View Full Version : smartresult.org hijack
josie869
2013-03-29, 00:37
ran spybot and malware bytes still redirecting my google results once I click on a result
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.5.1
Run by Kathy at 18:45:32 on 2013-03-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.3423 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Dell Support Center\uaclauncher.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120628080236.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Kathy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: NameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C} : DHCPNameServer = 167.206.245.129 167.206.245.130
TCP: Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}\4656661657C647 : DHCPNameServer = 192.168.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120628080236.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41:55&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\PROGRA~2\mcafee\msc\npMcSnFFPl.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; C:\Program Files (x86)\McAfee\SiteAdvisor
FF - ExtSQL: 2013-03-28 18:41; avg@toolbar; C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 340216]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-9 55856]
R1 avgtp;avgtp;C:\windows\System32\drivers\avgtpx64.sys [2013-3-28 39768]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-9 89600]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-9 187912]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-9 13336]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-3-26 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-3-26 682344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-9 241456]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-9 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-12-9 182752]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2012-10-31 519920]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-3-25 1103392]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-3-25 1369624]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-3-25 168384]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-9 1692480]
R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\System32\drivers\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-9 2655768]
R2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-3-28 990896]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 70112]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-12-9 176096]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-9 317440]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-3-26 24176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309840]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515968]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-9 406632]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tihub3;TI USB3 Hub Service;C:\windows\System32\drivers\tihub3.sys [2011-7-20 136000]
R3 tixhci;TI XHCI Service;C:\windows\System32\drivers\tixhci.sys [2011-7-20 406336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-25 196440]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-9 224704]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106552]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-9 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-25 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-03-28 22:42:40 -------- d-----w- C:\Users\Kathy\AppData\Local\WinZip
2013-03-28 22:42:01 -------- d-----w- C:\Users\Kathy\AppData\Local\AVG SafeGuard toolbar
2013-03-28 22:41:59 -------- d-----w- C:\ProgramData\AVG SafeGuard toolbar
2013-03-28 22:41:53 39768 ----a-w- C:\windows\System32\drivers\avgtpx64.sys
2013-03-28 22:41:47 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2013-03-28 22:41:47 -------- d-----w- C:\Program Files (x86)\AVG SafeGuard toolbar
2013-03-28 22:11:38 20480 ----a-w- C:\windows\svchost.exe
2013-03-26 23:23:20 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22:41 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-26 23:22:38 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-03-26 23:22:38 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-26 00:30:46 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys
2013-03-25 23:25:22 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2013-03-25 23:25:14 17272 ----a-w- C:\windows\System32\sdnclean64.exe
2013-03-25 23:25:09 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23:58 -------- d-----w- C:\Users\Kathy\AppData\Local\Programs
2013-03-24 15:12:29 -------- d-----w- C:\ProgramData\SugarGames
2013-03-16 14:42:51 -------- d-----w- C:\Users\Kathy\AppData\Local\Sonic
2013-03-16 00:31:14 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-03-16 00:31:13 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28:59 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2013-03-13 10:42:54 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40:59 -------- d-----w- C:\ProgramData\Meridian93
2013-03-03 15:08:58 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58:59 -------- d-----w- C:\Users\Kathy\AppData\Roaming\Brunhilda_bfg
.
==================== Find3M ====================
.
2013-03-13 02:41:18 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 02:41:18 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-02-19 18:59:06 70112 ----a-w- C:\windows\System32\drivers\cfwids.sys
2013-02-19 18:56:26 340216 ----a-w- C:\windows\System32\drivers\mfewfpk.sys
2013-02-19 18:56:14 182752 ----a-w- C:\windows\System32\mfevtps.exe
2013-02-19 18:55:26 10728 ----a-w- C:\windows\System32\drivers\mfeclnk.sys
2013-02-19 18:55:14 106552 ----a-w- C:\windows\System32\drivers\mferkdet.sys
2013-02-19 18:54:32 771536 ----a-w- C:\windows\System32\drivers\mfehidk.sys
2013-02-19 18:53:42 515968 ----a-w- C:\windows\System32\drivers\mfefirek.sys
2013-02-19 18:53:02 309840 ----a-w- C:\windows\System32\drivers\mfeavfk.sys
2013-02-19 18:52:44 179280 ----a-w- C:\windows\System32\drivers\mfeapfk.sys
2013-02-12 05:45:24 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll
2013-02-02 06:57:02 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-02-02 06:47:24 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-02-02 06:47:19 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-02-02 06:42:18 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-02-02 06:41:51 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-02-02 03:38:35 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-02-02 03:30:32 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-02-02 03:30:21 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-02-02 03:26:47 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-02-02 03:26:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll
2013-01-05 05:53:43 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-01-05 05:00:15 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00:11 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11:13 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2013-01-04 05:46:09 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-01-04 04:51:16 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-01-04 04:43:21 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-01-04 03:26:48 3153408 ----a-w- C:\windows\System32\win32k.sys
2013-01-04 02:47:35 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-01-04 02:47:34 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-01-04 02:47:34 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-01-04 02:47:33 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00:54 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-01-03 06:00:42 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS
.
============= FINISH: 18:46:13.32 ===============
Hello josie869,
My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
Please be advised, as I am still in training, all my replies to you will be checked for accuracy by one of our experts to ensure that I am giving you the best possible advice, this will be a team effort. This may cause a delay, but I will do my best to keep it as short as possible. Please bear with me, I will post back to you as soon as I can.
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Important Note for Vista and Windows 7 users:
These tools MUST be run from the executable.(.exe) every time you run them with Admin Rights (Right click, choose "Run as Administrator")
Please stay with this topic until I let you know that your system appears to be "All Clear"
Hi josie869,
In your initial post you ran aswMBR, it generated a .txt file named aswMBR.txt and should be located on your desktop. Please post the aswMBR.txt log in your next reply.
= = = = = = = = = = = = = = = = = = = =
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Pogo Games
Next
Download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
Right click and select "Run as Administrator".
Run AdwCleaner and select Delete
Once done it will ask to reboot, allow the reboot
On reboot a log will be produced, please attach the content of the log to your next reply
Next
Download to your desktop RogueKiller (http://tigzy.geekstogo.com/roguekiller.html) (by tigzy)
Right click and select "Run as Administrator"
Quit all programs
Wait until Prescan has finished ...
Click on Scan, Do Not Fix Anything at this point.
Click the Report button, save the report to your desktop
Next
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Right click and select "Run as Administrator".
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Under Custom Scan paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /rp /s
%systemdrive%\$Recycle.Bin|@;true;true;true
%USERPROFILE%\..|smtmp;true;true;true /FP
%temp%\smtmp\*.* /s >
BASESERVICES
DRIVES
CREATERESTOREPOINT
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
In your next post please provide the following:
AdwCleaner log
RogueKiller log
OTL.txt (do not post the Extras.txt)
josie869
2013-03-30, 02:35
Hi OCR - thanks for your reply.
The log you are looking for was attached to my original post. It was called mbr.zip
should I wait until you read that before I proceed?
Hi josie869,
aswMBR.txt and aswMBR.zip are two different files. When you ran the aswMBR scan it should have produced 2 files aswMBR.txt and MBR.dat. You should have compressed the MBR.dat file and attached it to your reply. The aswMBR.txt file should have been just copied and pasted into your reply.
If you are unable to locate the aswMBR.txt file on your desktop please re-run it again and post the aswMBR.txt along with the other scan requested in my last post.
josie869
2013-03-30, 03:09
sorry - here it is
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-28 18:59:56
-----------------------------
18:59:56.765 OS Version: Windows x64 6.1.7601 Service Pack 1
18:59:56.765 Number of processors: 4 586 0x2A07
18:59:56.766 ComputerName: KATHY-PC-LAPTOP UserName: Kathy
18:59:59.227 Initialize success
19:00:10.911 AVAST engine defs: 13032801
19:00:11.348 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:00:11.348 Disk 0 Vendor: ST950032 D005 Size: 476940MB BusType: 3
19:00:11.348 Device \Driver\iaStor -> MajorFunction fffffa8007ed05e8
19:00:11.348 Disk 0 MBR read successfully
19:00:11.348 Disk 0 MBR scan
19:00:11.348 Disk 0 Windows 7 default MBR code
19:00:11.363 Disk 0 Partition 1 00 DE Dell Utility DELL 8.0 100 MB offset 2048
19:00:11.395 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
19:00:11.410 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
19:00:11.441 Disk 0 scanning C:\windows\system32\drivers
19:00:27.650 Service scanning
19:01:11.439 Modules scanning
19:01:11.455 Disk 0 trace - called modules:
19:01:11.470 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8007ed05e8]<<
19:01:11.470 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800789c060]
19:01:11.470 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa8005944e40]
19:01:11.470 5 ACPI.sys[fffff88000f437a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005948050]
19:01:11.470 \Driver\iaStor[0xfffffa8007d0bd00] -> IRP_MJ_CREATE -> 0xfffffa8007ed05e8
19:01:13.607 AVAST engine scan C:\windows
19:01:17.648 AVAST engine scan C:\windows\system32
19:07:45.652 AVAST engine scan C:\windows\system32\drivers
19:08:20.393 AVAST engine scan C:\Users\Kathy
19:20:20.288 AVAST engine scan C:\ProgramData
19:30:26.303 Scan finished successfully
19:33:16.640 Disk 0 MBR has been saved successfully to "C:\Users\Kathy\Desktop\MBR.dat"
19:33:16.640 The log file has been saved successfully to "C:\Users\Kathy\Desktop\aswMBR.txt"
Hi Josie869,
Please complete the steps previously requested and post all the results when they are available.
josie869
2013-03-30, 03:23
adw cleaner results:
# AdwCleaner v2.115 - Logfile created 03/29/2013 at 22:18:15
# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Kathy - KATHY-PC-LAPTOP
# Boot Mode : Normal
# Running from : C:\Users\Kathy\Downloads\AdwCleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Users\Kathy\AppData\Roaming\iWin
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Registry is clean.
-\\ Mozilla Firefox v19.0.2 (en-US)
File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
*************************
AdwCleaner[S1].txt - [4276 octets] - [29/03/2013 22:18:15]
########## EOF - C:\AdwCleaner[S1].txt - [4336 octets] ##########
josie869
2013-03-30, 03:31
rogue killer stops working
tried it twice - here is the error i get when it almost get to the end ( if finds 6 problems)
Files that help describe the problem:
C:\Users\Kathy\AppData\Local\Temp\WERDF85.tmp.WERInternalMetadata.xml
C:\Users\Kathy\AppData\Local\Temp\WERF788.tmp.appcompat.txt
C:\Users\Kathy\AppData\Local\Temp\WERF864.tmp.hdmp
Hi josie869,
Print out these instructions as we may need to close every window that is open later in the fix.
It is possible that the infection you are trying to remove will not allow you to download files on the infected computer. If this is the case, then you will need to download the files requested in this guide on another computer and then transfer them to the infected computer. You can transfer the files via a CD/DVD, external drive, or USB flash drive.
Do not reboot your computer after running rkill as the malware programs will start again.
Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)
There are 5 different versions. If one of them won't run then download and try to run the other one.
"Right click and select "Run as Administrator"
You only need to get one of them to run, not all of them.
rkill.exe (http://download.bleepingcomputer.com/grinler/rkill.exe)
rkill.com (http://download.bleepingcomputer.com/grinler/rkill.com)
rkill.scr (http://download.bleepingcomputer.com/grinler/rkill.scr)
WiNlOgOn.exe (http://download.bleepingcomputer.com/grinler/WiNlOgOn.exe)
uSeRiNiT.exe (http://download.bleepingcomputer.com/grinler/uSeRiNiT.exe)
Do not reboot your computer after running rkill as the malware programs will start again.
- - - - - Next - - - - -
Re-try getting Roguekiller to run a complete scan.
- - - - - Next - - - - -
Download and run OTL as previously requested.
In your next post please provide the following:
Roguekiller log
OTL.txt
josie869
2013-03-30, 18:32
the result from rkill.exe
rogue killer stopped working again
Rkill 2.4.7 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 03/30/2013 01:26:08 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Kathy\Desktop\rkill\rkill-03-30-2013-01-26-13.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
* FontCache => %SystemRoot%\system32\svchost.exe -k LocalService [Incorrect ImagePath]
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.
* HOSTS file entries found:
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
20 out of 15299 HOSTS entries shown.
Please review HOSTS file for further entries.
Program finished at: 03/30/2013 01:26:26 PM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)
Hi josie869,
Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)
Extract it to your desktop
TDSSKiller.exe - Right click and select "Run as Administrator".
Press Start Scan
Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now
Copy and paste the log in your next reply
A copy of the log will be saved automatically to the root of the drive (typically C:\)
- - - - - Next - - - - -
Refer to the ComboFix User's Guide (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from the following location:
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Place ComboFix.exe on your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
---------------------------------------------------------------------------------------------
NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
In your next post please provide the following:
TDSSKiller log
ComboFix.txt
Any change in performance?
josie869
2013-03-31, 00:33
here's the tdss report - will do the next steps in a few minutes
19:31:34.0048 4284 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:31:34.0469 4284 ============================================================
19:31:34.0469 4284 Current date / time: 2013/03/30 19:31:34.0469
19:31:34.0469 4284 SystemInfo:
19:31:34.0469 4284
19:31:34.0469 4284 OS Version: 6.1.7601 ServicePack: 1.0
19:31:34.0469 4284 Product type: Workstation
19:31:34.0469 4284 ComputerName: KATHY-PC-LAPTOP
19:31:34.0485 4284 UserName: Kathy
19:31:34.0485 4284 Windows directory: C:\windows
19:31:34.0485 4284 System windows directory: C:\windows
19:31:34.0485 4284 Running under WOW64
19:31:34.0485 4284 Processor architecture: Intel x64
19:31:34.0485 4284 Number of processors: 4
19:31:34.0485 4284 Page size: 0x1000
19:31:34.0485 4284 Boot type: Normal boot
19:31:34.0485 4284 ============================================================
19:31:35.0171 4284 BG loaded
19:31:35.0608 4284 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:35.0624 4284 ============================================================
19:31:35.0624 4284 \Device\Harddisk0\DR0:
19:31:35.0624 4284 MBR partitions:
19:31:35.0624 4284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
19:31:35.0624 4284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
19:31:35.0624 4284 ============================================================
19:31:35.0670 4284 C: <-> \Device\Harddisk0\DR0\Partition2
19:31:35.0670 4284 ============================================================
19:31:35.0670 4284 Initialize success
19:31:35.0670 4284 ============================================================
josie869
2013-03-31, 01:13
combo fix report
ComboFix 13-03-30.01 - Kathy 03/30/2013 20:03:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4460 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 00:09 . 2013-03-31 00:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:22 . 2013-03-30 02:22 -------- d-----w- c:\users\Kathy\AppData\Local\AVG Secure Search
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar
2013-03-28 22:41 . 2013-03-28 22:41 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:41 . 2013-03-30 02:18 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2013-03-28 22:41 . 2013-03-28 22:41 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-25 23:25 . 2013-03-25 23:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-11-13 3713032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"vProt"="c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe" [2013-03-28 1219248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-08-01 165184]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vToolbarUpdater15.0.0;vToolbarUpdater15.0.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [2013-03-28 990896]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37958813
*NewlyCreated* - 39912074
*Deregistered* - 37958813
*Deregistered* - 39912074
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-39912074.sys
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-30 20:12:17
ComboFix-quarantined-files.txt 2013-03-31 00:12
.
Pre-Run: 425,888,702,464 bytes free
Post-Run: 427,073,671,168 bytes free
.
- - End Of File - - F1B4A01FDB7DB9161F727ACCB7CE5D34
josie869
2013-03-31, 01:19
still getting hijacked
i did one google search and clicked on a result and it hit the right page
searches 2 and 3 were hijacked
one was sent to a mcaffee promo page - which was supposed to be pillsbury.com
bettycrocker.com went to some kraft.com site
and for some reason my firefox home page is now myavgsearch.com
UGH !!!!
Hi josie869,
The TDSSKiller log is incomplete. Please re-run TDSSKiller and post the log in your next reply. Allow it run past the initial scan.
= = = = = = = = = = = = = = = = = = = =
Click 'Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
AVG SafeGuard toolbar
Next
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the codebox below into it:
Folder::
c:\users\Kathy\AppData\Local\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar
Driver::
vToolbarUpdater15.0.0
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"=-
Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
ClearJavaCache::
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
- - - - - Next - - - - -
Reset Firefox Homepage
Click on the Firefox drop down arrow in the upper left corner of your browser.
Select Options, the select Options again.
On the General tab, locate the Home Page field.
Enter the URL you would like to use as your home page (ie: http://www.google.com ), or select the Restore to Default button.
Click OK
In your next post please provide the following:
TDSSKiller log
ComboFix.txt
josie869
2013-03-31, 18:07
can't uninstall avg , it does nothing i will post 2 separate logs i found from tdsskiller from yesterday and then the one from today .
do you want me to continue with the rest of your instructions even though I can't remove avg?
josie869,
Yes, please complete all the steps and post the logs requested. :bigthumb:
josie869
2013-03-31, 18:35
well, that deleted my browsers
Hi josie869,
well, that deleted my browsers
Can you explain in more detail what you mean by "deleted your browsers"?
josie869
2013-03-31, 19:01
when I clicked on the firefox icon to post the log
it says
c:\program files (x86)\mozilla firefox\fiefox.exe
illegal operation attempted on a registry key that has been marked for deletion.
same error for internet explorer
I am posting from anther computer
Hi joise869,
Did you reboot the computer? If not, do so now and see if this brings the functionality back to your browsers.
josie869
2013-03-31, 19:54
ok, that worked
ComboFix 13-03-30.01 - Kathy 03/31/2013 12:20:37.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4459 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\15.0.0.2\AVG SafeGuard toolbar_toolbar.dll
c:\program files (x86)\AVG SafeGuard toolbar\about.gif
c:\program files (x86)\AVG SafeGuard toolbar\active-threats18.gif
c:\program files (x86)\AVG SafeGuard toolbar\AVG SafeGuard toolbar
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_close.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_expand.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tooltip.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bg_tracking.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\bull4x4.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\divider.gif
c:\program files (x86)\AVG SafeGuard toolbar\Chrome\content\icons\innerBG_gradient.gif
c:\program files (x86)\AVG SafeGuard toolbar\ChromeRes\nt.html
c:\program files (x86)\AVG SafeGuard toolbar\CleanHistory.gif
c:\program files (x86)\AVG SafeGuard toolbar\configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\current.gif
c:\program files (x86)\AVG SafeGuard toolbar\currently-safe18.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\all.css
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\btn-ok2.gif
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\DSPDlg_IE.html
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\logo2.png
c:\program files (x86)\AVG SafeGuard toolbar\DSPDlg_IE\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\EEImageHandler.html
c:\program files (x86)\AVG SafeGuard toolbar\EnableHelperRes\Images\box_ie.png
c:\program files (x86)\AVG SafeGuard toolbar\EULA.gif
c:\program files (x86)\AVG SafeGuard toolbar\Eula.txt
c:\program files (x86)\AVG SafeGuard toolbar\Facebook.gif
c:\program files (x86)\AVG SafeGuard toolbar\favicon.ico
c:\program files (x86)\AVG SafeGuard toolbar\feedback.gif
c:\program files (x86)\AVG SafeGuard toolbar\FireFoxSearchXml.tmp
c:\program files (x86)\AVG SafeGuard toolbar\help.gif
c:\program files (x86)\AVG SafeGuard toolbar\icon18.gif
c:\program files (x86)\AVG SafeGuard toolbar\labs.gif
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\CPOL license.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\Encoding_decoding_base64.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\hmac.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bsdiff.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-bzip.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-JasonCpp.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-MPL-NPAPI.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\LICENSE-sparsehash.txt
c:\program files (x86)\AVG SafeGuard toolbar\Licenses\PassthruApp.txt
c:\program files (x86)\AVG SafeGuard toolbar\lip.exe
c:\program files (x86)\AVG SafeGuard toolbar\performanceIcon.gif
c:\program files (x86)\AVG SafeGuard toolbar\PostInstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\PostInstaller.ini
c:\program files (x86)\AVG SafeGuard toolbar\privacy.gif
c:\program files (x86)\AVG SafeGuard toolbar\remote_configuration.xml
c:\program files (x86)\AVG SafeGuard toolbar\search.gif
c:\program files (x86)\AVG SafeGuard toolbar\setup.bmp
c:\program files (x86)\AVG SafeGuard toolbar\surf-with-caution18.gif
c:\program files (x86)\AVG SafeGuard toolbar\Uninstall.exe
c:\program files (x86)\AVG SafeGuard toolbar\uninstall.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\cp_logo.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\downBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\loader.gif
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\uninstall-bg.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Images\uninstall\upBtn.png
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.5.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\jquery-1.8.1.min.js
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\uninstall_cp.css
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp.html
c:\program files (x86)\AVG SafeGuard toolbar\UninstallRes\ClientPackage\Uninstall_cp_step2.html
c:\program files (x86)\AVG SafeGuard toolbar\updating18.gif
c:\program files (x86)\AVG SafeGuard toolbar\vprot.exe
c:\program files (x86)\Common Files\AVG Secure Search
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\UpdaterConfig.ini
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\DNT\dt.dat
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_28_03_41_58.db
c:\users\Kathy\AppData\Local\AVG SafeGuard toolbar\SiteSafety\l_2013_03_29_06_41_02.db
c:\users\Kathy\AppData\Local\AVG Secure Search
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_vToolbarUpdater15.0.0
.
.
((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-31 )))))))))))))))))))))))))))))))
.
.
2013-03-31 16:26 . 2013-03-31 16:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:41 . 2013-03-28 22:41 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2009-01-25 16:14 17272 ----a-w- c:\windows\system32\sdnclean64.exe
2013-03-25 23:25 . 2013-03-25 23:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2013-3-28 1106]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk.disabled [2013-2-10 2048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-11-13 1103392]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-11-13 1369624]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-11-13 168384]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-03-31 12:34:02 - machine was rebooted
ComboFix-quarantined-files.txt 2013-03-31 16:34
ComboFix2.txt 2013-03-31 00:12
.
Pre-Run: 425,706,987,520 bytes free
Post-Run: 425,173,393,408 bytes free
.
- - End Of File - - B8E46C90D557F685BC4DBC03F7412CC1
josie869,
I still need to see the TDSSKiller logs you have. Post them when you can. :)
josie869
2013-03-31, 20:14
I have attached it because this site tells me it's too many characters to post.
Hi josie869,
Are you still experiencing Google redirects?
If so, which browsers are effected?
Is you Firefox homepage issue been resolved?
= = = = = = = = = = = = = = = = = = = =
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the codebox below into it:
Firefox::
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={48F5F16B-5EE2-425F-A22C-591CAC411205}&mid=2a62154e21694dc8aba5305666c3b128-7ebb7c7288368040367e0b9b33cae994739ffb45&lang=en&ds=hk018&pr=sa&d=2013-03-28 18:41&v=15.0.0.2&pid=safeguard&sg=1&sap=hp
Folder::
c:\programdata\AVG SafeGuard toolbar
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, please post the C:\ComboFix.txt for further review.
In your next post please provide the following:
Answers to the questions above
ComboFix.txt
Any remaining issues?
josie869
2013-04-01, 01:21
I have disabled mcafee, malware and spybot , combofix is saying spybot is still running.
can I uninstall spybot?
Hi josie869,
Try this to disable Spybot S & D, you shouldn't need to uninstall it.
Disable Spybot Search & Destroy (temporarily)
Launch Spybot S & D
Select Mode it the top menu bar, select Advanced
Select the Tools sub menu on the left
Select the Resident from the left hand menu
Remove the check marks from both options in the right hand menu under "Resident Protection Status"
Exit Spybot
Then retry the ComboFix step and post the results.
josie869
2013-04-01, 01:47
i don't have a mode option
I have version 2.0.12.126
I have unchecked all spybot references in the start up tools
Hi josie869,
Just go ahead and uninstall Spybot and we'll reinstall it after we get the computer clean.
Then run the ComboFix step I outlined previously and post the results when they are available and an update on the Google redirection issues.
josie869
2013-04-01, 03:01
here's the log
ComboFix 13-03-31.01 - Kathy 03/31/2013 20:47:45.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4245 [GMT -4:00]
Running from: c:\users\Kathy\Desktop\ComboFix.exe
Command switches used :: c:\users\Kathy\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AVG SafeGuard toolbar
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\chrome.manifest
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\chrome\avg.jar
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\components\avg-dnt-policy.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\components\toolbarhomeApi.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\icon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\install.rdf
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\locale\en-US\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\locale\en-US\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avg-dnt-adapter.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avg.xml
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\avgJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\Bindings.xml
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration_0.css
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\configuration_0.xul
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\HistoryCleaner.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\IOJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\af\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\af\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\cs\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\cs\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\da\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\da\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\de\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\de\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\el\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\el\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\en\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\en\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es-es\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es-es\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\es\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fi\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fi\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\fr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hi\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hi\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hu\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\hu\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\id\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\id\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\it\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\it\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ja\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ja\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ko\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ko\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ms\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ms\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nb\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nb\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nl\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\nl\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pl\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pl\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt-br\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt-br\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\pt\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ro\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ro\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ru\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\ru\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sk\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sk\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sv\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\sv\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\th\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\th\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\tr\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\tr\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-cn\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-cn\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-tw\global.dtd
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\locale\zh-tw\global.properties
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\Preferences.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\propertiesJsm.js
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\about.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\active-threats18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\ajax-loader.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\CleanHistory.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\close.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\current.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\currently-safe18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\dnt.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\EULA.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\Facebook.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\feedback.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\feedicon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\help.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\icon_search.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\icon18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\information-24.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\labs.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\loader.gif
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\performanceIcon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\privacy.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\questionmarkIcon.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\search.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\surf-with-caution18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\uninstall.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\updating18.png
c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.0.0.2\modules\skin\window-close.png
.
.
((((((((((((((((((((((((( Files Created from 2013-03-01 to 2013-04-01 )))))))))))))))))))))))))))))))
.
.
2013-04-01 00:57 . 2013-04-01 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-30 23:29 . 2013-03-30 23:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-03-30 02:18 . 2013-03-30 02:18 121 ----a-w- c:\windows\DeleteOnReboot.bat
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\users\Kathy\AppData\Local\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\programdata\WinZip
2013-03-28 22:42 . 2013-03-28 22:42 -------- d-----w- c:\program files\WinZip
2013-03-28 22:41 . 2013-03-28 22:41 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-03-28 22:24 . 2013-03-28 22:25 -------- d-----w- c:\program files (x86)\ERUNT
2013-03-26 23:23 . 2013-03-26 23:23 -------- d-----w- c:\users\Kathy\AppData\Roaming\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 23:22 . 2013-03-26 23:22 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-26 23:22 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 00:30 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-25 23:25 . 2013-03-30 23:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-03-25 23:25 . 2013-04-01 00:44 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2013-03-25 23:23 . 2013-03-25 23:23 -------- d-----w- c:\users\Kathy\AppData\Local\Programs
2013-03-24 15:12 . 2013-03-24 15:12 -------- d-----w- c:\programdata\SugarGames
2013-03-16 14:42 . 2013-03-19 11:00 -------- d-----w- c:\users\Kathy\AppData\Local\Sonic
2013-03-16 00:31 . 2013-02-02 06:38 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-03-16 00:31 . 2013-02-02 03:23 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-03-16 00:28 . 2013-03-16 00:29 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files\Microsoft Silverlight
2013-03-13 14:43 . 2013-03-13 14:43 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-03-13 10:42 . 2013-03-13 10:43 -------- d-----w- C:\23486ff927f0f78691e0d6a5
2013-03-05 02:40 . 2013-03-05 02:40 -------- d-----w- c:\programdata\Meridian93
2013-03-03 15:08 . 2013-03-03 15:08 -------- d-----w- c:\users\Kathy\AppData\Roaming\Alawar
2013-03-02 21:58 . 2013-03-02 22:00 -------- d-----w- c:\users\Kathy\AppData\Roaming\Brunhilda_bfg
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 02:41 . 2012-04-03 17:15 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 02:41 . 2011-12-09 06:01 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-19 18:59 . 2011-03-13 17:20 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-02-19 18:56 . 2011-03-13 17:20 340216 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-02-19 18:56 . 2011-12-09 06:46 182752 ----a-w- c:\windows\system32\mfevtps.exe
2013-02-19 18:55 . 2011-12-09 06:46 10728 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2013-02-19 18:55 . 2011-03-13 17:20 106552 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2013-02-19 18:54 . 2011-03-13 17:20 771536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-02-19 18:53 . 2011-03-13 17:20 515968 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-02-19 18:53 . 2011-03-13 17:20 309840 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-02-19 18:52 . 2011-03-13 17:20 179280 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-02-13 12:22 . 2012-02-21 20:46 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-13 09:57 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 09:57 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 09:57 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 09:57 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:57 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-13 21:17 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35 . 2013-02-27 12:06 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32 . 2013-02-27 12:06 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31 . 2013-02-27 12:06 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-01-13 20:22 . 2013-02-27 12:06 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-01-13 20:20 . 2013-02-27 12:06 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-01-13 20:09 . 2013-02-27 12:06 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08 . 2013-02-27 12:06 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-01-13 20:08 . 2013-02-27 12:06 1504768 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-01-13 19:59 . 2013-02-27 12:06 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-01-13 19:58 . 2013-02-27 12:06 1175552 ----a-w- c:\windows\system32\FntCache.dll
2013-01-13 19:54 . 2013-02-27 12:06 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-01-13 19:53 . 2013-02-27 12:06 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53 . 2013-02-27 12:06 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-01-13 19:51 . 2013-02-27 12:06 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-01-13 19:49 . 2013-02-27 12:06 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-01-13 19:48 . 2013-02-27 12:06 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2013-01-13 19:46 . 2013-02-27 12:06 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2013-01-13 19:43 . 2013-02-27 12:06 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38 . 2013-02-27 12:06 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-01-13 19:38 . 2013-02-27 12:06 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-01-13 19:38 . 2013-02-27 12:06 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-01-13 19:37 . 2013-02-27 12:06 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-01-13 19:25 . 2013-02-27 12:06 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-01-13 19:24 . 2013-02-27 12:06 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-01-13 19:24 . 2013-02-27 12:06 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-01-13 19:20 . 2013-02-27 12:06 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-01-13 19:20 . 2013-02-27 12:06 1238528 ----a-w- c:\windows\system32\d3d10.dll
2013-01-13 19:15 . 2013-02-27 12:06 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-01-13 19:10 . 2013-02-27 12:06 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-01-13 19:02 . 2013-02-27 12:06 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-01-13 18:34 . 2013-02-27 12:06 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32 . 2013-02-27 12:06 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-01-13 18:09 . 2013-02-27 12:06 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-01-13 17:26 . 2013-02-27 12:06 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-01-13 17:05 . 2013-02-27 12:06 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2013-01-05 05:53 . 2013-02-13 11:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 11:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 11:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 06:11 . 2013-02-27 12:06 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-01-04 06:11 . 2013-02-27 12:06 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-01-04 05:46 . 2013-02-13 11:20 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 11:20 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 11:20 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 11:20 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 11:20 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 11:20 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 11:20 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 11:20 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 11:20 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 11:20 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-08-21 67496]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 38112]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-01-14 1534504]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
.
c:\users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk.disabled [2013-3-28 1106]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk.disabled [2013-2-10 2048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
.
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-08-08 299008]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2013-02-19 106552]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-27 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-02-19 340216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-03-28 39768]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-08-08 1166848]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-10-09 187912]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2012-08-31 201304]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2013-02-19 218760]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-02-19 182752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-02-19 70112]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-02-19 515968]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-10-26 406632]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 02:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 167.206.245.129 167.206.245.130
FF - ProfilePath - c:\users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-03-16 15:26; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AVG SafeGuard toolbar - c:\program files (x86)\AVG SafeGuard toolbar\UNINSTALL.exe
AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-31 21:00:02
ComboFix-quarantined-files.txt 2013-04-01 01:00
ComboFix2.txt 2013-03-31 16:34
ComboFix3.txt 2013-03-31 00:12
.
Pre-Run: 425,579,335,680 bytes free
Post-Run: 425,357,725,696 bytes free
.
- - End Of File - - 453D06629B822E8143553354DF108663
josie869
2013-04-01, 03:13
ok , when I rebooted, I got these errors ( see attached images)
and google is still getting hijacked when I click on the google results
first try smartresult.com
same with the next two tries
Hi josie869,
Please flush the cache from all browsers that are experiencing the redirections.
= = = = = = = = = = = = = = = = = = = =
Delete cache and other browser data in Chrome
Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Autofill form data
Clear data from hosted apps
Deauthorize content licenses
Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.
- - - - - Next - - - - -
Flush the Internet Explorer Cache
In Internet Explorer, click Tools
Select Internet Options
Now on the General tab and click Delete Files and select Delete all Offline content too
Click OK.
When it finishes Click OK.
- - - - - Next - - - - -
Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
In Firefox, Options
Select Options
Select Privacy tab
Find the section that reads: You might want to clear your recent history or remove individual cookies
Select clear your recent history
Click the Details drop-down arrow
Make sure a check mark is placed in the following boxes:
Cookies
Cache
Next select the Time Range to Clear drop-down menu
Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
Click Clear Now
- - - - - Next - - - - -
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Files
ipconfig /flushdns /c
:Commands
[purity]
[createrestorepoint]
[emptyflash]
[emptyjava]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
- - - - - Next - - - - -
REBOOT
- - - - - Next - - - - -
Run a fresh OTL scan ( don't check the boxes beside LOP Check or Purity this time )
- - - - - Next - - - - -
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Right click and select "Run as Administrator" mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.
http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure nothing is checked, and click Save Log.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
- - - - - Next - - - - -
Please run Eset Online Scanner (http://www.eset.com/onlinescan/)
Administrator rights are required to run ESET Online Scanner
Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Do Not place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.
In your next post please provide the following:
OTL.txt
MBAM log
ESET's log.txt
Any change with the Google redirects?
josie869
2013-04-02, 04:22
otl scn too long to post - I have attached it
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
Database version: v2013.03.31.02
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kathy :: KATHY-PC-LAPTOP [administrator]
Protection: Enabled
4/1/2013 7:46:07 PM
mbam-log-2013-04-01 (19-46-07).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214863
Time elapsed: 2 minute(s),
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
josie869
2013-04-02, 04:25
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
it said it had no infections, but my browser is still getting hijacked
first it goes to livesearch and then to here
http://63.209.69.107/search/web/revolution/C10/ecn/46938-s70005/v5
Hi josie869,
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
FF - prefs.js..extensions.enabledAddons: xzxpbckclf%40xzxpbckclf.org:2.5
[1642/01/02 12:33:50 | 000,004,816 | ---- | M] () (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\extensions\xzxpbckclf@xzxpbckclf.org.xpi
:Files
C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\187hsxeh.default\extensions\xzxpbckclf@xzxpbckclf.org.xpi
C:\windows\svchost.exe
:Commands
[purity]
[createrestorepoint]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
- - - - - Next - - - - -
Reset Firefox to its default state
At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/restfirefox1.png
Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/resetfirefox2.png
To continue, click Reset Firefox in the confirmation window that opens.
Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
In your next post please provide the following:
OTL.txt
Status of Google redirects
If still being redirected, which browser does it occur in?
josie869
2013-04-03, 02:26
that seems to have worked
I have attached the otl file
I will keep an eye on it over the next day or 2 and will let you know how it goes.
Is there a reason you asked me to remove pogo games in the beginning? Do you think that's where this problem came from?
Thank you so much for your help!!
josie869
2013-04-03, 02:45
oh wait - I'm still getting these 2 errors when I reboot - see attached images
I'm going to get rid of mcafee and switch to norton - I have norton on my computer ( the one with the issues was my mother's) - not sure if that makes a difference with one of those errors
Hi josie869,
Now although we seem to have gotten the redirects taken care of we still have some clean-up steps to take before we are done. I will keep the thread open for a few days, please check back after you have tested the system to be sure all is well.
Is there a reason you asked me to remove pogo games in the beginning?Pogo Games is classified as a "PUP" (Potentially Unwanted Program).
A PUP (Potentially Unwanted Program) is a program that may be unwanted, despite the possibility that users consented to download it. PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants.
The term was created by McAfee, the Internet Security company, because marketing firms objected to having their products called "spyware": in the view of such firms, all the information necessary for informed consent is included in the download agreement. It is widely recognized, however, that many if not most users fail to read a download agreement in sufficient detail to understand exactly what they are downloading.
McAfee differentiates PUPs from other types of malware, such as viruses, Trojans, and worms, which can be safely assumed to be unwanted by the user.
= = = = = = = = = = = = = = = = = = = =
To clear up the error messages you have been receiving on start up, unfortunately the only solution I can offer is to uninstall the program, reboot and then reinstall the program.
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
ERUNT
McAfee Security Scan Plus
REBOOT
Then reinstall
josie869
2013-04-03, 23:33
I uninstalled both but only reinstalled erunt
got several erros - see attached . i got 3 more after these
Hi josie869,
Go ahead and uninstall ERUNT, right now there is no need reinstall it.
- - - - - Next - - - - -
Using Windows Explorer (Windows Key + E), locate the following folder, and DELETE it (if still present):
C:\windows\ERDNT <-- delete the folder
Exit Explorer
- - - - - Next - - - - -
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
O4 - Startup: C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled ()
[2013/03/28 18:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/03/28 18:25:29 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2013/03/28 18:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/03/28 18:25:06 | 000,001,106 | ---- | M] () -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk.disabled
[2013/03/28 18:24:56 | 000,000,907 | ---- | M] () -- C:\Users\Kathy\Desktop\ERUNT.lnk
:Commands
[purity]
[createrestorepoint]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
OTL.txt
Any remaining issues?
josie869
2013-04-05, 01:50
OTL logfile created on: 4/4/2013 7:41:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 4.26 Gb Available Physical Memory | 72.14% Memory free
11.81 Gb Paging File | 9.95 Gb Available in Paging File | 84.23% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 395.78 Gb Free Space | 87.75% Space Free | Partition Type: NTFS
Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Downloads\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
PRC - [2012/07/27 16:51:36 | 000,038,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2012/07/27 13:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/09/06 14:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 14:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/05/19 03:16:34 | 000,839,744 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
PRC - [2011/04/13 12:39:14 | 000,503,942 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/11/06 01:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
========== Modules (No Company Name) ==========
MOD - [2013/02/13 20:39:59 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/10 22:38:49 | 002,297,856 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 22:38:01 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll
MOD - [2013/01/10 07:57:29 | 000,368,128 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 07:56:58 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 07:56:48 | 014,340,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 07:56:29 | 001,592,832 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 07:56:26 | 012,237,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 07:56:17 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 07:56:09 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 07:56:05 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 07:56:04 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 07:55:32 | 011,493,376 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/08/21 14:20:02 | 000,067,496 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
MOD - [2012/02/01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/08/18 12:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/11/25 00:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 12:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll
========== Services (SafeList) ==========
SRV:[b]64bit: - [2011/08/08 09:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/11/29 17:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/03/12 22:41:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/07 23:53:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/09 10:22:48 | 000,187,912 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2012/07/27 13:51:26 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/20 23:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 03:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 03:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/20 18:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/07/20 18:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/11/29 17:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/17 08:35:59 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/26 19:22:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/26 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5
[2013/03/07 23:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/04/04 19:41:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 19:39:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/04 19:39:37 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 19:32:23 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/04 19:32:23 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/04 19:32:23 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/04 19:31:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:31:16 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:22:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/26 19:22:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144
< End of report >
josie869
2013-04-05, 01:52
still getting the mcafee error
I'm not going to reinstall mcafee so we can just delete whatever is causing that error
I will install norton once we get this issue resolved
Hi josie869,
Please download Revo Uninstaller Pro (http://www.revouninstaller.com/download-professional-version.php) and save it to your desktop.
(This version is a fully functional, 30 day free trial)
Vista-W7 Users: You must right-click on "RevoUninProSetup.exe", and select "Run As Administrator" to install. If UAC prompts, allow it.
From the list of programs click on
McAfee (any & all listed)
Chose "Uninstall". When prompted click Yes.
Make sure the advanced option is checked... then click Next.
The program will run, when prompted... click Yes... then Next.
Once the program has searched for leftovers click Next.
Check ONLY the bolded items on the list then... click Next... then Yes.
When done click Finish.
- - - - - Next - - - - -
If no McAfee items are found with Revo-Uninstaller continue on with the next step.
- - - - - Next - - - - -
Run OTL.exe
Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK
[2013/03/17 08:35:59 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml
:Files
C:\Program Files\McAfee
:Commands
[purity]
[createrestorepoint]
[emptytemp]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
In your next post please provide the following:
OTL.txt
Any remaining issues?
josie869
2013-04-06, 03:47
mcaffe wasn't found in the first program but the issue still comes up on reboot
here is the log
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com deleted successfully.
File C:\Program Files\McAfee\MSK not found.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\McSiteAdvisor.xml moved successfully.
========== FILES ==========
File\Folder C:\Program Files\McAfee not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Kathy
->Temp folder emptied: 2384072 bytes
->Temporary Internet Files folder emptied: 16548205 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16108690 bytes
->Flash cache emptied: 1149 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 532322 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84927 bytes
RecycleBin emptied: 550765928 bytes
Total Files Cleaned = 559.00 mb
Error: Unable to interpret <Then click the Run Fix button at the top> in the current context!
OTL by OldTimer - Version 3.2.69.0 log created on 04052013_214325
Files\Folders moved on Reboot...
C:\Users\Kathy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\windows\temp\TMP0000003113ABF03E71621432 moved successfully.
C:\windows\temp\TMP00000032C771127351D26A48 moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Hi josie869,
McAfee Consumer Products Removal Tool
Download the utility MCPR.exe (http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe) (MCPR (C) McAfee, Inc).
Right click and select "Run as Administrator"
Once the process of deleting McAfee products is over (the removal process may take a minute), the McAfee Cleanup window appears.
Click Yes to reboot your computer and to finish the removal process of McAfee products.
- - - - - Next - - - - -
Re-run OTL (it should be located on your desktop).
Windows Vista and Windows 7 users Right Click and select "Run as Administrator" on the icon to run it.
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
In your next post please provide the following:
Results of the MCPR tool
OTL.txt
How is the computer running?
josie869
2013-04-06, 13:45
still got the mcaffee error after running the removal tool
I haven't been using the computer except to do what you're telling me.
One thing though - all through this process, I don't think I have checked lop & purity on the otl.exe - they come up unchecked on opening. Not sure if that makes a difference.
OTL logfile created on: 4/6/2013 7:30:11 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 4.08 Gb Available Physical Memory | 69.13% Memory free
11.81 Gb Paging File | 9.65 Gb Available in Paging File | 81.71% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 396.00 Gb Free Space | 87.80% Space Free | Partition Type: NTFS
Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kathy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/05 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/04/05 21:39:08 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2013/04/05 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/04/05 21:38:03 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/29 21:49:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/26 19:22:38 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/03/26 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5
[2013/03/07 23:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013/04/06 07:27:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/06 07:27:35 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/06 07:27:07 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 07:27:07 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/06 07:25:12 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/06 07:25:12 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/06 07:25:12 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/06 07:23:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/05 21:39:09 | 000,001,103 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/05 21:38:04 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:22:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
========== Files Created - No Company Name ==========
[2013/04/05 21:39:09 | 000,001,103 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/26 19:22:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144
< End of report >
Hi josie869,
The selection of LOP & Purity would not have an impact on this issue.
= = = = = = = = = = = = = = = = = = = =
Unfortunately it appears we will need to re-install McAfee so we can do a complete removal in order to get all the components.
With that in mind, re-install McAfee at this time. Then REBOOT.
(note if the error message is still present, if so take a screen shot)
- - - - - Next - - - - -
Re-run the MCPR tool again.
- - - - - Next - - - - -
Locate the Java Control Panel
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter "Java Control Panel".
Click on the Java icon http://i1269.photobucket.com/albums/jj590/OCD-WTT/javacupicon.jpg to open the Java Control Panel.
Delete Temporary Files through the Java Control Panel
http://i1269.photobucket.com/albums/jj590/OCD-WTT/java4-1.jpg
In the Java Control Panel, under the General tab, click Settings under the Temporary Internet Files section.
The Temporary Files Settings dialog box appears.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/java5.jpg
Click Delete Files on the Temporary Files Settings dialog.
The Delete Temporary Files dialog box appears.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/java6.jpg
Click OK on the Delete Temporary Files dialog.
Note: This deletes all the Downloaded Applications and Applets from the cache.
Click OK on the Temporary Files Settings dialog.
Note: If you want to delete a specific application and applet from the cache, click on View Application and View Applet options respectively.
- - - - - Next - - - - -
REBOOT
In your next post please provide the following:
Report if there is any change.
McAfee screenshot if available.
Any other issues?
josie869
2013-04-07, 04:14
I don't have a disk for that and I don't remember which product was installed - now what?
Hi josie869,
Please navigate to the following folder and check to make sure Mcafee is not listed.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup
- - - - - Next - - - - -
Then go here : http://promos.mcafee.com/LegacyLp/en-us/affiliates/adobe/landingpages/np681.asp
and follow the steps at the bottom of the page to remove McAfee Security Scan Plus
Uninstall through the McAfee Security Scan Plus folder:
Under Start menu, go to all Programs
Open McAfee Security Scan Plus folder
Select “Uninstall”
josie869
2013-04-07, 17:29
it is listed
McAfee Security Scan Plus.lnk
Hi josie869,
Then follow through with the 2nd step outlined in my previous post.
Reboot
Then recheck c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup and see if it is listed, if so delete it from the Startup folder. (do not delete the Startup folder, just the McAfee entries)
Reboot again, and see if the error is gone.
josie869
2013-04-07, 18:08
it's not listed and there isn't a folder for it there
it's not listed and there isn't a folder for it thereDo you mean it's not listed to complete step 2?
Then just navigate to the Startup folder and delete the McAfee entry
Reboot, and check for the error.
josie869
2013-04-07, 18:29
ok, I deleted it. the error was gone on reboot
Can I install norton now?
Yes go ahead and install Norton.
Then re-run OTL for review
I will review the log after work this evening.
josie869
2013-04-07, 18:51
OTL logfile created on: 4/7/2013 12:40:03 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kathy\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 4.02 Gb Available Physical Memory | 68.07% Memory free
11.81 Gb Paging File | 9.58 Gb Available in Paging File | 81.12% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 395.18 Gb Free Space | 87.62% Space Free | Partition Type: NTFS
Computer Name: KATHY-PC-LAPTOP | User Name: Kathy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Kathy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
PRC - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
PRC - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ab54c04b3df40416205883b4049fe273\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4d6518ef6ae8d6f005c49ab1c86de7fe\IAStorCommon.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
MOD - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\wincfi39.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll ()
MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll ()
MOD - C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EPSON_EB_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe (SEIKO EPSON CORPORATION)
========== Driver Services (SafeList) ==========
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130406.008\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20130406.008\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20130107.001\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20130113.001\IDSviA64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011/12/09 02:45:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/12/09 02:46:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/12/09 02:46:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFFPlgn\ [2013/04/07 12:38:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn\ [2013/04/07 12:38:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/07 23:53:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/26 10:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kathy\AppData\Roaming\Mozilla\Extensions
[2013/03/07 23:53:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/07 23:53:14 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/29 17:56:57 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/28 18:41:59 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/26 22:08:35 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
O1 HOSTS File: ([2013/03/31 20:57:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8820CB3A-CF59-4158-8AD8-276E5365268C}: DhcpNameServer = 167.206.245.129 167.206.245.130
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/04/07 12:39:31 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\Symantec
[2013/04/07 12:38:10 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/07 12:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/04/07 12:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/04/07 12:37:45 | 001,139,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.sys
[2013/04/07 12:37:45 | 000,796,248 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys
[2013/04/07 12:37:45 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS64.sys
[2013/04/07 12:37:45 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\symnets.sys
[2013/04/07 12:37:45 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\Ironx64.sys
[2013/04/07 12:37:45 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.sys
[2013/04/07 12:37:45 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys
[2013/04/07 12:37:45 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymELAM.sys
[2013/04/07 12:37:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64
[2013/04/07 12:37:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\NISx64\1403000.024
[2013/04/07 12:37:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2013/04/07 12:37:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2013/04/07 12:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/04/07 12:37:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/04/07 12:35:44 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/04/07 12:35:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/04/05 21:39:11 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\VS Revo Group
[2013/04/05 21:39:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/04/05 21:39:08 | 000,031,800 | ---- | C] (VS Revo Group) -- C:\windows\SysNative\drivers\revoflt.sys
[2013/04/05 21:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/04/05 21:38:03 | 009,918,712 | ---- | C] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/02 20:36:00 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\jo's tools
[2013/04/02 20:23:02 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\Old Firefox Data
[2013/04/01 19:57:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/04/01 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/31 21:03:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/31 21:00:04 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/03/30 20:01:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/03/30 20:01:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/03/30 20:01:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/03/30 19:58:34 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Documents\ProcAlyzer Dumps
[2013/03/30 19:38:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/30 19:36:56 | 005,045,447 | R--- | C] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/30 19:29:02 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/03/30 13:26:13 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\rkill
[2013/03/29 22:24:25 | 000,000,000 | ---D | C] -- C:\Users\Kathy\Desktop\RK_Quarantine
[2013/03/29 21:49:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/28 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\WinZip
[2013/03/28 18:42:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/03/28 18:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/03/28 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/03/28 18:41:53 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/26 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Roaming\Malwarebytes
[2013/03/26 19:22:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/25 20:30:46 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys
[2013/03/25 19:25:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/03/25 19:25:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/03/25 19:23:58 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Programs
[2013/03/24 11:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SugarGames
[2013/03/16 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Kathy\AppData\Local\Sonic
[2013/03/15 20:30:57 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/03/15 20:30:57 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/03/15 20:30:55 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/03/15 20:30:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/03/15 20:30:55 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/03/15 20:30:54 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/03/15 20:30:54 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/03/15 20:30:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/03/15 20:30:50 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/03/15 20:30:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/03/15 20:30:49 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/03/15 20:30:49 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/03/15 20:30:47 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/03/15 20:30:47 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/03/15 20:30:47 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/03/15 20:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Digital Delivery
[2013/03/13 10:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 10:43:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/13 06:43:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/03/13 06:42:54 | 000,000,000 | ---D | C] -- C:\23486ff927f0f78691e0d6a5
========== Files - Modified Within 30 Days ==========
[2013/04/07 12:41:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/04/07 12:38:40 | 001,859,760 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/07 12:38:10 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/04/07 12:38:10 | 000,007,466 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/07 12:38:10 | 000,000,855 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/07 12:38:06 | 000,002,575 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/04/07 12:35:44 | 000,001,300 | ---- | M] () -- C:\Users\Kathy\Desktop\Norton Installation Files.lnk
[2013/04/07 12:35:18 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 12:35:18 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/07 12:32:37 | 000,779,788 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/04/07 12:32:37 | 000,660,770 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/04/07 12:32:37 | 000,121,408 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/04/07 12:27:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/04/07 12:27:38 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 21:39:09 | 000,001,103 | ---- | M] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/05 21:38:04 | 009,918,712 | ---- | M] (VS Revo Group ) -- C:\Users\Kathy\Desktop\RevoUninProSetup.exe
[2013/04/03 17:30:26 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | M] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | M] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | M] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/02 20:21:49 | 000,017,430 | ---- | M] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | M] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:08:20 | 000,026,098 | ---- | M] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 20:57:56 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/03/31 20:45:57 | 005,045,447 | R--- | M] (Swearware) -- C:\Users\Kathy\Desktop\ComboFix.exe
[2013/03/31 14:13:21 | 000,054,450 | ---- | M] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 19:26:52 | 002,218,636 | ---- | M] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:29 | 000,000,121 | ---- | M] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:49:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kathy\Desktop\OTL.exe
[2013/03/29 21:42:13 | 000,000,062 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | M] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:54:28 | 671,966,193 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/03/28 18:46:58 | 000,003,534 | ---- | M] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/28 18:41:44 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/03/25 22:23:30 | 000,468,776 | ---- | M] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | M] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2013/03/12 22:41:18 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/03/12 22:41:18 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/12 19:42:07 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\SyncUP.lnk
[2013/03/12 19:40:49 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Nero Blu-ray Player.lnk
========== Files Created - No Company Name ==========
[2013/04/07 12:38:11 | 001,859,760 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013/04/07 12:38:10 | 000,007,466 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/04/07 12:38:10 | 000,000,855 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/04/07 12:38:06 | 000,002,575 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013/04/07 12:37:40 | 000,014,818 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymVTcer.dat
[2013/04/07 12:37:40 | 000,003,434 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA.inf
[2013/04/07 12:37:40 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS.inf
[2013/04/07 12:37:40 | 000,001,440 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymNet.inf
[2013/04/07 12:37:40 | 000,001,438 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.inf
[2013/04/07 12:37:40 | 000,001,420 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.inf
[2013/04/07 12:37:40 | 000,000,996 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\symELAM.inf
[2013/04/07 12:37:40 | 000,000,853 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccSetx64.inf
[2013/04/07 12:37:40 | 000,000,767 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\Iron.inf
[2013/04/07 12:37:39 | 000,009,670 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymELAM64.cat
[2013/04/07 12:37:39 | 000,007,611 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.cat
[2013/04/07 12:37:39 | 000,007,601 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\symnet64.cat
[2013/04/07 12:37:39 | 000,007,593 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\iron.cat
[2013/04/07 12:37:39 | 000,007,589 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtspx64.cat
[2013/04/07 12:37:39 | 000,007,587 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymEFA64.cat
[2013/04/07 12:37:39 | 000,007,585 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\srtsp64.cat
[2013/04/07 12:37:39 | 000,007,581 | R--- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\SymDS64.cat
[2013/04/07 12:37:39 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\NISx64\1403000.024\isolate.ini
[2013/04/07 12:35:44 | 000,001,300 | ---- | C] () -- C:\Users\Kathy\Desktop\Norton Installation Files.lnk
[2013/04/05 21:39:09 | 000,001,103 | ---- | C] () -- C:\Users\Kathy\Application Data\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk
[2013/04/05 21:39:09 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/04/03 17:30:26 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error6.png
[2013/04/03 17:30:08 | 000,017,235 | ---- | C] () -- C:\Users\Kathy\Desktop\error5.png
[2013/04/03 17:29:36 | 000,015,871 | ---- | C] () -- C:\Users\Kathy\Desktop\error4.png
[2013/04/03 17:28:58 | 000,049,729 | ---- | C] () -- C:\Users\Kathy\Desktop\error3.png
[2013/04/01 22:21:46 | 000,017,430 | ---- | C] () -- C:\Users\Kathy\Desktop\OTL.zip
[2013/03/31 21:08:44 | 000,023,728 | ---- | C] () -- C:\Users\Kathy\Desktop\error 2.png
[2013/03/31 21:07:50 | 000,026,098 | ---- | C] () -- C:\Users\Kathy\Desktop\error 1.png
[2013/03/31 14:13:17 | 000,054,450 | ---- | C] () -- C:\Users\Kathy\Desktop\tdss.zip
[2013/03/30 20:01:14 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/03/30 20:01:14 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/03/30 20:01:14 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/03/30 20:01:14 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/03/30 20:01:14 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/03/30 19:26:50 | 002,218,636 | ---- | C] () -- C:\Users\Kathy\Desktop\tdsskiller.zip
[2013/03/29 22:18:22 | 000,000,121 | ---- | C] () -- C:\windows\DeleteOnReboot.bat
[2013/03/29 21:42:13 | 000,000,062 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest Mysteries 2 Trail of the Midnight Heart.url
[2013/03/28 19:37:14 | 000,000,607 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.zip
[2013/03/28 19:33:16 | 000,000,512 | ---- | C] () -- C:\Users\Kathy\Desktop\MBR.dat
[2013/03/28 18:46:58 | 000,003,534 | ---- | C] () -- C:\Users\Kathy\Desktop\attach.zip
[2013/03/28 18:42:27 | 000,002,279 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/03/25 22:23:30 | 000,468,776 | ---- | C] () -- C:\Users\Kathy\Desktop\TeamSpybot-20130325-222328.cab
[2013/03/25 22:23:29 | 000,439,381 | ---- | C] () -- C:\Users\Kathy\Desktop\Desktop-20130325-222328.png
[2013/03/24 11:12:07 | 000,001,302 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2013/03/15 20:43:01 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/05/05 16:19:46 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2012/05/05 16:19:46 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2012/05/05 16:19:46 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2012/05/05 16:19:46 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2012/05/05 16:19:46 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2012/05/05 16:19:46 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2012/05/05 16:19:46 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2012/05/05 16:19:46 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2012/05/05 16:19:46 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2012/05/05 16:19:46 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2012/05/05 16:19:46 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2012/05/05 16:19:46 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2012/05/05 16:19:46 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2012/05/05 16:19:46 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/12/09 03:24:37 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/09 03:24:37 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/09 03:24:37 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/09 03:24:36 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/09 03:24:36 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/09 03:24:03 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/09 03:23:56 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/09 03:23:56 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/09 03:23:56 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/09 03:23:56 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/09 03:23:56 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/09 02:08:03 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/09 02:03:18 | 000,774,004 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/09 02:00:05 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/07/29 07:40:44 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011/07/29 07:40:44 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
========== ZeroAccess Check ==========
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Files - Unicode (All) ==========
[2012/02/13 11:41:59 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
[2012/02/13 11:41:59 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?®) -- C:\windows\SysNative\빐®
========== Alternate Data Streams ==========
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:ED810E46
@Alternate Data Stream - 96 bytes -> C:\ProgramData\Temp:60A4BB64
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:31106FCB
@Alternate Data Stream - 94 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 221 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:A039EDF9
@Alternate Data Stream - 154 bytes -> C:\ProgramData\Temp:96F8F8AB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:E2C51D18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:E83EE313
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:78696BCD
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:EE9B2879
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E21987F7
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:C6104C4F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:EA10407C
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:8866C899
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:3D6B89CE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:DE6EED8B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:A73595DE
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:24C89EFC
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:BE6B5FC3
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:B6E58523
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:F8F070C2
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:CBAB74CB
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:25F31665
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:254AD2ED
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:C72A744C
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:A6345BDA
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:93B68122
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:072CBE6D
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:F3A27FDE
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:DF0DB8AB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:61B54B15
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:5ACE199E
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:A02025CE
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:5C5F2761
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:217A2324
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:EFF3C3C8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:583FE1DA
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:EBCF5924
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:9A7BF72D
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:60E0AB2A
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4E243396
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EFBD4447
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:E3B5F2D1
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:4A01545C
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:3BC173E4
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0410A323
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:91FFEC32
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:5C42F64A
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4AA3DAA3
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:0F3F6B1E
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:F5E8CAE0
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:CD9109D4
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:C434694E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:F67947AF
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E895790F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:A76A1B1B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:C76CFF82
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:934CA750
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:53DF4438
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:391535F9
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A8DFD30C
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7FD60FAD
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:43982D5E
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:4244811A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:FD7DCDA6
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:DE9AC04F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:937C8022
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7BB20DE8
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5EFEB6A1
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5A9F1AE5
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:5539129F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:3B454A5C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:CB16385F
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:7D04F8E2
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:6E65510A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2F474C84
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:2A874675
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:74B9EA7F
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36FFA2FB
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E945C214
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:134FBDE2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B38BEEEE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:B36361EE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:6BEADDC0
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:2636DE16
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F1C8B957
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:ED51D3ED
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:0CEE6109
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:084612C9
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:85EA4795
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:F2327E82
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:E6CDFB4A
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:93D985FC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:769BB147
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4EE95FE7
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:D9592966
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:302ECBD6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D7D0B4AF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:BD27B7FC
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A05F750A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6401C7FF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1B7E2022
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:E80802C7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:C9CDDE5E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:DE9F4320
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:57619D72
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:070D9534
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F7401CCF
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:F0A06891
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E6B95E40
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:B0EB578B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:95079543
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:7C412B92
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:48862C37
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:F41E22A9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:03A039A3
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:517EFA90
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:4DDE401B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:33B04540
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:B3433EF1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:86B7FDDB
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:43301D1D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:C0A9D0E7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:A4F63AED
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:6407DD2D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2E0B7D8A
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:620EC79A
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:7CEDF9F3
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:C36B1175
@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:3C282BEA
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DBEF355E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:90D89144
< End of report >
Hi josie869,
Your log appears to be clean. We have a few items to take care of before we get to the All Clean Speech.
= = = = = = = = = =
The following will implement important cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bold text into the Run box and click OK:
ComboFix /Uninstall
(Note the space between the ..X and the /U, it needs to be there.)
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Combofix_uninstall_image.jpg
- - - - - Next - - - - -
Clean up with OTL:
Right-click OTL.exe select "Run as Administrator" to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.
- - - - - Next - - - - -
You can now delete any tools and/or logs remaining on your desktop.
- - - - - Next - - - - -
Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
Java™ 6 Update 27 (64-bit)
Java™ 6 Update 31
- - - - - Next - - - - -
Get the current version of Java (Version 7 Update 17) by going to http://java.com/en/download/installed.jsp
Select the Verify Java Version button and follow the onscreen instructions to update if necessary.
- - - - - Next - - - - -
Even though I just had you get the latest version of Java, there is a vulnerability with regards to Java and web browsers. Therefore, we recommend to disable java in web browsers.
More information can be found here: http://www.techsupportforum.com/forums/f50/disable-java-in-browsers-683721.html
Disable Java in Web Browsers
Click on the Start button and then click on the Control Panel option.
In the Control Panel Search enter Java Control Panel.
Click on the Java icon to open the Java Control Panel.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable1_zps19e32961.jpg
Disable Java through the Java Control Panel
In the Java Control Panel, click on the Security tab.
Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser.
Click Apply. When the Windows User Account Control (UAC) dialog appears, allow permissions to make the changes.
Click OK in the Java Plug-in confirmation window.
Restart the browser for changes to take effect.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/javadisable2_zps5a2f5c6d.jpg
= = = = = = = = = =
With the above items taken care of let's move on to the All Clean part of the process.
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
Here are some tips to reduce the potential for spyware infection in the future:
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:
NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)
Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
Free Anti-Virus
Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)
Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)
Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.
WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
josie869
2013-04-09, 01:05
seems to be ok. The norton antivirus I have has a firewall
I'll pass the reading along to my mom since it was her computer. Thanks so much for all of your help!
I installed the add ons for firefox that you suggested. I've told her not to you IE
Thank you again for all of your help!
josie869
2013-04-09, 02:35
ok after installing those add on's to firefox, all she gets is a blank page on facebook
you can see the title bar but that's it
Hi josie869,
You're welcome, glad I was able to help. :bigthumb:
Please try this:
Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
In Firefox, Options
Select Options
Select Privacy tab
Find the section that reads: You might want to clear your recent history or remove individual cookies
Select clear your recent history
Click the Details drop-down arrow
Make sure a check mark is placed in the following boxes:
Cookies
Cache
Next select the Time Range to Clear drop-down menu
Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
Click Clear Now
Reboot
Check to see if you still have the Facebook page issue, if so get a screenshot and post it in your next reply.
josie869
2013-04-10, 00:19
still the same problem - see attached
I am able to access facebook from IE
Hi Josie869,
Some of the recommended items listed in my instructions may restrict some of the functionality of some web sites similar as to what you are experiencing with Facebook. Not all the recommendations need to be followed if they degrade the use of your computer.
I believe that the NoScript add-on is the one causing the issue. Please try this:
Launch Firefox, click the Firefox drop-down arrow in the top left corner of the browser.
Select Add-ons, locate the NoScript add-on
Click the Options button
On the Whitelist tab, enter www.facebook.com or facebook.com
Click OK, Restart Firefox
See if that corrects the issue with Facebook
If you encounter this same issue on other pages please do the following:
In the bottom right hand corner of your web browser you will see an Options button if NoScript is blocking something on the page you are trying to view.
Click the Options button, and find the line that says to Allow the page and select it.
Once you have allowed a site, just click the "x" to hide the menu bar at the bottom of the page.
josie869
2013-04-11, 00:36
it only seems to work if I disable noscript
Hi josie869,
Let's go ahead and just disable NoScript.
Disable Extensions in Firefox
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to remove.
NoScript
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
Any remaining issues?
josie869
2013-04-12, 02:21
firefox occasionally freezes now . I also disabled the norton tool bar to see if that helps
Hi josie869,
firefox occasionally freezes nowCan you give a bit more detail? i.e. what were you attempting to do, single tab or multiple tabs, surfing the Internet, watching videos ...
Hi josie869,
Try each of these steps in order, checking the browser status after each step. If you complete a step and it corrects the issue, there is no need to complete the remainder of the steps.
= = = = = = = = = = = = = = = = = = = =
Update Firefox
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Options, Options (again).
On the Update tab, select the radio button next to Automatically install updates.
Select OK
- - - - - Next - - - - -
Disable Extensions in Firefox
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select all the add-on you to disable. (one at a time)
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
- - - - - Next - - - - -
Reset Firefox to its default state
At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu
(on Windows XP, click the Help menu at the top of the Firefox window) and select Troubleshooting Information.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/restfirefox1.png
Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/resetfirefox2.png
To continue, click Reset Firefox in the confirmation window that opens.
Firefox will close and be reset. When it's done, a window will list the information that was imported. Click Finish and Firefox will open.
- - - - - Next - - - - -
Show Hidden Files & Folders in Windows 7
To show hidden files, just click on the Organize button in any folder, and then select “Folder and Search Options” from the menu.
Click the View tab, and then you should select “Show hidden files and folders” in the list.
Then click OK.
- - - - - Next - - - - -
Remove Mozilla Firefox Completely:
Exit Firefox completely
Go to the Control Panel > > Programs and Features
Select Mozilla Firefox (all versions, one at a time) and click Uninstall
You may be prompted with and option to "Remove my Firefox personal data and customization". This will also remove your Firefox user profile data (bookmarks, passwords, cookies, extensions, preferences, etc.)
DO NOT select this option if you want to keep your Firefox profile data and settings.
Delete the Firefox installation directory located here: C:\Program Files\Mozilla Firefox
Delete the Firefox folder that contains temporary data located here:
C:\Users\<username>\AppData\Local\Mozilla\Firefox
C:\Users\<username>\AppData\Local\VirtualStore\Program Files\Mozilla Firefox (if it exists)
Remove the Mozilla Firefox desktop icon if it still is present.Re-Hide Files and Folders
Reboot your computer to ensure changes have taken effect.
Hi josie869,
Did our last steps resolve the Firefox issues?
josie869
2013-04-17, 00:49
yes, seems to be know. Firfox pdated so that seems to have resolved the issue. Thanks again.
Hi josie869,
Glad we were able to get everything resolved. If there are no other issues, you are good to go. :bigthumb:
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.