SevereWeatherAlerts

[steve100254]

other issues

I don't have any with this laptop, but my other one frequently crashed out of nowhere and wouldn't restart until I learned the 30 second static charge release trick. That no longer works. I reset the RAM chips and now I get a blinking red battery light when I hold down the power button. Is this a hardware issue?

Oh, hoow could i forget.... I have the skipping cursor issue on this machine....Randomly the cursor jumps into somewhere else and if I don't catch it in time I have to retype.....I have been living with it for a while....it's just a bit annoying

 

[ken545]

Resetting ram needs to be done correctly, are you sure you have them in nice and snug in the proper slots.

This forum is for Malware removal only, all us forums work together so why dont you go here, register, like Safer its free

www.whatthetech.com


Then after your registered post in there hardware forum about issues with your other computer

Post here
http://forums.whatthetech.com/index.php?showforum=126



Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.


Malwarebytes is the free version and yours to keep and will not be removed

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[steve100254]

other unit

Hi.....took your advice and went to whathetech..........turns out that part of my power supply cord was defective....got that solved thanks again

Steve

 

[ken545]

Great, thanks for letting me know.

Glad things are up and running for you again

Take Care,

Ken

 

[steve100254]

Just when you think you're out.......!

Hey Ken, remember when I deleted Adobe Reader because I had tried to use it to open the malware Level Quality Watcher and all my .exe files had been changed to Adobe? Well, I just went to reinstall Adobe Reader and all my .exe files had Adobe icons. How do I get AR back and maintain purity of .exe's?

Steve

 

[ken545]

Steve,

I am seeing multiple fixes for this, not sure what will work. I think what I would do is post back at WTT in there windows forum, there better set up to help you with windows issues

http://forums.whatthetech.com/index.php?showforum=119


Let me know how it went

 

[steve100254]

Wtt

I will.....Sooooo, after going to the Adobe site and downloading AR and then uninstalling it........SWA is back! I have only used this computer to visit sites like WTT today.....currently running S&D........found SWA on my registry after a pop-up ad came on. Interesting no?

 

[ken545]

Uninstall Adobe.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[steve100254]

ComboFix

as per:

ComboFix 14-01-08.03 - m 01/09/2014 19:38:28.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4090.2341 [GMT -5:00]
Running from: c:\users\m\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-12-10 to 2014-01-10 )))))))))))))))))))))))))))))))
.
.
2014-01-10 00:48 . 2014-01-10 00:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-09 21:14 . 2014-01-09 21:14 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF340A14-9D84-4981-93C2-B5CC2DEEA502}\offreg.dll
2014-01-09 19:29 . 2014-01-09 19:29 -------- d-----w- c:\users\m\AppData\Local\Apps
2014-01-07 06:47 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DF340A14-9D84-4981-93C2-B5CC2DEEA502}\mpengine.dll
2014-01-07 03:10 . 2014-01-07 03:10 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-01-07 00:58 . 2014-01-07 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-07 00:58 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-07 00:19 . 2014-01-07 00:19 -------- d-----w- c:\windows\ERUNT
2014-01-06 21:19 . 2014-01-07 01:33 -------- d-----w- C:\AdwCleaner
2014-01-06 21:09 . 2014-01-06 21:09 -------- d-----w- c:\users\m\AppData\Roaming\FileAssociationManager
2014-01-06 21:09 . 2014-01-06 21:09 -------- d-----w- c:\program files (x86)\FileAssociationManager
2014-01-02 21:10 . 2014-01-02 21:10 -------- d-----w- c:\program files (x86)\Common Files\SparkTrust
2014-01-02 20:40 . 2014-01-06 21:14 -------- d-----w- c:\program files (x86)\7-Zip
2013-12-20 17:10 . 2013-12-20 17:10 -------- d-----w- c:\programdata\Symantec
2013-12-20 17:10 . 2013-12-31 13:55 -------- d-----w- c:\programdata\Norton
2013-12-11 18:50 . 2013-10-30 02:10 2776064 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-17 12:10 . 2012-09-08 21:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-17 12:10 . 2012-09-08 21:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-06 17:14 . 2013-12-06 17:15 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-19 08:33 . 2009-10-03 16:27 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-30 04:34 . 2008-01-21 02:46 1386496 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-21 41984]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"iCloudServices"="C:\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="C:\ApplePhotoStreams.exe" [2012-12-17 59872]
"com.apple.dav.bookmarks.daemon"="C:\BookmarkDAV_client.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2008-05-29 1085440]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"IndexSearch"="c:\program files (x86)\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PaperPort PTD"="c:\program files (x86)\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"PPort11reminder"="c:\program files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"Bonus.SSR.FR11"="c:\program files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" [2011-08-19 925960]
.
c:\users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 985904]
ScanSnap Manager.lnk - c:\program files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe [2013-3-17 1159168]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 ABBYY.Licensing.FineReader.Professional.11.0;ABBYY FineReader 11 PE Licensing Service;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe;c:\program files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - aswMBR
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-07 23:44 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-08 12:10]
.
2014-01-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-22 12:05]
.
2014-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-25 20:57]
.
2014-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-08-25 20:57]
.
2014-01-09 c:\windows\Tasks\SparkTrust Registration3.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2014-01-10 c:\windows\Tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
- c:\windows\system32\msfeedssync.exe [2012-03-31 07:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\m\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-02 3863040]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\users\m\AppData\Roaming\Mozilla\Firefox\Profiles\jsa8t4un.default\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Lexmark Z700-P700 Series - c:\program files (x86) (x86)\Lexmark Z700-P700 Series\Install\x64\Uninst.exe
AddRemove-{35827710-D042-428B-A1E5-E20E12D2FEB9} - c:\program files (x86)\SparkTrust\SparkTrust PC Cleaner Plus\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-01-09 19:52:51
ComboFix-quarantined-files.txt 2014-01-10 00:52
.
Pre-Run: 143,884,066,816 bytes free
Post-Run: 143,774,334,976 bytes free
.
- - End Of File - - 7C0D8A901B75ACEBF97699AD105D9EBE
5C616939100B85E558DA92B899A0FC36

 

[ken545]

Nothing bad removed, run a new scan with OTL and post the log please

 

[steve100254]

OTL from desktop

Latest:

OTL logfile created on: 1/10/2014 7:10:04 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\m\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 53.58% Memory free
8.20 Gb Paging File | 6.17 Gb Available in Paging File | 75.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.40 Gb Total Space | 133.93 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.71 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
Drive G: | 7.45 Gb Total Space | 7.01 Gb Free Space | 94.13% Space Free | Partition Type: FAT32

Computer Name: M-PC | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/06 21:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
PRC - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/09 11:40:10 | 000,273,664 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/02/27 18:02:30 | 001,159,168 | R--- | M] (PFU LIMITED) -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2008/01/31 16:29:06 | 000,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/14 12:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009/10/14 12:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe
MOD - [2007/06/26 19:27:18 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\SSsltsa.dll
MOD - [2006/10/12 14:14:50 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuUpdater.dll
MOD - [2003/03/26 17:46:36 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\PFU\ScanSnap\Driver\PfuSsImgIO.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV:64bit: - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV:64bit: - [2009/10/07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64)
SRV:64bit: - [2008/07/03 22:36:40 | 000,901,120 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2008/06/02 10:44:18 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/04/20 12:24:32 | 000,566,704 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxblcoms.exe -- (lxbl_device)
SRV - [2013/12/17 07:10:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 14:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 14:47:48 | 000,819,976 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Professional.11.0)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/09 11:40:20 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/20 12:24:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxblcoms.exe -- (lxbl_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/06 12:14:47 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/09/29 05:00:30 | 000,629,864 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/04/26 21:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/26 21:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/26 21:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/26 21:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009/10/07 03:49:27 | 006,379,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2009/10/07 03:47:44 | 000,327,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2009/10/07 03:45:37 | 000,271,640 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2009/10/07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/08/21 02:27:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2009/08/21 02:27:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2009/08/21 02:27:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2009/06/12 08:39:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/07/04 01:36:04 | 004,598,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2008/06/02 10:44:16 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/02 10:44:14 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/02/24 01:40:04 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/02/21 09:24:20 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/01/20 21:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2007/07/27 18:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 19:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/03/30 05:47:30 | 000,088,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2007/02/27 16:20:46 | 000,096,048 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2007/02/27 16:20:42 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2006/12/12 10:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\BrSerIf.sys -- (BrSerIf)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AB 98 B8 7B 79 98 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{151B1249-8E35-458B-B185-C26F3E9302B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20130417,19853,0,18,0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\plugins

[2014/01/06 22:10:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\m\AppData\Roaming\mozilla\Extensions
[2014/01/06 22:29:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\
CHR - Extension: Gmail = C:\Users\m\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/01/06 22:32:57 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bonus.SSR.FR11] C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe (ABBYY.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\m\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/4.1.0.0/GarminAxControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F26A0BF-EB8C-4300-AABD-4D2325FB7E81}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\m\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/10 07:09:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/09 19:52:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/01/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\temp
[2014/01/09 19:36:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014/01/09 19:36:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014/01/09 19:36:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014/01/09 19:35:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/01/09 19:35:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014/01/09 14:29:21 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Local\Apps
[2014/01/06 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014/01/06 22:09:58 | 022,370,928 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2014/01/06 22:09:58 | 003,449,456 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll
[2014/01/06 22:09:58 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll
[2014/01/06 22:09:58 | 001,776,240 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2014/01/06 22:09:58 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll
[2014/01/06 22:09:58 | 000,647,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll
[2014/01/06 22:09:58 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll
[2014/01/06 22:09:58 | 000,393,840 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2014/01/06 22:09:58 | 000,302,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2014/01/06 22:09:58 | 000,276,592 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2014/01/06 22:09:58 | 000,275,568 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2014/01/06 22:09:58 | 000,194,552 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe
[2014/01/06 22:09:58 | 000,170,960 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe
[2014/01/06 22:09:58 | 000,153,712 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2014/01/06 22:09:58 | 000,130,672 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll
[2014/01/06 22:09:58 | 000,119,408 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe
[2014/01/06 22:09:58 | 000,117,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2014/01/06 22:09:58 | 000,108,144 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe
[2014/01/06 22:09:58 | 000,092,272 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2014/01/06 22:09:58 | 000,075,376 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll
[2014/01/06 22:09:58 | 000,053,360 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll
[2014/01/06 22:09:58 | 000,028,272 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-hang-ui.exe
[2014/01/06 22:09:58 | 000,020,080 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2014/01/06 22:09:58 | 000,018,544 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2014/01/06 22:09:58 | 000,017,008 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\webapprt
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\uninstall
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\dictionaries
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\defaults
[2014/01/06 22:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\browser
[2014/01/06 19:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 19:58:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/01/06 19:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 19:19:30 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/01/06 16:19:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Association Manager
[2014/01/06 16:09:23 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/06 16:09:17 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\FileAssociationManager
[2014/01/06 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileAssociationManager
[2014/01/02 16:10:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SparkTrust
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/01/02 15:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2014/01/02 13:48:26 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_int_changed
[2014/01/02 13:41:52 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\bus_ext_changed
[2013/12/24 15:16:59 | 000,000,000 | ---D | C] -- C:\Users\m\Desktop\lisa_pics
[2013/12/20 12:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2013/12/20 12:10:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/20 12:10:27 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/12/13 17:43:53 | 000,000,000 | ---D | C] -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GreatArcadeHits
[2013/12/13 09:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/12 03:04:21 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/12/12 03:04:21 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/12/12 03:04:19 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/12/12 03:04:19 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/12/12 03:04:19 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/12/12 03:04:19 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/12/12 03:04:18 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/12/12 03:04:18 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/12/12 03:04:16 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/12/12 03:04:16 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/12/12 03:04:16 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/12/12 03:04:15 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/12/12 03:04:15 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/12/12 03:04:15 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/12/12 03:04:15 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/12/11 13:50:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scrrun.dll
[2013/12/11 13:50:10 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cscript.exe
[2013/12/11 13:50:10 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshom.ocx
[2013/12/11 13:50:10 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshom.ocx
[2013/12/11 13:50:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\scrrun.dll
[2013/12/11 13:50:09 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cscript.exe
[2013/12/11 13:50:09 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshcon.dll
[2013/12/11 13:50:07 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2013/12/11 13:50:05 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2013/12/11 13:50:05 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2013/12/11 13:50:05 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2013/03/17 12:55:32 | 000,492,032 | R--- | C] (Macrovision Corporation) -- C:\Users\m\ISSetup.dll
[2013/03/17 12:55:32 | 000,456,528 | R--- | C] (Macrovision Corporation) -- C:\Users\m\setup.exe
[2013/03/17 12:55:25 | 000,385,968 | R--- | C] (Macrovision Corporation) -- C:\Users\m\_Setup.dll

========== Files - Modified Within 30 Days ==========

[2014/01/10 07:11:27 | 000,000,410 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{47E90404-B67F-4B51-A855-1D8055781A7D}.job
[2014/01/10 07:04:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/10 06:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/10 05:49:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 05:49:40 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 22:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/09 19:20:39 | 000,000,582 | ---- | M] () -- C:\Users\m\Desktop\ComboFix - Shortcut.lnk
[2014/01/09 18:51:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/09 18:00:00 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2014/01/09 16:05:00 | 000,703,292 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 16:05:00 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 16:05:00 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 15:49:52 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/01/09 14:55:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2014/01/08 11:16:06 | 000,305,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/08 11:14:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2014/01/07 18:48:24 | 000,002,027 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/01/06 22:10:06 | 000,000,612 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:06:00 | 000,000,907 | ---- | M] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 21:32:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\m\Desktop\OTL.exe
[2014/01/06 19:58:31 | 000,000,864 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 16:13:23 | 000,002,109 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 5510 series.lnk
[2014/01/02 16:10:41 | 000,000,922 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2014/01/02 13:19:35 | 000,051,712 | ---- | M] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/12/29 01:40:50 | 000,000,098 | ---- | M] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | M] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,002,051 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/18 10:14:32 | 000,000,970 | ---- | M] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | M] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:10 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/12/17 07:10:10 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2014/01/09 19:36:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/01/09 19:36:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/01/09 19:36:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/01/09 19:36:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/01/09 19:36:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/01/09 19:20:39 | 000,000,582 | ---- | C] () -- C:\Users\m\Desktop\ComboFix - Shortcut.lnk
[2014/01/06 22:10:06 | 000,000,612 | ---- | C] () -- C:\Users\m\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,600 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/01/06 22:10:06 | 000,000,588 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/01/06 22:09:58 | 008,286,039 | ---- | C] () -- C:\Program Files\omni.ja
[2014/01/06 22:09:58 | 003,559,024 | ---- | C] () -- C:\Program Files\mozjs.dll
[2014/01/06 22:09:58 | 000,036,692 | ---- | C] () -- C:\Program Files\removed-files
[2014/01/06 22:09:58 | 000,004,003 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2014/01/06 22:09:58 | 000,002,019 | ---- | C] () -- C:\Program Files\precomplete
[2014/01/06 22:09:58 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2014/01/06 22:09:58 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk
[2014/01/06 22:09:58 | 000,000,685 | ---- | C] () -- C:\Program Files\application.ini
[2014/01/06 22:09:58 | 000,000,140 | ---- | C] () -- C:\Program Files\platform.ini
[2014/01/06 22:09:58 | 000,000,137 | ---- | C] () -- C:\Program Files\update-settings.ini
[2014/01/06 22:09:58 | 000,000,099 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2014/01/06 22:06:00 | 000,000,907 | ---- | C] () -- C:\Users\m\Desktop\Internet Explorer.lnk
[2014/01/06 19:58:31 | 000,000,864 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/02 16:10:49 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SparkTrust Registration3.job
[2013/12/29 01:40:50 | 000,000,098 | ---- | C] () -- C:\extensions.ini
[2013/12/29 01:40:50 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/12/20 13:02:01 | 000,000,032 | ---- | C] () -- C:\Users\m\AppData\Roaming\WB.CFG
[2013/12/18 10:14:35 | 000,000,907 | ---- | C] () -- C:\Users\m\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/18 10:14:32 | 000,000,946 | ---- | C] () -- C:\Users\m\Desktop\Windows Media Player.lnk
[2013/12/17 07:10:13 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/06 12:15:15 | 000,003,749 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/08/13 12:12:38 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2013/05/31 16:25:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/17 13:02:08 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2013/03/17 12:56:06 | 000,000,693 | ---- | C] () -- C:\Users\m\ScanSnap Manager settings.lnk
[2013/03/17 12:56:06 | 000,000,685 | ---- | C] () -- C:\Users\m\ScanSnap Operator's Guide.lnk
[2013/03/17 12:56:06 | 000,000,645 | ---- | C] () -- C:\Users\m\Readme.lnk
[2013/03/17 12:56:06 | 000,000,593 | ---- | C] () -- C:\Users\m\ScanSnap Manager.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\Startup Register.lnk
[2013/03/17 12:56:06 | 000,000,587 | ---- | C] () -- C:\Users\m\License Agreement.lnk
[2013/03/17 12:55:32 | 000,262,923 | R--- | C] () -- C:\Users\m\setup.inx
[2013/03/17 12:55:32 | 000,005,632 | ---- | C] () -- C:\Users\m\ScanSnap_Prv.prp
[2013/03/17 12:55:32 | 000,004,096 | ---- | C] () -- C:\Users\m\PfuSsMon.fcd
[2013/03/17 12:55:32 | 000,002,453 | ---- | C] () -- C:\Users\m\PfuSsMon32.cfg
[2013/03/17 12:55:32 | 000,000,591 | R--- | C] () -- C:\Users\m\layout.bin
[2013/03/17 12:55:32 | 000,000,076 | R--- | C] () -- C:\Users\m\PfuSsMon.ini
[2013/03/17 12:55:25 | 142,520,210 | R--- | C] () -- C:\Users\m\data2.cab
[2013/03/17 12:55:25 | 001,360,401 | R--- | C] () -- C:\Users\m\data1.cab
[2013/03/17 12:55:25 | 000,163,358 | R--- | C] () -- C:\Users\m\data1.hdr
[2013/03/17 12:55:25 | 000,000,286 | ---- | C] () -- C:\Users\m\ConfigList.cfg
[2013/03/17 12:55:25 | 000,000,060 | ---- | C] () -- C:\Users\m\AppID.cfg
[2013/01/27 14:27:13 | 000,905,728 | -HS- | C] () -- C:\Users\m\ehthumbs_vista.db
[2012/12/31 12:55:49 | 000,024,226 | ---- | C] () -- C:\Users\m\AppData\Roaming\UserTile.png
[2012/04/24 14:44:05 | 000,000,288 | ---- | C] () -- C:\Users\m\AppData\Roaming\.backup.dm
[2011/07/26 16:06:08 | 000,000,552 | ---- | C] () -- C:\Users\m\AppData\Local\d3d8caps.dat
[2011/07/12 07:55:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F3FE1A34-98FB-47FE-BD0D-2324E8BB19FD}
[2011/07/11 21:08:46 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{F8B064F1-9717-436F-911E-42126E10CF0B}
[2011/07/07 19:50:15 | 000,000,000 | ---- | C] () -- C:\Users\m\AppData\Local\{1A0BBB3D-A412-47C8-9AA7-CFF5E223B030}
[2010/11/05 05:58:20 | 000,000,680 | ---- | C] () -- C:\Users\m\AppData\Local\d3d9caps.dat
[2010/11/04 04:42:42 | 000,051,712 | ---- | C] () -- C:\Users\m\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/21 15:22:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/09 16:44:40 | 000,582,737 | ---- | C] () -- C:\Users\m\USA-829-Member-Directory-2009-11-web.pdf
[2009/10/11 04:19:48 | 000,001,566 | ---- | C] () -- C:\Users\m\AppData\Roaming\wklnhst.dat
[2008/05/27 11:38:56 | 000,005,552 | R--- | C] () -- C:\Program Files (x86)\ReadMe.htm

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

 

[ken545]

Hello Steve

SparkTrust <-- This is somewhat of an inferior program, I would uninstall it.

Dont see SWA on your log


See if SWA shows up and then remove it

Internet Explorer

1. Open Internet Explorer
2. Click on Tools up on the top right
3. Click on Manage Add Ons
4. Click on Search Providers
5. Highlite the one you want to remove and select Delete

Firefox

1. Open Firefox
2. Up on the Top Right in the Search Box , click on the down arrow and select Manage Search Engines
3. Highlite the one you want to remove and select Delete

Chrome

1. Open Chrome
2. Up on the Top Right click on the 3 Bars
3. Click on Settings
4. Then Manage Search Engines
5. Highlite the one you want to remove and select Delete

 

[steve100254]

IE Firefox Chrome

Did the requested. I deleted SWA from my registry earlier and then ran S&D which picked up 4 others. I signed up for Sparktrust last week and when it didn't even detect SWA I cancelled the order and gave my money to Spybot instead. Everything seems in order here now. On my other unit WTT wants me to run Linux Puppy so we'll see how that works out. Thanks so much for your help.

S.

 

[steve100254]

Adobe Reader

Just because.........I downloaded AR again and got the same result..........all .exe files switched to AR.......I uninstalled AR and all is well and am running S&D again

 

[steve100254]

S&d

Ran S&D....nothing found............nothing on the registry..........Why can't i get Adobe Reader back?

 

[ken545]

You can download and install Adobe Reader, as you go through the installation read what your installing and dont add any add ons if your prompted to, uncheck them

You will find the download link on the bottom of the page


http://www.adobe.com/

 

[steve100254]

Adobe

I went to the site again..........I was only allowed to download.....there weren't any offers, or click-ons or otherwise anything out of the ordinary......downloaded AR.....same result..........all .exe files changed to AR

 

[ken545]

You need to post in the windows forum at WhattheTech

http://forums.whatthetech.com/index.php?showforum=119

I have a few ideas but you would be better off asking windows people about this

Let me know the outcome

 

[ken545]

Steve, I see they got you up and running again, thats great, now go post in there windows forum about the Adobe problem