir=in | app=system |
"{15F57848-99CF-41EB-B49D-4C460429BA75}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{162FC580-BAE5-4DEC-9738-112622DEE2CB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19482705-81AF-498F-9724-5AC43F77F9CD}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{1EA8DA78-9DE2-455D-8EB0-6506ACD022DD}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{201D71F2-6192-43F6-958C-E5B94D0B419F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{253C9735-78B2-4D46-8D88-72C3963152BA}" = lport=137 | protocol=17 | dir=in | app=system |
"{2C2C64FC-196A-43CB-824A-0949D09103ED}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2DD38F2F-6EE7-4317-A637-C023DCD99929}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2FC409F3-4751-4E1A-8A84-7F9F80E18FB1}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3211F144-924D-4B0B-9C45-CC6F58494222}" = lport=139 | protocol=6 | dir=in | app=system |
"{4DE1E04A-EC3D-4F17-B8FA-525C58E21A4C}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=d:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{552FA0E5-5D74-4CAD-B78E-6496920A839E}" = rport=138 | protocol=17 | dir=out | app=system |
"{56AB1F99-9015-4283-A5BE-C6D5F0B4BCC1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5E6D9476-FBBA-429F-B326-025D73A5FF10}" = rport=445 | protocol=6 | dir=out | app=system |
"{62996014-3CE6-4BF7-9652-E0A6244ADF73}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{649ACFBD-E628-4DA3-9AA2-0F4DA5558201}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{6A0298D9-D104-4112-AE1A-25E6853A41AF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7A3EAD7E-78CE-4DE9-80AE-E058BA75D676}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DEE6985-7659-4D4F-9CE0-A94405430DEF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{87DF6829-62C0-46CB-A22C-B162858C17A0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{889B2CDD-BE84-4AB0-B5E9-22DC13A54D56}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CAD5D71-0771-4327-98DA-D3F9FDBE16F0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{922F7A29-827D-43D2-AB63-4AB56E798235}" = rport=139 | protocol=6 | dir=out | app=system |
"{9C9E0A4C-B4B1-4CF6-AC1D-766B49902F52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B049EEC7-F4F6-4A73-8ECE-2B645C25D113}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B40FB1B2-01BB-411A-8522-BCA362A4100E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E88BE333-535F-442F-8616-A4552D56EE20}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F0C286F2-FEE7-4DC6-9E83-F40E772915F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4372234-4975-49B6-BE86-D536714FDD42}" = lport=138 | protocol=17 | dir=in | app=system |
"{FA1201B6-D38C-4771-A504-482DC3E9D1C4}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{054B4659-ACE4-4FE2-846C-B2F6A54CD67D}" = protocol=6 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{0CF39F50-DF71-47F0-86F4-EDB683DF078F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{12C3C265-6AC5-45B3-9961-4A6E191FB3BB}" = protocol=17 | dir=in | app=d:\nexon\combat arms\nmservice.exe |
"{18CEBB7B-0A53-4B70-9040-268FA037F99F}" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{1FF54B49-371F-4886-A310-C18D747DF690}" = protocol=17 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_dx9.exe |
"{2119F807-CAF8-4558-9D63-09701F605C4E}" = protocol=17 | dir=in | app=d:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{33B2A780-A597-4CB1-A01A-C4B8BAC7E56C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{35975CD6-FD55-4D2A-9029-613DC1851907}" = protocol=6 | dir=in | app=d:\programdata\nexonus\ngm\ngm.exe |
"{3E1724B9-A53A-4E2E-A312-27F3146EB82D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{409CC2A0-E97B-4123-8666-4163B68BDF1C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{40D1F694-94A6-4D08-BFE3-486B9CE641BB}" = dir=in | app=d:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{46267F49-6E98-4123-981E-8650F4A17D5D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4B476D90-8451-47E1-B84D-25D6F5FBF73C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{50919840-5EA6-4185-89E4-5F6F163088E2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5DFA950C-E6C9-45C0-9731-BB7DA56148B8}" = protocol=17 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{61395F92-79D2-4261-AFDA-5A88BEFC272D}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{646CE8FD-E9DF-44EB-8B80-FFE3A39701EE}" = dir=in | app=d:\program files\cyberlink\powerdirector10\pdr10.exe |
"{661CAEE4-2172-4B80-8278-8002D53B313F}" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars empire at war\gamedata\sweaw.exe |
"{66242176-518F-437C-82D9-3878054BF209}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70C7DAC3-5AA0-4638-813C-8F464A645D05}" = protocol=6 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{70D1654F-86A7-425F-9E8B-2B64F66B03D3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70E7138C-45A0-4CA9-BB70-FCDE226C90E9}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7C471DEE-19F0-448A-BBA8-765A1558727A}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{7DC4ECE0-A222-400A-8114-F5066E373357}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{816C8B83-C737-4B0C-AA8A-B802F1EA7676}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8170E706-635C-47E9-B70F-F8DEBEB31408}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{81B9658D-0956-4C75-A6D3-13FFB3FA87B3}" = protocol=6 | dir=out | app=system |
"{898A8EC5-CF4A-4056-9D46-834EB3B8CC6D}" = protocol=6 | dir=in | app=d:\nexon\combat arms\nmservice.exe |
"{98356309-7682-4674-AB9E-8D144A4ABC17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A2F7D498-53F5-4722-A55D-BE14B1CAFC4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACC0B90F-16E7-480A-91C5-6DF867D56041}" = protocol=17 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{ADEB5BDA-83E4-4F77-97B5-E102580F56C8}" = dir=in | app=d:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{BB8F0E87-D4E9-4789-A85F-7472C27D19F0}" = protocol=6 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_launcher.exe |
"{BBF04E1A-D3F2-4075-862F-84B91475F46D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BCE9B3BD-B7C0-4853-95DC-A86C0C4887C0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4D7DD99-D560-46C3-8BFA-25019923A6F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBB73D6D-81AB-4C87-BDA9-86C5651495ED}" = protocol=6 | dir=in | app=d:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D0C6C422-BE34-4656-81F6-1319D68D3AE9}" = protocol=6 | dir=in | app=d:\program files\steam\steam.exe |
"{DF29FB3C-FCDB-4166-93A4-EF91A8DB510C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E1133876-6BC3-4D06-B48D-D556DF8472B5}" = dir=in | app=d:\program files\itunes\itunes.exe |
"{E4000E7D-77B3-4FCB-A4F8-7CE1713A9320}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E76924B8-D667-4FA0-8219-58E6E152A3FA}" = protocol=17 | dir=in | app=d:\programdata\nexonus\ngm\ngm.exe |
"{E9BD8E5B-3151-4DDB-AEB1-F3C35144B25E}" = protocol=17 | dir=in | app=d:\program files\ubisoft\assassin's creed\assassinscreed_dx10.exe |
"{F8CB7132-116F-49E5-ADBB-092D31DF1DAE}" = protocol=6 | dir=in | app=d:\program files\lucasarts\star wars empire at war forces of corruption\swfoc.exe |
"{FE6241C4-6A35-484B-995B-00E0F12B32CD}" = protocol=17 | dir=in | app=d:\program files\steam\steam.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive
"{16B2498C-C6C1-4AE7-95EF-D2A09F50071C}" = KODAK Share Button App
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 37
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{55251924-B51C-4E66-8199-5258672518C5}" = Epocrates Essentials for Pocket PC
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885DBC42-4BCC-4A7E-9F2B-64B25E02E926}" = LG Verizon United Drivers
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{992C016C-CA8F-4D13-ABAB-D24A481C102B}" = LeapFrog Leapster2 Plugin
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F06365EC-061E-48C3-B761-E1816658D618}" = 3DVIA player 5.0.0.20
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"3D970B9F930E7AAE23C06D39A1AC98548C90B442" = Windows Driver Package - Eastman Kodak KODAK Digital Camera (01/29/2010 1.4.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Any Video Converter_is1" = Any Video Converter 3.3.9
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.5
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"EPSON NX300 Series" = EPSON NX300 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"LAME_is1" = LAME v3.99.3 (for Windows)
"Leapster2Plugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster2 Plugin)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Art Effects for PDR10" = Art Effects for PDR10
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"RealPlayer 15.0" = RealPlayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"UPCShell" = LeapFrog Connect
"Voice Notes Recorder" = Voice Notes Recorder for Pocket PC 2003
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/27/2012 6:33:31 AM | Computer Name = JacobsFamily-PC | Source = WinMgmt | ID = 10
Description =
Error - 12/27/2012 7:04:48 AM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/28/2012 4:09:44 AM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/31/2012 12:02:36 AM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/31/2012 5:34:00 PM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 12/31/2012 10:53:08 PM | Computer Name = JacobsFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.6.3837.2778,
time stamp: 0x509418e4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00070053 Faulting
process id: 0xd10 Faulting application start time: 0x01cde78e5779ce9d Faulting application
path: D:\Program Files\Google\Drive\googledrivesync.exe Faulting module path: D:\Windows\SYSTEM32\ntdll.dll
Report
Id: 5edeb761-53be-11e2-934e-90e6ba12479b
Error - 1/2/2013 2:31:59 AM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 1/2/2013 6:52:54 AM | Computer Name = JacobsFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.6.3837.2778,
time stamp: 0x509418e4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00070053 Faulting
process id: 0xd14 Faulting application start time: 0x01cde83e6c87d096 Faulting application
path: D:\Program Files\Google\Drive\googledrivesync.exe Faulting module path: D:\Windows\SYSTEM32\ntdll.dll
Report
Id: 8ece412c-54ca-11e2-8e8e-90e6ba12479b
Error - 1/3/2013 1:34:10 AM | Computer Name = JacobsFamily-PC | Source = Application Error | ID = 1000
Description = Faulting application name: googledrivesync.exe, version: 1.6.3837.2778,
time stamp: 0x509418e4 Faulting module name: ntdll.dll, version: 6.1.7601.17725,
time stamp: 0x4ec49b60 Exception code: 0xc0000005 Fault offset: 0x00070053 Faulting
process id: 0x600 Faulting application start time: 0x01cde8e15ebe44f1 Faulting application
path: D:\Program Files\Google\Drive\googledrivesync.exe Faulting module path: D:\Windows\SYSTEM32\ntdll.dll
Report
Id: 32c682ba-5567-11e2-ba35-90e6ba12479b
Error - 1/3/2013 2:31:51 AM | Computer Name = JacobsFamily-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "d:\program files\cyberlink\powerdirector10\muitransfer\MUIStartMenuX64.exe".
Dependent
Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
[ Media Center Events ]
Error - 2/23/2012 6:37:15 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 4:37:15 PM - Error connecting to the internet. 4:37:15 PM - Unable
to contact server..
Error - 2/23/2012 6:37:25 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 4:37:20 PM - Error connecting to the internet. 4:37:20 PM - Unable
to contact server..
Error - 2/23/2012 7:37:45 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 5:37:45 PM - Error connecting to the internet. 5:37:45 PM - Unable
to contact server..
Error - 2/23/2012 7:37:53 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 5:37:50 PM - Error connecting to the internet. 5:37:50 PM - Unable
to contact server..
Error - 2/23/2012 8:38:12 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 6:38:12 PM - Error connecting to the internet. 6:38:12 PM - Unable
to contact server..
Error - 2/23/2012 8:38:17 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 6:38:17 PM - Error connecting to the internet. 6:38:17 PM - Unable
to contact server..
Error - 2/23/2012 9:38:35 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 7:38:35 PM - Error connecting to the internet. 7:38:35 PM - Unable
to contact server..
Error - 2/23/2012 9:38:41 PM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 7:38:41 PM - Error connecting to the internet. 7:38:41 PM - Unable
to contact server..
Error - 3/13/2012 6:25:08 AM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 5:25:04 AM - Error connecting to the internet. 5:25:04 AM - Unable
to contact server..
Error - 3/13/2012 7:25:26 AM | Computer Name = JacobsFamily-PC | Source = MCUpdate | ID = 0
Description = 6:25:25 AM - Error connecting to the internet. 6:25:25 AM - Unable
to contact server..
[ Spybot - Search and Destroy Events ]
Error - 12/28/2012 1:56:12 PM | Computer Name = JacobsFamily-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 1/3/2013 9:01:20 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:01:50 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:02:20 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:02:50 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:03:20 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:03:50 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:04:20 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:04:50 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 9:14:37 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
Error - 1/3/2013 11:02:07 AM | Computer Name = JacobsFamily-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Management Instrumentation service terminated with the
following error: %%126
< End of report >
Hi,
Click start-> type cmd.exe, right-click Command Prompt item + select 'run as administrator'. Type the following two commands (press ENTER after each one) in the command prompt window:
regsvr32 wmisvc.dll
net start winmgmt
Let's run OTL.
Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=100486&babsrc=SP_ss&mntrId=04be9d2c0000000000008000600fe800
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
:Commands
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log
Tntjacobs
2013-01-04, 00:36
Windows security is now working. Had error when running winmgmt. Attached as jpeg. This is the notepad that opened after OTL ran. Did I need to do a scan again with OTL?
All processes killed
========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jacobs Family
->Temp folder emptied: 102502396 bytes
->Temporary Internet Files folder emptied: 32757993 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 425837094 bytes
->Apple Safari cache emptied: 109554688 bytes
->Flash cache emptied: 14316 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1279538 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10424 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 641.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01032013_162934
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Tntjacobs
2013-01-04, 00:44
Just in case here is the log after a new OTL scan.
OTL logfile created on: 1/3/2013 5:37:26 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Users\Jacobs Family\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.24 Gb Total Physical Memory | 2.18 Gb Available Physical Memory | 67.11% Memory free
6.48 Gb Paging File | 5.17 Gb Available in Paging File | 79.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 292.97 Gb Total Space | 276.81 Gb Free Space | 94.48% Space Free | Partition Type: NTFS
Drive D: | 303.20 Gb Total Space | 238.86 Gb Free Space | 78.78% Space Free | Partition Type: NTFS
Computer Name: JACOBSFAMILY-PC | User Name: Jacobs Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\Users\Jacobs Family\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
PRC - D:\Program Files\Steam\steam.exe (Valve Corporation)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - D:\Program Files\Google\Drive\googledrivesync.exe (Google)
PRC - D:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - D:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - D:\Program Files\Kodak\KODAK Share Button App\Listener.exe (Eastman Kodak Company)
PRC - D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - D:\Windows\System32\atieclxx.exe (AMD)
PRC - D:\Windows\System32\atiesrxx.exe (AMD)
PRC - D:\Windows\explorer.exe (Microsoft Corporation)
PRC - D:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
PRC - D:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
PRC - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
PRC - D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._core_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._controls_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\windows._cacheinvalidation.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._windows_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._gdi_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._misc_.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\_ssl.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\unicodedata.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\pysqlite2._sqlite.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\pythoncom26.dll ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\_hashlib.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32com.shell.shell.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\pyexpat.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._wizard.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32file.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32security.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\PyWinTypes26.dll ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32api.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\_elementtree.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\_ctypes.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\wx._html2.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\_socket.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32inet.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32process.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32ts.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32pdh.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32profile.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32event.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\win32crypt.pyd ()
MOD - D:\Users\Jacobs Family\AppData\Local\temp\_MEI38362\select.pyd ()
MOD - D:\Program Files\Steam\sdl.dll ()
MOD - D:\Program Files\Steam\bin\libcef.dll ()
MOD - D:\Program Files\Steam\bin\avcodec-53.dll ()
MOD - D:\Program Files\Steam\bin\chromehtml.dll ()
MOD - D:\Program Files\Steam\bin\avformat-53.dll ()
MOD - D:\Program Files\Steam\bin\avutil-51.dll ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - D:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - D:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - D:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - D:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
========== Services (SafeList) ==========
SRV - (SDWSCService) -- D:\Program Files\Spybot File not found
SRV - (SDUpdateService) -- D:\Program Files\Spybot File not found
SRV - (SDScannerService) -- D:\Program Files\Spybot File not found
SRV - (Steam Client Service) -- D:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- D:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- D:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (LeapFrog Connect Device Service) -- D:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (AMD External Events Utility) -- D:\Windows\System32\atiesrxx.exe (AMD)
SRV - (PCToolsFirewallPlus) -- D:\Program Files\PC Tools Firewall Plus\FWService.exe (PC Tools)
SRV - (StorSvc) -- D:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- D:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- D:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- D:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (WcesComm) -- D:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- D:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) -- D:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV - (EagleXNt) -- D:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (catchme) -- D:\Users\JACOBS~1\AppData\Local\Temp\catchme.sys File not found
DRV - (avipbb) -- D:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- D:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- D:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (atikmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- D:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- D:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (USBModem) -- D:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- D:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- D:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (TsUsbFlt) -- D:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- D:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (dmvsc) -- D:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- D:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- D:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- D:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- D:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (VMBusHID) -- D:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- D:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (ssmdrv) -- D:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (pctNDIS) -- D:\Windows\System32\drivers\pctNdis.sys (PC Tools)
DRV - (PCTAppEvent) -- D:\Windows\System32\drivers\PCTAppEvent.sys (PC Tools)
DRV - (PCTFW-PacketFilter) -- D:\Windows\System32\drivers\pctNdis-PacketFilter.sys (PC Tools)
DRV - (pctgntdi) -- D:\Windows\System32\drivers\pctgntdi.sys (PC Tools)
DRV - (pctplfw) -- D:\Windows\System32\drivers\pctplfw.sys (PC Tools)
DRV - (PCTFW-DNS) -- D:\Windows\System32\drivers\pctNdis-DNS.sys (PC Tools)
DRV - (MTsensor) -- D:\Windows\System32\drivers\ASACPI.sys ()
DRV - (AsIO) -- D:\Windows\System32\drivers\AsIO.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 20 BF 73 7E 19 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0037-ABCDEFFEDCBA%7D:6.0.37
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: D:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: D:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: D:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: D:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: D:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: D:\Users\Jacobs Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/06 12:55:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/05 13:39:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2012/12/05 13:39:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins
[2012/01/16 06:28:25 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jacobs Family\AppData\Roaming\Mozilla\Extensions
[2012/08/30 13:26:28 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Jacobs Family\AppData\Roaming\Mozilla\Firefox\Profiles\monq11y0.default\extensions
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/21 16:51:02 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/12/05 12:34:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- D:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 13:17:48 | 000,002,465 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 06:34:40 | 000,002,058 | ---- | M] () -- D:\Program Files\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2012/12/31 10:45:21 | 000,000,027 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [00PCTFW] D:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Launch PC Probe II] D:\Program Files\ASUS\PC Probe II\Probe2.exe (ASUS)
O4 - HKLM..\Run: [Monitor] D:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [SDTray] D:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] D:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [BYR_AGENT] D:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKCU..\Run: [GoogleDriveSync] D:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KGShareApp] D:\Program Files\Kodak\KODAK Share Button App\KGShare_App.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] D:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] D:\Program Files\Steam\steam.exe (Valve Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @D:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @D:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337AE17F-5C22-4479-9234-0E7582AA9796}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\Windows\system32\userinit.exe) - D:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/15 16:43:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/10 15:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/03 16:29:34 | 000,000,000 | ---D | C] -- D:\_OTL
[2013/01/03 08:58:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Users\Jacobs Family\Desktop\OTL.exe
[2012/12/31 10:47:48 | 000,000,000 | ---D | C] -- D:\$RECYCLE.BIN
[2012/12/31 10:45:20 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\AppData\Local\temp
[2012/12/31 10:39:55 | 000,000,000 | ---D | C] -- D:\ComboFix
[2012/12/30 22:24:22 | 000,000,000 | ---D | C] -- D:\Program Files\ESET
[2012/12/30 17:12:45 | 000,000,000 | ---D | C] -- D:\Config.Msi
[2012/12/30 16:29:36 | 000,518,144 | ---- | C] (SteelWerX) -- D:\Windows\SWREG.exe
[2012/12/30 16:29:36 | 000,406,528 | ---- | C] (SteelWerX) -- D:\Windows\SWSC.exe
[2012/12/30 16:29:36 | 000,060,416 | ---- | C] (NirSoft) -- D:\Windows\NIRCMD.exe
[2012/12/30 16:27:33 | 000,000,000 | ---D | C] -- D:\Qoobox
[2012/12/30 16:26:21 | 005,016,388 | R--- | C] (Swearware) -- D:\Users\Jacobs Family\Desktop\ComboFix.exe
[2012/12/28 15:51:20 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\Documents\ProcAlyzer Dumps
[2012/12/28 15:49:22 | 000,000,000 | ---D | C] -- D:\Extracted S&D log
[2012/12/28 15:38:04 | 000,000,000 | ---D | C] -- D:\Windows\Minidump
[2012/12/28 15:21:06 | 004,732,416 | ---- | C] (AVAST Software) -- D:\Users\Jacobs Family\Desktop\aswMBR.exe
[2012/12/28 15:18:07 | 000,688,992 | R--- | C] (Swearware) -- D:\Users\Jacobs Family\Desktop\dds.scr
[2012/12/28 15:14:23 | 000,000,000 | ---D | C] -- D:\Windows\ERDNT
[2012/12/28 15:13:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/12/28 15:13:57 | 000,000,000 | ---D | C] -- D:\Program Files\ERUNT
[2012/12/28 13:08:16 | 000,000,000 | ---D | C] -- D:\sh4ldr
[2012/12/28 13:08:16 | 000,000,000 | ---D | C] -- D:\Program Files\Enigma Software Group
[2012/12/28 13:07:55 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Wise Installation Wizard
[2012/12/28 12:27:36 | 000,000,000 | ---D | C] -- D:\Windows\pss
[2012/12/28 11:32:01 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2012/12/28 11:31:57 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/28 11:31:53 | 000,015,224 | ---- | C] (Safer Networking Limited) -- D:\Windows\System32\sdnclean.exe
[2012/12/28 11:31:51 | 000,000,000 | ---D | C] -- D:\Program Files\Spybot - Search & Destroy 2
[2012/12/28 11:30:59 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\AppData\Local\Programs
[2012/12/21 03:00:25 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2012/12/21 03:00:25 | 000,034,304 | ---- | C] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2012/12/12 03:03:07 | 002,382,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb
[2012/12/12 03:03:06 | 000,607,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/12/12 03:03:06 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/12/12 03:03:06 | 000,142,848 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2012/12/12 03:03:06 | 000,065,024 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll
[2012/12/12 03:03:05 | 001,800,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2012/12/12 03:03:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2012/12/12 03:03:05 | 000,231,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/12/11 13:33:39 | 002,345,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32k.sys
[2012/12/11 13:33:36 | 000,271,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\conhost.exe
[2012/12/11 13:33:36 | 000,169,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\winsrv.dll
[2012/12/11 13:33:36 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012/12/11 13:33:36 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/11 13:33:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/11 13:33:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- D:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012/12/11 13:33:33 | 000,376,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dpnet.dll
[2012/12/11 13:33:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tzres.dll
[2012/12/08 18:16:09 | 000,000,000 | ---D | C] -- D:\Users\Jacobs Family\Desktop\Rebates
[2012/12/05 13:39:10 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/12/05 13:38:46 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2012/12/05 13:27:09 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2012/12/05 13:25:39 | 000,246,760 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/12/05 13:25:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/12/05 13:25:09 | 000,174,056 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/12/05 13:25:09 | 000,093,672 | ---- | C] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
========== Files - Modified Within 30 Days ==========
[2013/01/03 17:36:19 | 000,020,512 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 17:36:19 | 000,020,512 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/03 17:35:05 | 000,660,280 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/01/03 17:35:05 | 000,121,208 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/01/03 17:29:08 | 000,000,896 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/03 17:29:06 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/01/03 17:29:01 | 2610,708,480 | -HS- | M] () -- D:\hiberfil.sys
[2013/01/03 17:22:00 | 000,000,830 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/03 17:14:00 | 000,000,900 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/03 08:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Users\Jacobs Family\Desktop\OTL.exe
[2012/12/31 10:54:28 | 000,001,424 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\attach.zip
[2012/12/31 10:45:21 | 000,000,027 | ---- | M] () -- D:\Windows\System32\drivers\etc\hosts
[2012/12/31 10:39:22 | 005,016,388 | R--- | M] (Swearware) -- D:\Users\Jacobs Family\Desktop\ComboFix.exe
[2012/12/28 15:48:45 | 000,229,694 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\TeamSpybot-20121228-154844.cab
[2012/12/28 15:46:59 | 000,000,512 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\MBR.dat
[2012/12/28 15:37:55 | 364,728,945 | ---- | M] () -- D:\Windows\MEMORY.DMP
[2012/12/28 15:21:52 | 004,732,416 | ---- | M] (AVAST Software) -- D:\Users\Jacobs Family\Desktop\aswMBR.exe
[2012/12/28 15:18:10 | 000,688,992 | R--- | M] (Swearware) -- D:\Users\Jacobs Family\Desktop\dds.scr
[2012/12/28 15:17:22 | 000,000,875 | ---- | M] () -- D:\Users\Jacobs Family\Desktop\ERUNT.lnk
[2012/12/28 11:34:33 | 000,000,809 | ---- | M] () -- D:\Users\Jacobs Family\Documents\jacksmith_backup_1.papa
[2012/12/21 03:17:54 | 000,368,024 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- D:\Windows\System32\atmlib.dll
[2012/12/11 16:22:43 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2012/12/11 16:22:43 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/12/05 13:24:43 | 000,093,672 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\WindowsAccessBridge.dll
[2012/12/05 13:24:42 | 000,246,760 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaws.exe
[2012/12/05 13:24:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\javaw.exe
[2012/12/05 13:24:42 | 000,174,056 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\java.exe
[2012/12/05 13:24:41 | 000,821,736 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\npdeployJava1.dll
[2012/12/05 13:24:41 | 000,746,984 | ---- | M] (Oracle Corporation) -- D:\Windows\System32\deployJava1.dll
========== Files Created - No Company Name ==========
[2012/12/31 10:54:28 | 000,001,424 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\attach.zip
[2012/12/30 16:29:36 | 000,256,000 | ---- | C] () -- D:\Windows\PEV.exe
[2012/12/30 16:29:36 | 000,208,896 | ---- | C] () -- D:\Windows\MBR.exe
[2012/12/30 16:29:36 | 000,098,816 | ---- | C] () -- D:\Windows\sed.exe
[2012/12/30 16:29:36 | 000,080,412 | ---- | C] () -- D:\Windows\grep.exe
[2012/12/30 16:29:36 | 000,068,096 | ---- | C] () -- D:\Windows\zip.exe
[2012/12/28 15:48:45 | 000,229,694 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\TeamSpybot-20121228-154844.cab
[2012/12/28 15:46:59 | 000,000,512 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\MBR.dat
[2012/12/28 15:37:55 | 364,728,945 | ---- | C] () -- D:\Windows\MEMORY.DMP
[2012/12/28 15:13:57 | 000,000,875 | ---- | C] () -- D:\Users\Jacobs Family\Desktop\ERUNT.lnk
[2012/12/28 11:34:33 | 000,000,809 | ---- | C] () -- D:\Users\Jacobs Family\Documents\jacksmith_backup_1.papa
[2012/12/28 11:31:57 | 000,002,131 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/09/19 06:35:05 | 000,024,576 | R--- | C] () -- D:\Windows\System32\AsIO.dll
[2012/09/19 06:35:05 | 000,012,400 | R--- | C] () -- D:\Windows\System32\drivers\AsIO.sys
[2012/09/19 06:35:03 | 000,011,832 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp64.sys
[2012/09/19 06:35:03 | 000,010,216 | ---- | C] () -- D:\Windows\System32\drivers\AsInsHelp32.sys
[2012/09/19 06:34:30 | 000,001,746 | ---- | C] () -- D:\Windows\Language_trs.ini
[2012/09/19 06:34:29 | 000,024,938 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2012/09/12 19:12:40 | 000,000,065 | ---- | C] () -- D:\Windows\System32\lgAxconfig.ini
[2012/05/07 07:58:35 | 000,000,376 | ---- | C] () -- D:\Windows\ODBC.INI
[2012/04/20 15:14:51 | 000,006,144 | ---- | C] () -- D:\Users\Jacobs Family\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/08 09:00:42 | 000,007,605 | ---- | C] () -- D:\Users\Jacobs Family\AppData\Local\Resmon.ResmonCfg
[2012/01/16 07:08:09 | 000,073,220 | ---- | C] () -- D:\Windows\System32\EPPICPrinterDB.dat
[2012/01/16 07:08:09 | 000,031,053 | ---- | C] () -- D:\Windows\System32\EPPICPattern131.dat
[2012/01/16 07:08:09 | 000,029,114 | ---- | C] () -- D:\Windows\System32\EPPICPattern1.dat
[2012/01/16 07:08:09 | 000,027,417 | ---- | C] () -- D:\Windows\System32\EPPICPattern121.dat
[2012/01/16 07:08:09 | 000,021,021 | ---- | C] () -- D:\Windows\System32\EPPICPattern3.dat
[2012/01/16 07:08:09 | 000,015,670 | ---- | C] () -- D:\Windows\System32\EPPICPattern5.dat
[2012/01/16 07:08:09 | 000,013,280 | ---- | C] () -- D:\Windows\System32\EPPICPattern2.dat
[2012/01/16 07:08:09 | 000,010,673 | ---- | C] () -- D:\Windows\System32\EPPICPattern4.dat
[2012/01/16 07:08:09 | 000,004,943 | ---- | C] () -- D:\Windows\System32\EPPICPattern6.dat
[2012/01/16 07:08:09 | 000,001,140 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_PT.dat
[2012/01/16 07:08:09 | 000,001,140 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_BP.dat
[2012/01/16 07:08:09 | 000,001,137 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_ES.dat
[2012/01/16 07:08:09 | 000,001,130 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_FR.dat
[2012/01/16 07:08:09 | 000,001,130 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_CF.dat
[2012/01/16 07:08:09 | 000,001,104 | ---- | C] () -- D:\Windows\System32\EPPICPresetData_EN.dat
[2012/01/16 07:08:09 | 000,000,097 | ---- | C] () -- D:\Windows\System32\PICSDK.ini
[2012/01/15 22:45:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll
[2011/04/20 01:21:02 | 000,037,376 | ---- | C] () -- D:\Windows\System32\atitmpxx.dll
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- D:\Windows\System32\atipblag.dat
[2011/02/28 21:30:06 | 000,233,012 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat
========== ZeroAccess Check ==========
[2009/07/13 22:42:31 | 000,000,227 | RHS- | M] () -- D:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 15:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 19:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:886133E1
@Alternate Data Stream - 107 bytes -> D:\ProgramData\TEMP:C31F31E6
< End of report >
Hi,
Please see if Windows Management Instrumentation service is running by doing this:
click start->type services.msc and press enter.
verify that above mentioned service has status started.
Also, please see if Ask Toolbar uninstall works now.
Tntjacobs
2013-01-04, 14:47
Yes, Windows Management Instrumentation is started. Ask toolbar did uninstall. the Ask toolbar updater still has the same error as before.
Tyson
Hi,
Please try instructions here (http://asksupport.custhelp.com/app/answers/detail/a_id/2908) for uninstalling Ask Toolbar.
Tntjacobs
2013-01-06, 22:24
It came up "Toolbar not found" when running it. Just to be clear, I do not see the ask toolbar anywhere except that updater in the uninstall list.
Thanks
Tyson
Hi,
Let's see if Revo Uninstaller (http://revouninstaller.com/) helps.
Tntjacobs
2013-01-08, 15:42
Ok when I tried to delete it the first (revo1) message came up. I then did a scan and the second (revo2) message came up. I did not delete any of the registry keys yet. What do you think about just deleting these registry keys and removing the file from the programs list in the control panel?
Thanks
Tyson
Tntjacobs
2013-01-08, 15:43
Oops, forgot to attach the screen shots. Here ya go.
Tntjacobs
2013-01-09, 16:13
That did it. I think we are golden. I greatly appreciate all of your time.
Tyson
Great! Let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
Then time to uninstall OTL:
Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Tntjacobs
2013-01-10, 15:46
All is done. PSI seems to be hanging up on Mozilla 17.x and ACD See 5.x but it did update them it just keeps saying examining. No big deal though.
Thank you again, I greatly appreciate your time.
Tyson
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.