View Full Version : SevereWeatherAlerts
steve100254
2014-01-05, 09:51
Hi:
Thanks for the earlier heads-up! I can see that this site is going to be TOTALLY different than my past experiences with malware removal. I can't seem to permanently get rid of SWA from my registry. Every time i delete it...it comes back. Even after startup and getting rid of temp files, etc. then going into regedit...nothing seems to permanently remove it. I get all kinds of unwanted pop up ads directed at whatever i am looking at at the time.
I am currently running in safe mode because I tried adding the zip file
aswMBR and my computer just kept opening up multiple files. This happens every time i try to open a download from my save download files. I am sending you the dds files and will try to send the aswMBR later if you request. Thanks!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16526 BrowserJavaVersion: 1.6.0_23
Run by m at 3:16:54 on 2014-01-05
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.1282 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\lxblcoms.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\loggingserver.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\ehome\ehtray.exe
C:\iCloudServices.exe
C:\ApplePhotoStreams.exe
C:\BookmarkDAV_client.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/
mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: GreatArcadeHits Add-on: {D0C21091-FF8E-432C-9006-0540E81BA9D7} - C:\Users\m\AppData\Local\GreatArcadeHits\GreatArcadeHitsIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: Fast Free Converter 3.0: {DDA5D4B3-468F-4D62-9092-75142C6169B1} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [iCloudServices] C:\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe
mRun: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
mRun: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
mRun: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
mRun: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
mRun: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
mRun: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Bonus.SSR.FR11] "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [BrowserSafeguard] "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
mRunOnce: [Del2994673] cmd.exe /Q /D /c del "C:\Users\m\AppData\Local\Temp\0.del"
mRunOnce: [Del3018166] cmd.exe /Q /D /c del "C:\Users\m\AppData\Local\Temp\0.del"
mRunOnce: [DelTr941689957] cmd.exe /c rd /s /q "C:\Users\m\AppData\Roaming\mysearchdial"
mRunOnce: [Browsersafeguard-pitch-unmonetized Data Uninstall] cmd /C rd /Q /S "C:\Program Files (x86)\Browsersafeguard"
StartupFolder: C:\Users\m\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\m\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~2.LNK - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe
StartupFolder: C:\Users\m\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SEVERE~1.LNK - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SCANSN~1.LNK - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.2.0\ViProtocol.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.exe
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableLUA = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-12-6 46368]
R2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [2011-8-18 819976]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2013-12-16 2251552]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=2F9630E0-BFBC-4F45-AC8E-0326A70FF337 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=2F9630E0-BFBC-4F45-AC8E-0326A70FF337 [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
R2 lxbl_device;lxbl_device;C:\Windows\System32\lxblcoms.exe -service --> C:\Windows\System32\lxblcoms.exe -service [?]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-2-18 91392]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-11-9 1153368]
R2 vToolbarUpdater17.2.0;vToolbarUpdater17.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [2013-12-6 1771544]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2009-10-7 30232]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2009-3-6 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2009-3-8 319840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca25c6b92bacc0;Google Update Service (gupdate1ca25c6b92bacc0);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-8-25 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-11-6 239104]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2010-3-19 271640]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-3-19 327704]
S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-3-19 6379288]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\System32\drivers\RTL8192su.sys [2010-9-29 629864]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-7-20 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-12-17 12:10:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-17 12:10:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-06 17:14:47 46368 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-15 02:09:03 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-11-15 01:42:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-11-15 01:37:29 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-15 01:29:33 1347072 ----a-w- C:\Windows\System32\urlmon.dll
2013-11-15 01:29:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-11-15 01:28:41 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-15 01:28:00 237056 ----a-w- C:\Windows\System32\url.dll
2013-11-15 01:25:24 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-11-15 01:22:21 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-15 01:20:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-11-15 01:20:45 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-11-15 01:19:54 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-11-15 01:19:47 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-11-15 01:18:24 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-11-15 01:18:03 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-15 01:12:57 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-11-14 23:13:33 12344320 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-11-14 22:50:50 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-14 22:50:06 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-11-14 22:43:24 1105408 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-11-14 22:42:41 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-14 22:42:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-14 22:41:18 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-11-14 22:40:04 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-11-14 22:38:54 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-11-14 22:38:35 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-11-14 22:38:16 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-11-14 22:37:32 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-11-14 22:36:16 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-11-14 22:36:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-11-14 22:35:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-14 22:32:56 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-30 04:34:52 1386496 ----a-w- C:\Windows\System32\WMALFXGFXDSP.dll
2013-10-30 04:34:21 374784 ----a-w- C:\Windows\System32\SysFxUI.dll
2013-10-30 03:55:25 122368 ----a-w- C:\Windows\System32\drivers\drmk.sys
2013-10-30 02:33:31 218112 ----a-w- C:\Windows\System32\drivers\portcls.sys
2013-10-30 02:10:03 2776064 ----a-w- C:\Windows\System32\win32k.sys
2013-10-22 09:31:05 79360 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-22 07:19:59 158208 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 15:18:44 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-10-11 04:27:20 144384 ----a-w- C:\Windows\System32\wshom.ocx
2013-10-11 04:26:04 198656 ----a-w- C:\Windows\System32\scrrun.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:19:13 166912 ----a-w- C:\Windows\System32\wscript.exe
2013-10-11 02:19:11 147968 ----a-w- C:\Windows\System32\cscript.exe
2013-10-11 02:08:55 36864 ----a-w- C:\Windows\SysWow64\wshcon.dll
2013-10-11 02:08:55 131072 ----a-w- C:\Windows\SysWow64\wshom.ocx
2013-10-11 02:08:35 172032 ----a-w- C:\Windows\SysWow64\scrrun.dll
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-11 00:35:42 135168 ----a-w- C:\Windows\SysWow64\cscript.exe
2013-10-11 00:35:41 155648 ----a-w- C:\Windows\SysWow64\wscript.exe
.
============= FINISH: 3:17:52.83 ===============
:welcome:
You have some bad things going on.
C:\Program Files\Level Quality Watcher <-- See if you can uninstall this via Programs and Features in the Control Panel
I also see entries for SWA
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) by Xplode and save to your Desktop.
Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator (http://windows.microsoft.com/en-US/windows7/How-do-I-run-an-application-once-with-a-full-administrator-access-token).
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
steve100254
2014-01-06, 22:28
Hi:
So i downloaded the cleaner, but did not hit the clean button yet....correct?
# AdwCleaner v3.016 - Report created 06/01/2014 at 16:20:42
# Updated 23/12/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : m - M-PC
# Running from : C:\Users\m\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NVN239B\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
Service Found : Level Quality Watcher
***** [ Files / Folders ] *****
File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Found : C:\Users\m\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\m\Desktop\MySearchDial.url
File Found : C:\Windows\System32\Tasks\AmiUpdXp
File Found : C:\Windows\System32\Tasks\UpdaterEX
File Found : C:\Windows\SysWOW64\AdpeakProxy.dll
File Found : C:\Windows\Tasks\AmiUpdXp.job
File Found : C:\Windows\Tasks\UpdaterEX.job
Folder Found : C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\ParetoLogic
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\apn
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\DriverCure
Folder Found C:\ProgramData\ParetoLogic
Folder Found C:\Users\m\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\m\AppData\Local\Searchprotect
Folder Found C:\Users\m\AppData\Local\SwvUpdater
Folder Found C:\Users\m\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\m\AppData\LocalLow\Conduit
Folder Found C:\Users\m\AppData\Roaming\DriverCure
Folder Found C:\Users\m\AppData\Roaming\UpdaterEX
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\UpdaterEX
Key Found : [x64] HKCU\Software\Ask&Record
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Found : [x64] HKCU\Software\UpdaterEX
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\Adpeak, Inc.
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\.bdc
Key Found : HKLM\SOFTWARE\Classes\.bgl
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Found : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\ParetoLogic
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Scorpion Saver
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
-\\ Mozilla Firefox v
-\\ Google Chrome v32.0.1700.41
[ File : C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found : homepage
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
Found : homepage
Found : search_url
Found : keyword
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [13392 octets] - [06/01/2014 16:20:42]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [13453 octets] ##########
Thanks,
Steve
steve100254
2014-01-06, 22:44
Hi:
I found LQW in the program files, but when I went to delete it a window opened telling me that i did not have the "authoriztion to perform this action". So how do I get around that it the future?
thanks,
Steve
Your doing fine Steve. Lets run the clean function now.
LQW is in the list of files and programs to remove
Double click on AdwCleaner.exe to run the tool again.
Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
http://imageshack.us/a/img841/7292/thisisujrt.gif Please download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
steve100254
2014-01-07, 00:19
While I was waiting for your reply my inquisitiveness got the better of me and I clicked on Level Quality Watcher and tried to open it with Adobe Reader. Now all my .exe files are corrupted. All .exe files default to Adobe Reader. I don't even have a browser! I am working from a different computer right now because I could not do a restore from backup and restore. Sorry to complicate matters...The files did say levelqualitywatcher32 and levelqualitywatcher64 before I tried to read the 64 bit one.
Steve
steve100254
2014-01-07, 01:17
the results:
# AdwCleaner v3.016 - Report created 06/01/2014 at 19:03:58
# Updated 23/12/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : m - M-PC
# Running from : F:\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : CltMngSvc
Service Deleted : Level Quality Watcher
***** [ Files / Folders ] *****
[!] Folder Deleted : C:\ProgramData\apn
[!] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
[!] Folder Deleted : C:\ProgramData\DriverCure
[!] Folder Deleted : C:\ProgramData\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Program Files (x86)\ParetoLogic
[!] Folder Deleted : C:\Program Files (x86)\Searchprotect
[!] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[!] Folder Deleted : C:\Program Files\Level Quality Watcher
[!] Folder Deleted : C:\Users\m\AppData\Local\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\m\AppData\Local\Searchprotect
[!] Folder Deleted : C:\Users\m\AppData\Local\SwvUpdater
[!] Folder Deleted : C:\Users\m\AppData\LocalLow\AVG SafeGuard toolbar
[!] Folder Deleted : C:\Users\m\AppData\LocalLow\Conduit
[!] Folder Deleted : C:\Users\m\AppData\Roaming\DriverCure
[!] Folder Deleted : C:\Users\m\AppData\Roaming\UpdaterEX
[!] Folder Deleted : C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\END
File Deleted : C:\Windows\SysWOW64\AdpeakProxy.dll
File Deleted : C:\Users\m\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\m\Desktop\MySearchDial.url
File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\.bdc
Key Deleted : HKLM\SOFTWARE\Classes\.bgl
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AdpeakProxy.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG SafeGuard toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16526
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
*************************
AdwCleaner[R0].txt - [13642 octets] - [06/01/2014 16:20:42]
AdwCleaner[R1].txt - [13617 octets] - [06/01/2014 19:02:58]
AdwCleaner[S0].txt - [11128 octets] - [06/01/2014 19:03:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11189 octets] ##########
next up JRT
steve100254
2014-01-07, 01:30
And lastly:
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Windows (TM) Vista Home Premium x64
Ran by m on Mon 01/06/2014 at 19:19:37.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sparktrust
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1060933
~~~ Files
Successfully deleted: [File] "C:\Windows\Tasks\driver robot.job"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\m\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\m\appdata\local\browsersafeguard"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
Successfully deleted: [Folder] "C:\Users\m\AppData\Roaming\microsoft\windows\start menu\programs\sparktrust"
Successfully deleted: [Folder] "C:\Windows\freecorder"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 19:27:33.28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Steve, its so important that when you post on this or any forum for help to not do anything on your own. I pointed out that Level Quality Watcher was a bogus program in my previous reply, why on earth did you click on it ? What I need you to do is not do anything else on your own, do not install or run any other programs or uninstall any as well unless we feel you need to
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
steve100254
2014-01-07, 01:55
As I said...sorry...FYI I had Malwarebytes on this unit and it did not solve the problem. I am willing to give it another go however since i have a real live tutor on board. The laptop is already running faster for what that's worth.....and thanks again. this is such a big help
Yes go ahead and run Malwarebytes. First open it, check for updates and then run the Quick scan, if nothing is found let me know, if it finds bad entries than post the log
Then
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
steve100254
2014-01-07, 03:32
As per:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.06.09
Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
m :: M-PC [administrator]
1/6/2014 8:43:34 PM
mbam-log-2014-01-06 (20-43-34).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217735
Time elapsed: 5 minute(s), 38 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 12
C:\Users\m\AppData\Local\Weather_Notifications,_LL (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_gt0dqwoy11fmjoqfabcnup2mk1ggutnn (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_gt0dqwoy11fmjoqfabcnup2mk1ggutnn\1.21.0.0 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\GreatArcadeHits (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\css (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\css\images (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\Dealscompare (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\exe (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\GreatArcade (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Users\m\AppData\Local\Temp\DM\bin\ScorpionSaver (PUP.Optional.BundleInstaller.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\WebexpEnhancedV1 (PUP.Optional.Webexp) -> Quarantined and deleted successfully.
Files Detected: 0
(No malicious items detected)
(end)
steve100254
2014-01-07, 03:54
OTL logfile created on: 1/6/2014 9:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 44.60% Memory free
8.21 Gb Paging File | 6.00 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 110.40 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.87% Space Free | Partition Type: FAT32
Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\m\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
PRC - C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.41\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\f453ecc6bb7fc8d52d61247676944623\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\73d9bc894522543b561a0342dac87c06\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e77e7cdf3072d5a658832b8863ff439e\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09f5b3f7a363b742a73937e818595597\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\c0df7e124d8d5e2821fd7d3921d404f7\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\1eff630f4194c74287d1dd4a859693f7\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\d7153acb7b6ccb5a6a886d6f0ab732b1\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll ()
MOD - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxbl_device) -- C:\Windows\SysNative\lxblcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxbl_device) -- C:\Windows\SysWOW64\lxblcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 98 B8 7B 79 98 CA 01 [binary data]
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\..\SearchScopes\{151B1249-8E35-458B-B185-C26F3E9302B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19853,0,18,0
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
[2013/12/13 09:21:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/13 09:21:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA9366\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [iCloudServices] C:\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2107969619-861180170-1998606369-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46600012-1c97-11df-b5c2-002219e226b6}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{760d926a-5428-11df-8035-b891f863e2fd}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell - "" = AutoRun
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell - "" = AutoRun
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/06 19:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 19:58:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 16:19:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/06 16:09:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2014/01/06 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2014/01/05 02:58:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/01/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_int_changed
[2014/01/02 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_ext_changed
[2013/12/24 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\lisa_pics
[2013/12/20 12:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/12/20 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/20 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/12/13 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
[2013/12/13 09:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/12 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/12 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/12 03:04:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/12 03:04:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/12 03:04:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:04:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:04:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/12 03:04:15 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 03:04:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/12 03:04:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/12 03:04:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/11 13:50:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:50:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:50:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:50:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:50:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:50:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:50:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/11 13:50:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:50:05 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/11 13:50:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:50:05 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 07:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 12:55:32 | 000,492,032 | R--- | C] (Macrovision Corporation) -- C:\Users\m\ISSetup.dll
[2013/03/17 12:55:32 | 000,456,528 | R--- | C] (Macrovision Corporation) -- C:\Users\m\setup.exe
[2013/03/17 12:55:25 | 000,385,968 | R--- | C] (Macrovision Corporation) -- C:\Users\m\_Setup.dll
[75 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/01/06 21:36:18 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
[2014/01/06 21:04:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 20:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 19:58:31 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 19:41:57 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/06 19:41:47 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 19:41:22 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2014/01/06 19:41:22 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2014/01/06 19:41:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 19:41:20 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 19:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 19:40:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/06 19:06:34 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 19:03:26 | 000,703,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 19:03:26 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 19:03:26 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/06 16:35:34 | 000,000,413 | ---- | M] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/06 14:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/01/05 03:28:16 | 000,000,429 | ---- | M] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/05 02:58:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:13:23 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2014/01/02 16:10:41 | 000,000,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/01/02 16:10:33 | 000,001,190 | ---- | M] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/01/02 13:19:35 | 000,051,712 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 01:40:50 | 000,000,098 | ---- | M] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | M] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,002,051 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 10:14:32 | 000,000,970 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | M] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/17 07:10:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 17:45:03 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/10 07:10:41 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[75 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/01/06 19:58:31 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 16:35:34 | 000,000,413 | ---- | C] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/05 03:28:16 | 000,000,429 | ---- | C] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/02 16:10:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/02 16:10:33 | 000,001,190 | ---- | C] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2013/12/29 01:40:50 | 000,000,098 | ---- | C] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | C] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,000,907 | ---- | C] () -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | C] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 07:06:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2013/12/17 07:06:25 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2013/12/10 07:10:41 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/06 12:15:15 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/13 12:12:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/05/31 16:25:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 13:02:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2013/03/17 12:56:06 | 000,000,693 | ---- | C] () -- C:\Users\m\ScanSnap Manager settings.lnk
[2013/03/17 12:56:06 | 000,000,685 | ---- | C] () -- C:\Users\m\ScanSnap Operator's Guide.lnk
[2013/03/17 12:56:06 | 000,000,645 | ---- | C] () -- C:\Users\m\Readme.lnk
[2013/03/17 12:56:06 | 000,000,593 | ---- | C] () -- C:\Users\m\ScanSnap Manager.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\Startup Register.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\License Agreement.lnk
[2013/03/17 12:55:32 | 000,262,923 | R--- | C] () -- C:\Users\m\setup.inx
[2013/03/17 12:55:32 | 000,005,632 | ---- | C] () -- C:\Users\m\ScanSnap_Prv.prp
[2013/03/17 12:55:32 | 000,004,096 | ---- | C] () -- C:\Users\m\PfuSsMon.fcd
[2013/03/17 12:55:32 | 000,002,453 | ---- | C] () -- C:\Users\m\PfuSsMon32.cfg
[2013/03/17 12:55:32 | 000,000,591 | R--- | C] () -- C:\Users\m\layout.bin
[2013/03/17 12:55:32 | 000,000,076 | R--- | C] () -- C:\Users\m\PfuSsMon.ini
[2013/03/17 12:55:25 | 142,520,210 | R--- | C] () -- C:\Users\m\data2.cab
[2013/03/17 12:55:25 | 001,360,401 | R--- | C] () -- C:\Users\m\data1.cab
[2013/03/17 12:55:25 | 000,163,358 | R--- | C] () -- C:\Users\m\data1.hdr
[2013/03/17 12:55:25 | 000,000,286 | ---- | C] () -- C:\Users\m\ConfigList.cfg
[2013/03/17 12:55:25 | 000,000,060 | ---- | C] () -- C:\Users\m\AppID.cfg
[2013/01/27 14:27:13 | 000,905,728 | -HS- | C] () -- C:\Users\m\ehthumbs_vista.db
[2012/12/31 12:55:49 | 000,024,226 | ---- | C] () -- C:\Users\m\AppData\Roaming\UserTile.png
[2012/04/24 14:44:05 | 000,000,288 | ---- | C] () -- C:\Users\m\AppData\Roaming\.backup.dm
[2011/07/26 16:06:08 | 000,000,552 | ---- | C] () -- C:\Users\m\AppData\Local\d3d8caps.dat
[2011/07/12 07:55:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F3FE1A34-98FB-47FE-BD0D-2324E8BB19FD}
[2011/07/11 21:08:46 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F8B064F1-9717-436F-911E-42126E10CF0B}
[2011/07/07 19:50:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{1A0BBB3D-A412-47C8-9AA7-CFF5E223B030}
[2010/11/05 05:58:20 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat
[2010/11/04 04:42:42 | 000,051,712 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:22:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 16:44:40 | 000,582,737 | ---- | C] () -- C:\Users\m\USA-829-Member-Directory-2009-11-web.pdf
[2009/10/11 04:19:48 | 000,001,566 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2009/11/19 18:40:42 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Blitware
[2010/11/02 19:37:12 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Cakewalk
[2011/02/03 05:49:27 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/01/06 20:20:45 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Dropbox
[2014/01/06 16:09:17 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2011/08/08 10:48:47 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\FileZilla
[2013/03/17 13:21:59 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Fujitsu
[2010/03/19 18:03:10 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Leadertech
[2013/03/17 13:05:52 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\PFU
[2013/12/06 12:14:46 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\SmartPCFix
[2009/11/06 09:34:14 | 000,000,000 | ---D | M] -- C:\Users\m\AppData\Roaming\Template
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
steve100254
2014-01-07, 03:55
OTL Extras logfile created on: 1/6/2014 9:36:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 1.78 Gb Available Physical Memory | 44.60% Memory free
8.21 Gb Paging File | 6.00 Gb Available in Paging File | 73.15% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 110.40 Gb Free Space | 38.96% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.37 Gb Free Space | 98.87% Space Free | Partition Type: FAT32
Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 19 4D F7 13 18 B1 CA 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22DB104F-E75E-4F1A-9D34-EE27857B13B0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2D627208-2567-4C00-B2C9-D246EE9FC26F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{330A5DB9-195B-41DD-8B26-B1A3E13D4F8D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3C19EE42-7C3D-43A0-84DB-93286C339E6C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{47F9EAAC-49D5-4249-B425-0A2CF1F6433E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5A22BEBF-191A-4893-A4C0-6CB9C47D5AC0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7B20AAE8-5397-4C25-A505-ADCBDE538A75}" = lport=23 | protocol=6 | dir=out | name=zoom_x6_dsl_port23 |
"{87A513C4-0EED-454D-A1F1-59158B7BE0BD}" = lport=139 | protocol=6 | dir=in | app=system |
"{87FF3179-93CC-4D59-BEBB-29D8E8F401A9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{97D2E87C-A31B-4815-9220-9A515CD1B9F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{AAB431B3-BF93-4E7D-AC4D-CDC79D32A2BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{BB2C3603-1E8B-47A8-8DE9-7C3999D1A584}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D1EBAA34-D2AA-4958-9600-9EBE2E09995E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D721E65F-8E88-41D9-AC54-661CA259E22D}" = lport=138 | protocol=17 | dir=in | app=system |
"{DFE1A9F1-D675-448D-812C-F71EBB25DEA1}" = lport=445 | protocol=6 | dir=in | app=system |
"{E5266E7B-EC3F-45FB-8724-CAF4BFAFDB6C}" = rport=139 | protocol=6 | dir=out | app=system |
"{E774C226-C9DF-44B6-9490-01AEBA214471}" = lport=137 | protocol=17 | dir=in | app=system |
"{ECB30B90-7B6D-4CDC-B29B-79CED3A78B9D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FAF59568-5271-4F34-ADCE-E8076E18F1B6}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F50F7F9-47FC-4F91-BBFD-62BCFD8524D7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0F805077-DE9C-4835-9EAF-15403B61D7C4}" = protocol=6 | dir=in | app=c:\program files (x86)\hijack2\antitheft.exe |
"{112A0F03-3106-4EB2-A792-B9C1EEFA9985}" = dir=in | app=c:\users\m\appdata\local\gcc\controller.exe |
"{12E061F2-1F34-499F-A300-D6D8A4997CF5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1EA67CA4-73CD-42C5-B283-5E92D0136BAF}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FB18A2E-FA23-490A-89E6-E81532837AD8}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxblcoms.exe |
"{258D4469-104B-4B6A-B316-3B694155C1DC}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{31457405-CF41-4B0D-AA77-78C6C893AB76}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{318FCB5B-57A3-465B-BA52-8B1394F4EABA}" = protocol=17 | dir=in | app=c:\users\m\appdata\roaming\dropbox\bin\dropbox.exe |
"{3381D814-1BCF-44D1-B4F4-F1E998CCBED1}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxblpswx.exe |
"{3A017815-C7A6-4BAA-BF0B-3559235040B6}" = protocol=6 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{4FB2DFFE-AA23-4E0D-8F4A-47CDCE3455E3}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\devicesetup.exe |
"{59FEB135-7A8A-4390-BF35-1C6FAC242EA4}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |
"{657D25C8-8E93-45E9-B228-A800C3869241}" = protocol=17 | dir=in | app=c:\users\m\appdata\roaming\dropbox\bin\dropbox.exe |
"{733B0E37-C949-47B5-B7F6-C283E023D3F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxblcoms.exe |
"{7A5FF589-9D21-4E6F-9B65-D7C0AA9527F2}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7A615D6F-5596-4E73-8677-4CE0703D4A75}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8C9853E2-7213-46D5-BEA8-CC0911BE88E1}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{90F2DD15-496A-41F3-92F2-71DD30D469ED}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxblpswx.exe |
"{95C0CC4B-D54A-460E-A893-C0024CE3E3D2}" = dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicatorcom.exe |
"{9FADA657-4604-46F0-9D39-086C6545CBDD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A29F0DDA-0E90-418C-8765-9677A094E937}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A3612C9A-B2D6-4556-8273-C34EDFC3A4DC}" = protocol=17 | dir=in | app=c:\program files (x86)\hijack2\antitheft.exe |
"{BA93860C-A6A6-4B31-BA1F-2D8C684C10D2}" = protocol=17 | dir=in | app=c:\windows\system32\lxblcoms.exe |
"{D38C4D05-F817-41B6-8CCB-F1FB817AE774}" = protocol=6 | dir=in | app=c:\users\m\appdata\roaming\dropbox\bin\dropbox.exe |
"{D6F36C73-7DFB-42BC-8C17-4DBFF22A507B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D749B7EF-731C-4273-9D05-368227E5CF6C}" = protocol=6 | dir=in | app=c:\users\m\appdata\roaming\dropbox\bin\dropbox.exe |
"{D944796F-F828-47B3-84B7-544BC0750F61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E1BEE183-0A05-4951-9086-9EF2E97A9EFD}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E2C0C34E-351A-4AC4-B309-488EED2DA5CB}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{EE69F904-267F-4FB5-BC67-42B577552A05}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F72DDBD6-D9B4-4160-BAD9-0FBC45DCD347}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{462DDA4C-A564-4733-9393-5E25B462657E}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
"TCP Query User{9B5CA8D4-FADA-441E-B6D4-9EF8D5C52305}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{C751E18A-E33B-456A-823D-D0BAA42D787E}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{4BDE91EB-C3F8-434A-A155-06E0553196AF}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"UDP Query User{4F849B86-CB93-482F-B2A9-EDAE28A50B91}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{6813B44C-25A8-4D61-ADAB-90E0935A1735}C:\program files (x86)\logitech\logitech vid\vid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\logitech vid\vid.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = Bluetooth by hp 6.0.1.5000
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{18CFBCD3-2EAD-4F49-FC0F-9039B23043A2}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95D11240-5C27-4FEF-855E-57AF99C1A538}" = Motorola Driver Installation 4.2.0
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{ABA4FAF1-6389-45F9-92CE-3914A4E5C471}" = PaperPort Image Printer 64-bit
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF43B48-42A1-4967-9506-7E341BBD075F}" = HP Photosmart 5510 series Basic Device Software
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F0E881D1-3487-82B2-1B85-583D79FBD4B4}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Creative OA001" = Integrated Webcam Driver (1.06.03.0309)
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{030DA939-8C01-4240-BEFB-A0B6791A7E30}" = Zoom ADSL Modem
"{11D03BF4-A66F-325E-7762-4F64586C673F}" = Catalyst Control Center Graphics Full New
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{23170F69-40C1-2701-0921-000001000000}" = 7-Zip 9.21
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C3CD30-2DF4-FEFA-3F4E-D6C1C3257FCE}" = ccc-core-static
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{35827710-D042-428B-A1E5-E20E12D2FEB9}" = SparkTrust PC Cleaner Plus
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{496C34BF-9DE5-9628-48CC-052DD6A8453E}" = Catalyst Control Center Core Implementation
"{4CA09BF7-1CFC-44B8-80EA-7B4D15D12DC5}" = Catalyst Control Center - Branding
"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79FBDD2E-DD2B-141A-DCF0-B8C125B5A008}" = Catalyst Control Center Graphics Previews Vista
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94055A4F-6F4D-4F6D-85DB-893070B0BE7F}" = Verizon Wireless Software Upgrade Assistant - Samsung
"{94333A1C-DC4A-E70F-FA92-16AB6F2443D6}" = Catalyst Control Center Graphics Full Existing
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974BBAF1-048D-4230-2254-62FEA00B18E9}" = Skins
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{998D91BE-65FE-8B9D-5C6E-1D52401EAAA1}" = CCC Help English
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A4874CD2-6942-E7A7-3690-277B9CB56DF5}" = Catalyst Control Center Graphics Light
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B578DD15-CB17-CBB8-611E-D1AE7D5568AC}" = Catalyst Control Center Graphics Previews Common
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F1100000-0008-0000-0001-074957833700}" = ABBYY FineReader 11
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"FileAssociationManager" = File Association Manager
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Matts Free Keyword Tool_is1" = Matts Free Keyword Tool
"SONARLE_is1" = SONAR 6 LE
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2107969619-861180170-1998606369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Broadcom Wireless LAN Events ]
Error - 8/15/2013 3:41:02 AM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 03:41:02, Thu, Aug 15, 13 Error - Unable to gain access to user store
Error - 11/14/2013 4:24:28 AM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 03:24:28, Thu, Nov 14, 13 Error - Unable to gain access to user store
Error - 11/14/2013 4:24:28 AM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 03:24:28, Thu, Nov 14, 13 Error - Unable to decrypt string
Error - 1/6/2014 6:27:20 PM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 17:27:20, Mon, Jan 06, 14 Error - User "" does not have administrative
privileges on this system
Error - 1/6/2014 8:08:13 PM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 19:08:13, Mon, Jan 06, 14 Error - Unable to decrypt string
Error - 1/6/2014 8:08:13 PM | Computer Name = m-PC | Source = WLAN-Tray | ID = 0
Description = 19:08:13, Mon, Jan 06, 14 Error - Unable to gain access to user store
[ OSession Events ]
Error - 5/21/2013 6:17:43 AM | Computer Name = m-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 18, Application Name: Picture Manager, Application Version: 12.0.6606.1000,
Microsoft Office Version: 12.0.6612.1000. This session lasted 345 seconds with
300 seconds of active time. This session ended with a crash.
< End of report >
Hi :)
Open OTL.exe
Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:OTL
PRC - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
MOD - C:\Users\m\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtBtByD0FyD0E0E0CtCyC0CtAyD0BtN0D0Tzu0SyBtBtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=84936505&ir=
[2013/12/13 09:21:10 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA9366\FF
:Services
:Reg
:Files
ipconfig /flushdns /c
C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1
:Commands
[purity]
[resethosts]
[EMPTYJAVA]
[emptytemp]
[start explorer]
[Reboot]
Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces
Then run a new scan with OTL and post the new log please
steve100254
2014-01-07, 05:02
All processes killed
========== OTL ==========
No active process named SevereWeatherAlertsApp.exe was found!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
F:\cmd.bat deleted successfully.
F:\cmd.txt deleted successfully.
File\Folder C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1 not found.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
[EMPTYJAVA]
User: All Users
User: AppData
User: Default
User: Default User
User: m
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: AppData
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: m
->Temp folder emptied: 133586806 bytes
->Temporary Internet Files folder emptied: 4287661704 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 15709830 bytes
->Google Chrome cache emptied: 46008316 bytes
->Flash cache emptied: 42725 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24162404330 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37812797 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 35782663 bytes
RecycleBin emptied: 2803048 bytes
Total Files Cleaned = 27,391.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 01062014_223256
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
C:\Users\m\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\m\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2NVN239B\showthread[3].htm moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
steve100254
2014-01-07, 05:57
OTL logfile created on: 1/6/2014 11:01:39 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 1.61 Gb Available Physical Memory | 40.42% Memory free
8.16 Gb Paging File | 5.50 Gb Available in Paging File | 67.45% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 137.33 Gb Free Space | 48.46% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.36 Gb Free Space | 98.84% Space Free | Partition Type: FAT32
Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV:64bit: - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxbl_device) -- C:\Windows\SysNative\lxblcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxbl_device) -- C:\Windows\SysWOW64\lxblcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 98 B8 7B 79 98 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{151B1249-8E35-458B-B185-C26F3E9302B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19853,0,18,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\plugins
[2014/01/06 22:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/06 22:32:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46600012-1c97-11df-b5c2-002219e226b6}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{760d926a-5428-11df-8035-b891f863e2fd}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell - "" = AutoRun
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell - "" = AutoRun
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/06 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/06 22:09:58 | 022,370,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2014/01/06 22:09:58 | 003,449,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2014/01/06 22:09:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2014/01/06 22:09:58 | 001,776,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2014/01/06 22:09:58 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2014/01/06 22:09:58 | 000,647,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2014/01/06 22:09:58 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2014/01/06 22:09:58 | 000,393,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2014/01/06 22:09:58 | 000,302,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2014/01/06 22:09:58 | 000,276,592 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2014/01/06 22:09:58 | 000,275,568 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2014/01/06 22:09:58 | 000,194,552 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2014/01/06 22:09:58 | 000,170,960 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2014/01/06 22:09:58 | 000,153,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2014/01/06 22:09:58 | 000,130,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2014/01/06 22:09:58 | 000,119,408 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2014/01/06 22:09:58 | 000,117,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2014/01/06 22:09:58 | 000,108,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2014/01/06 22:09:58 | 000,092,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2014/01/06 22:09:58 | 000,075,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2014/01/06 22:09:58 | 000,053,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2014/01/06 22:09:58 | 000,028,272 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2014/01/06 22:09:58 | 000,020,080 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2014/01/06 22:09:58 | 000,018,544 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2014/01/06 22:09:58 | 000,017,008 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\webapprt
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\dictionaries
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2014/01/06 19:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 19:58:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 16:19:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/06 16:09:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2014/01/06 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2014/01/05 02:58:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/01/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_int_changed
[2014/01/02 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_ext_changed
[2013/12/24 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\lisa_pics
[2013/12/20 12:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/12/20 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/20 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/12/13 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
[2013/12/13 09:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/12 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/12 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/12 03:04:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/12 03:04:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/12 03:04:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:04:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:04:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/12 03:04:15 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 03:04:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/12 03:04:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/12 03:04:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/11 13:50:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:50:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:50:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:50:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:50:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:50:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:50:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/11 13:50:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:50:05 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/11 13:50:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:50:05 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 07:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 12:55:32 | 000,492,032 | R--- | C] (Macrovision Corporation) -- C:\Users\m\ISSetup.dll
[2013/03/17 12:55:32 | 000,456,528 | R--- | C] (Macrovision Corporation) -- C:\Users\m\setup.exe
[2013/03/17 12:55:25 | 000,385,968 | R--- | C] (Macrovision Corporation) -- C:\Users\m\_Setup.dll
========== Files - Modified Within 30 Days ==========
[2014/01/06 23:06:53 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
[2014/01/06 23:04:29 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/06 22:55:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/06 22:55:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 22:54:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:54:59 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:54:57 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2014/01/06 22:54:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2014/01/06 22:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 22:53:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/06 22:44:23 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 22:10:06 | 000,000,612 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:06:00 | 000,000,907 | ---- | M] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 19:58:31 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 19:06:34 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 19:03:26 | 000,703,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 19:03:26 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 19:03:26 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/06 16:35:34 | 000,000,413 | ---- | M] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/06 14:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/01/05 03:28:16 | 000,000,429 | ---- | M] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/05 02:58:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:13:23 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2014/01/02 16:10:41 | 000,000,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/01/02 16:10:33 | 000,001,190 | ---- | M] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/01/02 13:19:35 | 000,051,712 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 01:40:50 | 000,000,098 | ---- | M] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | M] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,002,051 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 10:14:32 | 000,000,970 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | M] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/17 07:10:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 17:45:03 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/10 07:10:41 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2014/01/06 22:10:06 | 000,000,612 | ---- | C] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,600 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:09:58 | 008,286,039 | ---- | C] () -- C:\Program Files\omni.ja
[2014/01/06 22:09:58 | 003,559,024 | ---- | C] () -- C:\Program Files\mozjs.dll
[2014/01/06 22:09:58 | 000,036,692 | ---- | C] () -- C:\Program Files\removed-files
[2014/01/06 22:09:58 | 000,004,003 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2014/01/06 22:09:58 | 000,002,019 | ---- | C] () -- C:\Program Files\precomplete
[2014/01/06 22:09:58 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2014/01/06 22:09:58 | 000,000,685 | ---- | C] () -- C:\Program Files\application.ini
[2014/01/06 22:09:58 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2014/01/06 22:09:58 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2014/01/06 22:09:58 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2014/01/06 22:06:00 | 000,000,907 | ---- | C] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 19:58:31 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 16:35:34 | 000,000,413 | ---- | C] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/05 03:28:16 | 000,000,429 | ---- | C] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/02 16:10:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/02 16:10:33 | 000,001,190 | ---- | C] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2013/12/29 01:40:50 | 000,000,098 | ---- | C] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | C] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,000,907 | ---- | C] () -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | C] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 07:06:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2013/12/17 07:06:25 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2013/12/10 07:10:41 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/06 12:15:15 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/13 12:12:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/05/31 16:25:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 13:02:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2013/03/17 12:56:06 | 000,000,693 | ---- | C] () -- C:\Users\m\ScanSnap Manager settings.lnk
[2013/03/17 12:56:06 | 000,000,685 | ---- | C] () -- C:\Users\m\ScanSnap Operator's Guide.lnk
[2013/03/17 12:56:06 | 000,000,645 | ---- | C] () -- C:\Users\m\Readme.lnk
[2013/03/17 12:56:06 | 000,000,593 | ---- | C] () -- C:\Users\m\ScanSnap Manager.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\Startup Register.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\License Agreement.lnk
[2013/03/17 12:55:32 | 000,262,923 | R--- | C] () -- C:\Users\m\setup.inx
[2013/03/17 12:55:32 | 000,005,632 | ---- | C] () -- C:\Users\m\ScanSnap_Prv.prp
[2013/03/17 12:55:32 | 000,004,096 | ---- | C] () -- C:\Users\m\PfuSsMon.fcd
[2013/03/17 12:55:32 | 000,002,453 | ---- | C] () -- C:\Users\m\PfuSsMon32.cfg
[2013/03/17 12:55:32 | 000,000,591 | R--- | C] () -- C:\Users\m\layout.bin
[2013/03/17 12:55:32 | 000,000,076 | R--- | C] () -- C:\Users\m\PfuSsMon.ini
[2013/03/17 12:55:25 | 142,520,210 | R--- | C] () -- C:\Users\m\data2.cab
[2013/03/17 12:55:25 | 001,360,401 | R--- | C] () -- C:\Users\m\data1.cab
[2013/03/17 12:55:25 | 000,163,358 | R--- | C] () -- C:\Users\m\data1.hdr
[2013/03/17 12:55:25 | 000,000,286 | ---- | C] () -- C:\Users\m\ConfigList.cfg
[2013/03/17 12:55:25 | 000,000,060 | ---- | C] () -- C:\Users\m\AppID.cfg
[2013/01/27 14:27:13 | 000,905,728 | -HS- | C] () -- C:\Users\m\ehthumbs_vista.db
[2012/12/31 12:55:49 | 000,024,226 | ---- | C] () -- C:\Users\m\AppData\Roaming\UserTile.png
[2012/04/24 14:44:05 | 000,000,288 | ---- | C] () -- C:\Users\m\AppData\Roaming\.backup.dm
[2011/07/26 16:06:08 | 000,000,552 | ---- | C] () -- C:\Users\m\AppData\Local\d3d8caps.dat
[2011/07/12 07:55:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F3FE1A34-98FB-47FE-BD0D-2324E8BB19FD}
[2011/07/11 21:08:46 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F8B064F1-9717-436F-911E-42126E10CF0B}
[2011/07/07 19:50:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{1A0BBB3D-A412-47C8-9AA7-CFF5E223B030}
[2010/11/05 05:58:20 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat
[2010/11/04 04:42:42 | 000,051,712 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:22:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 16:44:40 | 000,582,737 | ---- | C] () -- C:\Users\m\USA-829-Member-Directory-2009-11-web.pdf
[2009/10/11 04:19:48 | 000,001,566 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Good Morning,
If you look at the instructions for OTL, it says to download it to your desktop, the first run was from your downloads folder and the second was from your F:\Drive. Can you please either cut and paste it to your desktop or delete it and download a new copy to your desktop, run a new scan please and post the log
How is everything running now ?
steve100254
2014-01-07, 14:39
Everything seems to be as before SWA . Thanks so much. Hope I didn't cause you too much consternation with my fiddling.
OTL logfile created on: 1/7/2014 7:48:34 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 1.93 Gb Available Physical Memory | 48.21% Memory free
8.19 Gb Paging File | 5.97 Gb Available in Paging File | 72.92% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 139.37 Gb Free Space | 49.18% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\m\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\BookmarkDAV_client.exe (Apple Inc.)
PRC - C:\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)
PRC - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe (Brother Industries, Ltd.)
========== Modules (No Company Name) ==========
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\m\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MOD - C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll ()
MOD - C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll ()
========== Services (SafeList) ==========
SRV:[b]64bit: - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV:64bit: - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV:64bit: - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe (ATI Technologies Inc.)
SRV:64bit: - (wltrysvc) -- C:\Windows\SysNative\WLTRYSVC.EXE ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxbl_device) -- C:\Windows\SysNative\lxblcoms.exe ( )
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (ABBYY.Licensing.FineReader.Professional.11.0) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MotoConnect Service) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (lxbl_device) -- C:\Windows\SysWOW64\lxblcoms.exe ( )
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdserd) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (LVUVC64) -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\DRIVERS\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\DRIVERS\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (OA001Vid) -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys (Creative Technology Ltd.)
DRV:64bit: - (OA001Ufd) -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys (Creative Technology Ltd.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\BCM42RLY.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys (REDC)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (BrSerIf) -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys (Brother Industries Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 98 B8 7B 79 98 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{151B1249-8E35-458B-B185-C26F3E9302B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19853,0,18,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\plugins
[2014/01/06 22:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/06 22:32:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46600012-1c97-11df-b5c2-002219e226b6}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{760d926a-5428-11df-8035-b891f863e2fd}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell - "" = AutoRun
O33 - MountPoints2\{b481a63f-cd5f-11de-8fcb-002219e226b6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell - "" = AutoRun
O33 - MountPoints2\{b8566e90-4951-11e1-a194-a9375ad8fab1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55b-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = F:\TLBootstrap_WPP.exe
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell - "" = AutoRun
O33 - MountPoints2\{e0eae55c-bd20-11e0-9377-c6199e021940}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell - "" = AutoRun
O33 - MountPoints2\{f7e56c50-6306-11e3-9f96-fd8e9a200f44}\Shell\AutoRun\command - "" = F:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/07 07:47:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/06 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/06 22:09:58 | 022,370,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2014/01/06 22:09:58 | 003,449,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2014/01/06 22:09:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2014/01/06 22:09:58 | 001,776,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2014/01/06 22:09:58 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2014/01/06 22:09:58 | 000,647,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2014/01/06 22:09:58 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2014/01/06 22:09:58 | 000,393,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2014/01/06 22:09:58 | 000,302,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2014/01/06 22:09:58 | 000,276,592 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2014/01/06 22:09:58 | 000,275,568 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2014/01/06 22:09:58 | 000,194,552 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2014/01/06 22:09:58 | 000,170,960 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2014/01/06 22:09:58 | 000,153,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2014/01/06 22:09:58 | 000,130,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2014/01/06 22:09:58 | 000,119,408 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2014/01/06 22:09:58 | 000,117,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2014/01/06 22:09:58 | 000,108,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2014/01/06 22:09:58 | 000,092,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2014/01/06 22:09:58 | 000,075,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2014/01/06 22:09:58 | 000,053,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2014/01/06 22:09:58 | 000,028,272 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2014/01/06 22:09:58 | 000,020,080 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2014/01/06 22:09:58 | 000,018,544 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2014/01/06 22:09:58 | 000,017,008 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\webapprt
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\dictionaries
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2014/01/06 19:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 19:58:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 16:19:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/06 16:09:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2014/01/06 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2014/01/05 02:58:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/01/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_int_changed
[2014/01/02 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_ext_changed
[2013/12/24 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\lisa_pics
[2013/12/20 12:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/12/20 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/20 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/12/13 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
[2013/12/13 09:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/12 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/12 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/12 03:04:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/12 03:04:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/12 03:04:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:04:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:04:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/12 03:04:15 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 03:04:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/12 03:04:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/12 03:04:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/11 13:50:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:50:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:50:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:50:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:50:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:50:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:50:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/11 13:50:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:50:05 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/11 13:50:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:50:05 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/12/10 07:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 12:55:32 | 000,492,032 | R--- | C] (Macrovision Corporation) -- C:\Users\m\ISSetup.dll
[2013/03/17 12:55:32 | 000,456,528 | R--- | C] (Macrovision Corporation) -- C:\Users\m\setup.exe
[2013/03/17 12:55:25 | 000,385,968 | R--- | C] (Macrovision Corporation) -- C:\Users\m\_Setup.dll
========== Files - Modified Within 30 Days ==========
[2014/01/07 07:51:07 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
[2014/01/07 07:47:28 | 000,000,272 | ---- | M] () -- C:\Users\m\Desktop\OTL - Shortcut.lnk
[2014/01/07 07:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/07 07:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/07 06:54:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/07 06:54:54 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/06 22:55:12 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/06 22:55:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 22:54:57 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2014/01/06 22:54:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2014/01/06 22:54:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/06 22:53:38 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/06 22:10:06 | 000,000,612 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:06:00 | 000,000,907 | ---- | M] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 21:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/06 19:58:31 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 19:06:34 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 19:03:26 | 000,703,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/06 19:03:26 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/06 19:03:26 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/06 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/06 16:35:34 | 000,000,413 | ---- | M] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/06 14:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/01/05 03:28:16 | 000,000,429 | ---- | M] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/05 02:58:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\m\Desktop\dds.scr
[2014/01/02 16:13:23 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2014/01/02 16:10:41 | 000,000,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/01/02 16:10:33 | 000,001,190 | ---- | M] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2014/01/02 13:19:35 | 000,051,712 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 01:40:50 | 000,000,098 | ---- | M] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | M] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,002,051 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 10:14:32 | 000,000,970 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | M] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/17 07:10:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 17:45:03 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/12/10 07:10:41 | 000,002,117 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
========== Files Created - No Company Name ==========
[2014/01/07 07:47:28 | 000,000,272 | ---- | C] () -- C:\Users\m\Desktop\OTL - Shortcut.lnk
[2014/01/06 22:10:06 | 000,000,612 | ---- | C] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,600 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:09:58 | 008,286,039 | ---- | C] () -- C:\Program Files\omni.ja
[2014/01/06 22:09:58 | 003,559,024 | ---- | C] () -- C:\Program Files\mozjs.dll
[2014/01/06 22:09:58 | 000,036,692 | ---- | C] () -- C:\Program Files\removed-files
[2014/01/06 22:09:58 | 000,004,003 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2014/01/06 22:09:58 | 000,002,019 | ---- | C] () -- C:\Program Files\precomplete
[2014/01/06 22:09:58 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2014/01/06 22:09:58 | 000,000,685 | ---- | C] () -- C:\Program Files\application.ini
[2014/01/06 22:09:58 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2014/01/06 22:09:58 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2014/01/06 22:09:58 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2014/01/06 22:06:00 | 000,000,907 | ---- | C] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 19:58:31 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 16:35:34 | 000,000,413 | ---- | C] () -- C:\Users\m\Desktop\AdwCleaner - Shortcut.lnk
[2014/01/05 03:28:16 | 000,000,429 | ---- | C] () -- C:\Users\m\Desktop\aswMBR.zip
[2014/01/02 16:10:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/02 16:10:33 | 000,001,190 | ---- | C] () -- C:\Users\m\Desktop\SparkTrust PC Cleaner Plus.lnk
[2013/12/29 01:40:50 | 000,000,098 | ---- | C] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | C] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,000,907 | ---- | C] () -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | C] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/17 07:06:37 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rel.job
[2013/12/17 07:06:25 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_1013b_rmv.job
[2013/12/10 07:10:41 | 000,002,117 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/12/06 12:15:15 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/13 12:12:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/05/31 16:25:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 13:02:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2013/03/17 12:56:06 | 000,000,693 | ---- | C] () -- C:\Users\m\ScanSnap Manager settings.lnk
[2013/03/17 12:56:06 | 000,000,685 | ---- | C] () -- C:\Users\m\ScanSnap Operator's Guide.lnk
[2013/03/17 12:56:06 | 000,000,645 | ---- | C] () -- C:\Users\m\Readme.lnk
[2013/03/17 12:56:06 | 000,000,593 | ---- | C] () -- C:\Users\m\ScanSnap Manager.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\Startup Register.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\License Agreement.lnk
[2013/03/17 12:55:32 | 000,262,923 | R--- | C] () -- C:\Users\m\setup.inx
[2013/03/17 12:55:32 | 000,005,632 | ---- | C] () -- C:\Users\m\ScanSnap_Prv.prp
[2013/03/17 12:55:32 | 000,004,096 | ---- | C] () -- C:\Users\m\PfuSsMon.fcd
[2013/03/17 12:55:32 | 000,002,453 | ---- | C] () -- C:\Users\m\PfuSsMon32.cfg
[2013/03/17 12:55:32 | 000,000,591 | R--- | C] () -- C:\Users\m\layout.bin
[2013/03/17 12:55:32 | 000,000,076 | R--- | C] () -- C:\Users\m\PfuSsMon.ini
[2013/03/17 12:55:25 | 142,520,210 | R--- | C] () -- C:\Users\m\data2.cab
[2013/03/17 12:55:25 | 001,360,401 | R--- | C] () -- C:\Users\m\data1.cab
[2013/03/17 12:55:25 | 000,163,358 | R--- | C] () -- C:\Users\m\data1.hdr
[2013/03/17 12:55:25 | 000,000,286 | ---- | C] () -- C:\Users\m\ConfigList.cfg
[2013/03/17 12:55:25 | 000,000,060 | ---- | C] () -- C:\Users\m\AppID.cfg
[2013/01/27 14:27:13 | 000,905,728 | -HS- | C] () -- C:\Users\m\ehthumbs_vista.db
[2012/12/31 12:55:49 | 000,024,226 | ---- | C] () -- C:\Users\m\AppData\Roaming\UserTile.png
[2012/04/24 14:44:05 | 000,000,288 | ---- | C] () -- C:\Users\m\AppData\Roaming\.backup.dm
[2011/07/26 16:06:08 | 000,000,552 | ---- | C] () -- C:\Users\m\AppData\Local\d3d8caps.dat
[2011/07/12 07:55:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F3FE1A34-98FB-47FE-BD0D-2324E8BB19FD}
[2011/07/11 21:08:46 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F8B064F1-9717-436F-911E-42126E10CF0B}
[2011/07/07 19:50:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{1A0BBB3D-A412-47C8-9AA7-CFF5E223B030}
[2010/11/05 05:58:20 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat
[2010/11/04 04:42:42 | 000,051,712 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:22:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 16:44:40 | 000,582,737 | ---- | C] () -- C:\Users\m\USA-829-Member-Directory-2009-11-web.pdf
[2009/10/11 04:19:48 | 000,001,566 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
:bigthumb:
Any other issues ?
steve100254
2014-01-07, 18:10
I don't have any with this laptop, but my other one frequently crashed out of nowhere and wouldn't restart until I learned the 30 second static charge release trick. That no longer works. I reset the RAM chips and now I get a blinking red battery light when I hold down the power button. Is this a hardware issue?
Oh, hoow could i forget.... I have the skipping cursor issue on this machine....Randomly the cursor jumps into somewhere else and if I don't catch it in time I have to retype.....I have been living with it for a while....it's just a bit annoying
Resetting ram needs to be done correctly, are you sure you have them in nice and snug in the proper slots.
This forum is for Malware removal only, all us forums work together so why dont you go here, register, like Safer its free
www.whatthetech.com
Then after your registered post in there hardware forum about issues with your other computer
Post here
http://forums.whatthetech.com/index.php?showforum=126
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
Malwarebytes is the free version and yours to keep and will not be removed
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
steve100254
2014-01-09, 18:05
Hi.....took your advice and went to whathetech..........turns out that part of my power supply cord was defective....got that solved thanks again
Steve
Great, thanks for letting me know.
Glad things are up and running for you again
Take Care,
Ken :)
steve100254
2014-01-09, 20:47
Hey Ken, remember when I deleted Adobe Reader because I had tried to use it to open the malware Level Quality Watcher and all my .exe files had been changed to Adobe? Well, I just went to reinstall Adobe Reader and all my .exe files had Adobe icons. How do I get AR back and maintain purity of .exe's?
Steve
Steve,
I am seeing multiple fixes for this, not sure what will work. I think what I would do is post back at WTT in there windows forum, there better set up to help you with windows issues
http://forums.whatthetech.com/index.php?showforum=119
Let me know how it went
steve100254
2014-01-09, 22:24
I will.....Sooooo, after going to the Adobe site and downloading AR and then uninstalling it........SWA is back! I have only used this computer to visit sites like WTT today.....currently running S&D........found SWA on my registry after a pop-up ad came on. Interesting no?
Uninstall Adobe.
Download ComboFix from one of these locations:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
http://img.photobucket.com/albums/v706/ried7/RC1.png
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v706/ried7/RC2-1.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
steve100254
2014-01-10, 01:58
as per:
ComboFix 14-01-08.03 - m 01/09/2014 19:38:28.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2341 [GMT -5:00]
Running from: c:\users\m\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))
.
.
2014-01-10 00:48 . 2014-01-10 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 21:14 . 2014-01-09 21:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF340A14-9D84-4981-93C2-B5CC2DEEA502}\offreg.dll
2014-01-09 19:29 . 2014-01-09 19:29 -------- d-----w- c:\users\m\AppData\Local\Apps
2014-01-07 06:47 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF340A14-9D84-4981-93C2-B5CC2DEEA502}\mpengine.dll
2014-01-07 03:10 . 2014-01-07 03:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-07 00:58 . 2014-01-07 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:58 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 00:19 . 2014-01-07 00:19 -------- d-----w- c:\windows\ERUNT
2014-01-06 21:19 . 2014-01-07 01:33 -------- d-----w- C:\AdwCleaner
2014-01-06 21:09 . 2014-01-06 21:09 -------- d-----w- c:\users\m\AppData\Roaming\FileAssociationManager
2014-01-06 21:09 . 2014-01-06 21:09 -------- d-----w- c:\program files (x86)\FileAssociationManager
2014-01-02 21:10 . 2014-01-02 21:10 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust
2014-01-02 20:40 . 2014-01-06 21:14 -------- d-----w- c:\program files (x86)\7-Zip
2013-12-20 17:10 . 2013-12-20 17:10 -------- d-----w- c:\programdata\Symantec
2013-12-20 17:10 . 2013-12-31 13:55 -------- d-----w- c:\programdata\Norton
2013-12-11 18:50 . 2013-10-30 02:10 2776064 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 12:10 . 2012-09-08 21:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-17 12:10 . 2012-09-08 21:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-06 17:14 . 2013-12-06 17:15 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-19 08:33 . 2009-10-03 16:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"iCloudServices"="C:\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="C:\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="C:\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-19 925960]
.
c:\users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 985904]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-3-17 1159168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-07 23:44 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 12:10]
.
2014-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 12:05]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-25 20:57]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-25 20:57]
.
2014-01-09 c:\windows\Tasks\SparkTrust Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2014-01-10 c:\windows\Tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
- c:\windows\system32\msfeedssync.exe [2012-03-31 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3863040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\m\AppData\Roaming\Mozilla\Firefox\Profiles\jsa8t4un.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Lexmark Z700-P700 Series - c:\program files (x86) (x86)\Lexmark Z700-P700 Series\Install\x64\Uninst.exe
AddRemove-{35827710-D042-428B-A1E5-E20E12D2FEB9} - c:\program files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-09 19:52:51
ComboFix-quarantined-files.txt 2014-01-10 00:52
.
Pre-Run: 143,884,066,816 bytes free
Post-Run: 143,774,334,976 bytes free
.
- - End Of File - - 7C0D8A901B75ACEBF97699AD105D9EBE
5C616939100B85E558DA92B899A0FC36
Nothing bad removed, run a new scan with OTL and post the log please
steve100254
2014-01-10, 13:21
Latest:
OTL logfile created on: 1/10/2014 7:10:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.99 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.58% Memory free
8.20 Gb Paging File | 6.17 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 133.93 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 7.01 Gb Free Space | 94.13% Space Free | Partition Type: FAT32
Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/01/06 21:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/09 11:40:10 | 000,273,664 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/27 18:02:30 | 001,159,168 | R--- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
========== Modules (No Company Name) ==========
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2007/06/26 19:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/10/12 14:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2003/03/26 17:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll
========== Services (SafeList) ==========
SRV:[b]64bit: - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/03 22:36:40 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/02 10:44:18 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/20 12:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2013/12/17 07:10:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/20 12:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/12/06 12:14:47 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 05:00:30 | 000,629,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/10/07 03:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 03:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 03:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 02:27:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2009/08/21 02:27:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2009/08/21 02:27:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/06/12 08:39:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/07/04 01:36:04 | 004,598,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/02 10:44:16 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/02 10:44:14 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/02/24 01:40:04 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/02/21 09:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/07/27 18:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 19:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/03/30 05:47:30 | 000,088,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/02/27 16:20:46 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/02/27 16:20:42 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/12/12 10:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 98 B8 7B 79 98 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{151B1249-8E35-458B-B185-C26F3E9302B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19853,0,18,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\plugins
[2014/01/06 22:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/01/06 22:32:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\m\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/01/10 07:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/09 19:52:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\temp
[2014/01/09 19:36:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/09 19:36:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/09 19:36:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/09 19:35:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 19:35:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/09 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\Apps
[2014/01/06 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/06 22:09:58 | 022,370,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2014/01/06 22:09:58 | 003,449,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2014/01/06 22:09:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2014/01/06 22:09:58 | 001,776,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2014/01/06 22:09:58 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2014/01/06 22:09:58 | 000,647,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2014/01/06 22:09:58 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2014/01/06 22:09:58 | 000,393,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2014/01/06 22:09:58 | 000,302,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2014/01/06 22:09:58 | 000,276,592 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2014/01/06 22:09:58 | 000,275,568 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2014/01/06 22:09:58 | 000,194,552 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2014/01/06 22:09:58 | 000,170,960 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2014/01/06 22:09:58 | 000,153,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2014/01/06 22:09:58 | 000,130,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2014/01/06 22:09:58 | 000,119,408 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2014/01/06 22:09:58 | 000,117,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2014/01/06 22:09:58 | 000,108,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2014/01/06 22:09:58 | 000,092,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2014/01/06 22:09:58 | 000,075,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2014/01/06 22:09:58 | 000,053,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2014/01/06 22:09:58 | 000,028,272 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2014/01/06 22:09:58 | 000,020,080 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2014/01/06 22:09:58 | 000,018,544 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2014/01/06 22:09:58 | 000,017,008 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\webapprt
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\dictionaries
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2014/01/06 19:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 19:58:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 16:19:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/06 16:09:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2014/01/06 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2014/01/02 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/01/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_int_changed
[2014/01/02 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_ext_changed
[2013/12/24 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\lisa_pics
[2013/12/20 12:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/12/20 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/20 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/12/13 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
[2013/12/13 09:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/12 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/12 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/12 03:04:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/12 03:04:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/12 03:04:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:04:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:04:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/12 03:04:15 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 03:04:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/12 03:04:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/12 03:04:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/11 13:50:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:50:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:50:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:50:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:50:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:50:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:50:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/11 13:50:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:50:05 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/11 13:50:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:50:05 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/03/17 12:55:32 | 000,492,032 | R--- | C] (Macrovision Corporation) -- C:\Users\m\ISSetup.dll
[2013/03/17 12:55:32 | 000,456,528 | R--- | C] (Macrovision Corporation) -- C:\Users\m\setup.exe
[2013/03/17 12:55:25 | 000,385,968 | R--- | C] (Macrovision Corporation) -- C:\Users\m\_Setup.dll
========== Files - Modified Within 30 Days ==========
[2014/01/10 07:11:27 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
[2014/01/10 07:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 06:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 05:49:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 05:49:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 22:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 19:20:39 | 000,000,582 | ---- | M] () -- C:\Users\m\Desktop\ComboFix - Shortcut.lnk
[2014/01/09 18:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/09 16:05:00 | 000,703,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 16:05:00 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 16:05:00 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 15:49:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/09 14:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/01/08 11:16:06 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/08 11:14:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/07 18:48:24 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 22:10:06 | 000,000,612 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:06:00 | 000,000,907 | ---- | M] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 21:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/06 19:58:31 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 16:13:23 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2014/01/02 16:10:41 | 000,000,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/01/02 13:19:35 | 000,051,712 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 01:40:50 | 000,000,098 | ---- | M] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | M] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,002,051 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 10:14:32 | 000,000,970 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | M] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/17 07:10:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2014/01/09 19:36:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/09 19:36:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/09 19:36:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/09 19:36:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/09 19:36:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/09 19:20:39 | 000,000,582 | ---- | C] () -- C:\Users\m\Desktop\ComboFix - Shortcut.lnk
[2014/01/06 22:10:06 | 000,000,612 | ---- | C] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,600 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:09:58 | 008,286,039 | ---- | C] () -- C:\Program Files\omni.ja
[2014/01/06 22:09:58 | 003,559,024 | ---- | C] () -- C:\Program Files\mozjs.dll
[2014/01/06 22:09:58 | 000,036,692 | ---- | C] () -- C:\Program Files\removed-files
[2014/01/06 22:09:58 | 000,004,003 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2014/01/06 22:09:58 | 000,002,019 | ---- | C] () -- C:\Program Files\precomplete
[2014/01/06 22:09:58 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2014/01/06 22:09:58 | 000,000,685 | ---- | C] () -- C:\Program Files\application.ini
[2014/01/06 22:09:58 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2014/01/06 22:09:58 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2014/01/06 22:09:58 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2014/01/06 22:06:00 | 000,000,907 | ---- | C] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 19:58:31 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 16:10:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/12/29 01:40:50 | 000,000,098 | ---- | C] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | C] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,000,907 | ---- | C] () -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | C] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 12:15:15 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/13 12:12:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/05/31 16:25:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 13:02:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2013/03/17 12:56:06 | 000,000,693 | ---- | C] () -- C:\Users\m\ScanSnap Manager settings.lnk
[2013/03/17 12:56:06 | 000,000,685 | ---- | C] () -- C:\Users\m\ScanSnap Operator's Guide.lnk
[2013/03/17 12:56:06 | 000,000,645 | ---- | C] () -- C:\Users\m\Readme.lnk
[2013/03/17 12:56:06 | 000,000,593 | ---- | C] () -- C:\Users\m\ScanSnap Manager.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\Startup Register.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\License Agreement.lnk
[2013/03/17 12:55:32 | 000,262,923 | R--- | C] () -- C:\Users\m\setup.inx
[2013/03/17 12:55:32 | 000,005,632 | ---- | C] () -- C:\Users\m\ScanSnap_Prv.prp
[2013/03/17 12:55:32 | 000,004,096 | ---- | C] () -- C:\Users\m\PfuSsMon.fcd
[2013/03/17 12:55:32 | 000,002,453 | ---- | C] () -- C:\Users\m\PfuSsMon32.cfg
[2013/03/17 12:55:32 | 000,000,591 | R--- | C] () -- C:\Users\m\layout.bin
[2013/03/17 12:55:32 | 000,000,076 | R--- | C] () -- C:\Users\m\PfuSsMon.ini
[2013/03/17 12:55:25 | 142,520,210 | R--- | C] () -- C:\Users\m\data2.cab
[2013/03/17 12:55:25 | 001,360,401 | R--- | C] () -- C:\Users\m\data1.cab
[2013/03/17 12:55:25 | 000,163,358 | R--- | C] () -- C:\Users\m\data1.hdr
[2013/03/17 12:55:25 | 000,000,286 | ---- | C] () -- C:\Users\m\ConfigList.cfg
[2013/03/17 12:55:25 | 000,000,060 | ---- | C] () -- C:\Users\m\AppID.cfg
[2013/01/27 14:27:13 | 000,905,728 | -HS- | C] () -- C:\Users\m\ehthumbs_vista.db
[2012/12/31 12:55:49 | 000,024,226 | ---- | C] () -- C:\Users\m\AppData\Roaming\UserTile.png
[2012/04/24 14:44:05 | 000,000,288 | ---- | C] () -- C:\Users\m\AppData\Roaming\.backup.dm
[2011/07/26 16:06:08 | 000,000,552 | ---- | C] () -- C:\Users\m\AppData\Local\d3d8caps.dat
[2011/07/12 07:55:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F3FE1A34-98FB-47FE-BD0D-2324E8BB19FD}
[2011/07/11 21:08:46 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F8B064F1-9717-436F-911E-42126E10CF0B}
[2011/07/07 19:50:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{1A0BBB3D-A412-47C8-9AA7-CFF5E223B030}
[2010/11/05 05:58:20 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat
[2010/11/04 04:42:42 | 000,051,712 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:22:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 16:44:40 | 000,582,737 | ---- | C] () -- C:\Users\m\USA-829-Member-Directory-2009-11-web.pdf
[2009/10/11 04:19:48 | 000,001,566 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm
========== ZeroAccess Check ==========
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >
Hello Steve
SparkTrust <-- This is somewhat of an inferior program, I would uninstall it.
Dont see SWA on your log
See if SWA shows up and then remove it
Internet Explorer
Open Internet Explorer
Click on Tools up on the top right
Click on Manage Add Ons
Click on Search Providers
Highlite the one you want to remove and select Delete
Firefox
Open Firefox
Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
Highlite the one you want to remove and select Delete
Chrome
Open Chrome
Up on the Top Right click on the 3 Bars
Click on Settings
Then Manage Search Engines
Highlite the one you want to remove and select Delete
steve100254
2014-01-10, 21:45
Did the requested. I deleted SWA from my registry earlier and then ran S&D which picked up 4 others. I signed up for Sparktrust last week and when it didn't even detect SWA I cancelled the order and gave my money to Spybot instead. Everything seems in order here now. On my other unit WTT wants me to run Linux Puppy so we'll see how that works out. Thanks so much for your help.
;)
S.
steve100254
2014-01-11, 00:12
Just because.........I downloaded AR again and got the same result..........all .exe files switched to AR.......I uninstalled AR and all is well and am running S&D again
steve100254
2014-01-11, 00:32
Ran S&D....nothing found............nothing on the registry..........Why can't i get Adobe Reader back?
You can download and install Adobe Reader, as you go through the installation read what your installing and dont add any add ons if your prompted to, uncheck them
You will find the download link on the bottom of the page
http://www.adobe.com/
steve100254
2014-01-11, 02:09
I went to the site again..........I was only allowed to download.....there weren't any offers, or click-ons or otherwise anything out of the ordinary......downloaded AR.....same result..........all .exe files changed to AR
You need to post in the windows forum at WhattheTech
http://forums.whatthetech.com/index.php?showforum=119
I have a few ideas but you would be better off asking windows people about this
Let me know the outcome
Steve, I see they got you up and running again, thats great, now go post in there windows forum about the Adobe problem