UndeadSummonerMila

Members

View Profile See their activity

Posts
16
Joined
June 22, 2012
Last visited
July 20, 2012

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by UndeadSummonerMila

Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

I checked it, what ever it is isn't showing up on the list... I even got rid of its fire wall and used windows firewall. I used Rammap and something is modifying the ram at 1.4million k
- July 20, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

Sorry to double post, can't figure out how to edit... I think I figured it out again... I wonder if it could be the firewall?
- July 16, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

I thought the problem was solved. My brother was able to use it yesterday without the RAM shooting up to high heaven. It was only on for about 9 hours and the ram went back up to about 80% with only MSN running. I thought it had an overheating problem... Since the computer has a problem where the vent is blocked by its own monitor.
- July 16, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

Yeah, the scan came up empty.
- June 29, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

But the % never ever goes back down. it stays at 70 - 90 and then shuts off
- June 27, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

well when it wakes up from hibernate its at an insane usage... Yesterday it was at 88 and I tried to install updates thinking that might have been it... Guess it wasn't a glitch...
- June 26, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

Could it be something to do with shutting the lid? Thats usually when it does it.
- June 26, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila replied to UndeadSummonerMila's topic in General Windows PC Help

4 gigs of ram. Something's up because I checked the resource monitor and it was full of modified memory. Just ran a scan last night with avast nothing was found... No unusual tasks.
- June 26, 2012
- 18 replies
Running computer at 98% Ram used from start

UndeadSummonerMila posted a topic in General Windows PC Help

I am running a laptop that has a small issue, something is eating all of its ram... Not sure what's causing it... I've had it for 3 years Its a windows 7 dell laptop... I hardly use it other than to power the speakers and charge my Iphone... I do use it for a few other things but nothing too taxing.
- June 25, 2012
- 18 replies
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

The incredibar search is still there... I am not sure about the AVG search... I'm not even sure why that's even there... She had no antivirus and I put Avast on her computer...
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

Its still there.
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

All processes killed ========== OTL ========== Unable to set value : HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E! Registry key HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully! HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Unable to set value : HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E! HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found. Registry key HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found. Registry key HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\defaults folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully. Folder move failed. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\content scheduled to be moved on reboot. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com\components folder moved successfully. Folder move failed. C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found. C:\Users\Briana~\AppData\Roaming\PerformerSoft folder moved successfully. C:\4c8370469825473f33ed179d19\searchplugins folder moved successfully. C:\4c8370469825473f33ed179d19 folder moved successfully. C:\Users\Briana~\AppData\Local\Babylon\Setup\searchplugins folder moved successfully. C:\Users\Briana~\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully. C:\Users\Briana~\AppData\Local\Babylon\Setup folder moved successfully. C:\Users\Briana~\AppData\Local\Babylon folder moved successfully. C:\ProgramData\Babylon folder moved successfully. C:\Users\Briana~\AppData\Roaming\Babylon folder moved successfully. ========== FILES ========== File\Folder C:\Program Files (x86)\BabylonToolbar not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Briana~ ->Temp folder emptied: 406943 bytes ->Temporary Internet Files folder emptied: 2690734 bytes ->Google Chrome cache emptied: 363732689 bytes ->Apple Safari cache emptied: 67752960 bytes ->Flash cache emptied: 58678 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 56478 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gooby ->Temp folder emptied: 38459 bytes ->Temporary Internet Files folder emptied: 7576366 bytes ->Google Chrome cache emptied: 377817958 bytes ->Flash cache emptied: 23823 bytes User: Guest ->Temp folder emptied: 1386 bytes ->Temporary Internet Files folder emptied: 27646725 bytes ->Google Chrome cache emptied: 362040036 bytes ->Flash cache emptied: 5232 bytes User: Owner ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1713888 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1840 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33177 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36032207 bytes RecycleBin emptied: 7582429 bytes Total Files Cleaned = 1,197.00 mb Restore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.52.0 log created on 06232012_192029
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 6/23/2012 12:09:00 PM - Run 1 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Briana~\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.96 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.15% Memory free 7.92 Gb Paging File | 5.80 Gb Available in Paging File | 73.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 253.70 Gb Free Space | 85.14% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Briana~ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1003\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.Gooby] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML.Briana~] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htafile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{184355A1-BA61-4FE0-B036-B64DDABECB71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2CE66972-C789-4F06-972D-3E74562E5686}" = lport=138 | protocol=17 | dir=in | app=system | "{2F153D30-81FB-40F8-8953-A8ABDB67BC28}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{4A4A7EF3-C536-42FF-8B8A-6721AE87F1F9}" = rport=10243 | protocol=6 | dir=out | app=system | "{53076A44-3C06-4921-AEAE-4EC5C2FAAF9E}" = lport=445 | protocol=6 | dir=in | app=system | "{588932F3-8269-4AEA-A96A-8DBB56F78FB6}" = lport=2869 | protocol=6 | dir=in | app=system | "{6C6045FA-EC3D-4C8D-97BA-A961F94BCD1A}" = lport=10243 | protocol=6 | dir=in | app=system | "{71E6C909-EF2E-4BD2-A934-6484E08625DF}" = lport=139 | protocol=6 | dir=in | app=system | "{747E696E-3DDC-4661-B424-4BE151576161}" = rport=445 | protocol=6 | dir=out | app=system | "{7A739EE6-C380-4356-8FBC-A2B94B0D5D0D}" = lport=137 | protocol=17 | dir=in | app=system | "{9CB2C371-40CA-4CDE-9942-B98FADB3BF39}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A538B998-416D-4FDE-8DDB-909B3FBFD7A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A7020724-6AA0-4957-8ECA-D95CD663EF1F}" = rport=139 | protocol=6 | dir=out | app=system | "{BE9B13D5-EFB5-45D8-8C07-2DE5BEBF7DF7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{C2434F1B-A424-4D65-B4BE-94153CADC62A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D9EBF892-CD85-4927-B71D-45799279C58A}" = rport=137 | protocol=17 | dir=out | app=system | "{E24CD8FF-F6AC-4F4E-8700-DAC41BB9CEB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{ED64DE5F-C5AA-497A-B367-8EB36E65FD17}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F06ACF02-0EAB-4603-91EC-64ADABA6E2A5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F5F9FC75-95B4-46B0-8ADE-3D3B6404BF2A}" = rport=138 | protocol=17 | dir=out | app=system | "{FD865062-D37E-446F-9FFD-91D92A730018}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00ED9723-B1D4-4AA5-8EB6-81ABA7B72617}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{2A2A0430-2249-4064-8720-C42451FF8A93}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{346D3D0F-1E04-43B9-99C6-4CDDCAA3296B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3AAB84AA-59E9-4D93-91A6-B1A3C6910F9E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{523022F8-39B5-4C0A-8B2E-178719C5FAFB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{5BE4282F-E8D1-4C97-8E4B-243700240D52}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5F46F155-E963-465B-AA3C-F99906A2B612}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{601B1952-A9AB-4959-A3B7-1F3FC24D8583}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{61A161C1-21DE-4974-A99C-3C8CEAEF465D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{6963B6D1-B59B-4E63-A0F5-18E77164D1B8}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{7AA0DC20-3D4D-473A-8D92-C27538EDD128}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{7FF88468-627A-4D46-BE22-55B1061C7565}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{831386BB-EB1E-419A-89ED-6AF1DF4A1C90}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{899B147C-12DB-40B9-AB35-9E2A4D77A75C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{89A91B74-BFAD-4CAC-8EC0-39BBF44AEF96}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C648BC7-11A2-4C6A-8B4C-0A78546C20AF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{9C54427A-F004-4FA7-92A4-EACBF9B7AABE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{A5254097-9320-4A1F-A65F-11FB3B04B2B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BB30F4BD-60A5-4C03-9956-81A7DCB56143}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{BE35815C-061E-439C-8522-6F03542D1B55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C72C7233-A10F-4B2E-940F-D741738DE6AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C81A3A8E-3575-482E-A660-3EA80F3FBF17}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CB8641E6-593B-4DCF-9A43-6285F81FEA46}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | "{CF33E731-6679-444F-8B94-6CC31089AF5B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{D0034AF4-69C7-4A69-81AD-70DCF866EB22}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | "{D0F666E6-D558-492B-885A-0A2592ED1E3C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DB200A35-2C86-457B-8018-B9E6746D5B95}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{E28C44D2-9641-4510-9764-115528D82BF9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | "{E33BA2DC-FA56-4AC3-BE17-7D79AF87438E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{EC8AA469-B723-46FB-9A9A-445FBCE19BC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{ED30A997-302B-453E-B5D1-81A46F48A28B}" = protocol=6 | dir=out | app=system | "{F70BF394-3AF6-4258-B69F-22E0C050B892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "TCP Query User{7444276F-5DB5-4CE3-A1EE-20E4E86A3310}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "TCP Query User{EDC5FCCF-04A6-483E-80C8-311CB7BB5442}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | "UDP Query User{21D0A23B-A436-486A-82BE-48A0215B5C76}C:\program files (x86)\1clickdownload\1clickdownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownloader.exe | "UDP Query User{63C2B64A-70C0-481C-A174-E636226A6B24}C:\users\owner\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\spotify\spotify.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java 6 Update 20 (64-bit) "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support "{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "CCleaner" = CCleaner "HDMI" = Intel® Graphics Media Accelerator Driver "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting "{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD "{451517F1-7E41-400B-AA36-FB7E2563526D}" = Dell Wireless Driver Installation "{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software) "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Internet Security "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "TeamViewer 7" = TeamViewer 7 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/22/2012 9:47:42 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 620229 Error - 6/22/2012 9:47:43 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/22/2012 9:47:43 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 621243 Error - 6/22/2012 9:47:43 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 621243 Error - 6/22/2012 10:24:52 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/22/2012 10:24:52 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1030 Error - 6/22/2012 10:24:52 PM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1030 Error - 6/23/2012 12:02:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 6/23/2012 12:02:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 5882860 Error - 6/23/2012 12:02:53 AM | Computer Name = Owner-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 5882860 [ Media Center Events ] Error - 6/22/2012 8:19:54 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0 Description = 8:19:54 PM - Error connecting to the internet. 8:19:54 PM - Unable to contact server.. [ System Events ] Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = Error - 6/22/2012 10:33:36 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10016 Description = < End of report >
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

Alright... She is up right now and I am scanning. Teamviewer quit on me so I have to run through Avast's thing. I cannot post them it seems, they are too long... \: Hmm OTL logfile created on: 6/23/2012 12:09:00 PM - Run 1 OTL by OldTimer - Version 3.2.52.0 Folder = C:\Users\Briana~\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.96 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 54.15% Memory free 7.92 Gb Paging File | 5.80 Gb Available in Paging File | 73.16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 253.70 Gb Free Space | 85.14% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Briana~ | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/23 12:01:57 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Briana~\Downloads\OTL.exe PRC - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/04/04 06:25:00 | 000,295,584 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe PRC - [2012/03/19 07:38:47 | 007,357,824 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe PRC - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012/03/06 19:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe PRC - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/06/08 10:49:26 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe PRC - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe ========== Modules (No Company Name) ========== MOD - [2012/06/14 13:02:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012/06/14 13:02:24 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012/06/07 04:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll MOD - [2012/06/07 04:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012/06/07 04:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012/06/07 04:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012/06/07 04:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012/06/07 04:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012/06/07 04:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012/06/06 16:05:55 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll MOD - [2012/06/04 14:23:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012/06/04 14:22:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012/06/04 14:22:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012/06/04 14:22:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012/06/04 14:22:24 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012/06/04 14:22:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012/03/06 19:15:12 | 000,030,384 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\screenhooks32.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/03/06 19:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012/03/06 19:15:13 | 000,134,920 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2009/11/17 18:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2012/06/21 21:50:35 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/05/30 13:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/03/19 07:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2010/06/08 10:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel® SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/05/21 08:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard) DRV:64bit: - [2012/03/06 19:04:31 | 000,141,144 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012/03/06 19:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012/03/06 19:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012/03/06 19:03:29 | 000,258,904 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012/03/06 19:02:45 | 000,028,504 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012/03/06 19:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Unknown] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012/03/06 19:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012/03/06 19:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/03/06 19:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012/03/06 18:44:51 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/09/30 15:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010/09/30 15:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010/06/21 22:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010/06/08 10:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/11/06 15:05:32 | 007,370,304 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={B6BA9244-80C2-470D-BCB9-E9384B5FEBE3}&mid=ed7c4c57ed2b47d0b606107081c3727e-a1769da1977c369533a1d3d476ed2da5fae15cae〈=en&ds=pp011&pr=sa&d=2012-06-20 16:44:27&v=11.1.0.7&sap=hp IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B6BA9244-80C2-470D-BCB9-E9384B5FEBE3}&mid=ed7c4c57ed2b47d0b606107081c3727e-a1769da1977c369533a1d3d476ed2da5fae15cae〈=en&ds=pp011&pr=sa&d=2012-06-20 16:44:27&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylon.com/?AF=111916&babsrc=HP_ss&mntrId=8004f3cb000000000000061bb1ecdc27 IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=111916&babsrc=SP_ss&mntrId=8004f3cb000000000000061bb1ecdc27 IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={B6BA9244-80C2-470D-BCB9-E9384B5FEBE3}&mid=ed7c4c57ed2b47d0b606107081c3727e-a1769da1977c369533a1d3d476ed2da5fae15cae〈=en&ds=pp011&pr=sa&d=2012-06-20 16:44:27&v=11.1.0.7&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb128/?search={searchTerms}&loc=IB_DS&a=6R8wBBCoxo&i=26 IE - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Briana~\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Briana~\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\bProtectorForWindows\2.2.453.59\FirefoxExtension [2012/06/20 16:48:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Briana~\AppData\Roaming\Mozilla\Firefox\Profiles\extensions [2012/06/20 20:52:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/06/20 20:52:34 | 000,000,000 | ---D | M] (Babylon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\ffxtlbr@babylon.com ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}, CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Briana~\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Perion plugin (Enabled) = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\npSkypeChromePlugin.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\Briana~\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: Theme Creator = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\ CHR - Extension: YouTube = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google Search = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Stylish = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_1\ CHR - Extension: New Tab for Chrome = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\ CHR - Extension: Skype Click to Call = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10201_0\ CHR - Extension: Gmail = C:\Users\Briana~\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012/06/22 02:57:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2729589744-3720136073-1283141420-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5438A9EF-C342-4402-9583-F375A3C662BD}: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3 O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/23 11:55:35 | 000,141,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys [2012/06/23 11:55:27 | 000,258,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys [2012/06/23 11:55:27 | 000,028,504 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys [2012/06/23 11:55:27 | 000,012,368 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswNdis.sys [2012/06/23 11:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security [2012/06/23 11:41:42 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys [2012/06/23 11:41:41 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2012/06/23 11:41:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys [2012/06/23 11:41:37 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2012/06/23 11:41:37 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys [2012/06/23 11:41:33 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe [2012/06/23 11:41:33 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys [2012/06/23 11:41:05 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2012/06/23 11:41:04 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe [2012/06/23 11:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012/06/23 11:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012/06/23 10:37:46 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9.5 [2012/06/22 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Microsoft Games [2012/06/22 12:44:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012/06/22 03:02:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012/06/22 03:00:52 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\TeamViewer [2012/06/22 02:47:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/22 02:47:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/22 02:47:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/22 02:47:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/22 02:47:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012/06/22 02:32:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/06/22 02:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/06/22 02:24:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012/06/22 02:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012/06/22 02:19:50 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Malwarebytes [2012/06/22 02:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/22 02:19:45 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/06/22 02:19:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/06/22 02:19:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/22 02:13:17 | 000,000,000 | ---D | C] -- C:\Users\Briana~\Documents\tdsskiller [2012/06/22 02:06:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012/06/21 21:50:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2012/06/21 21:31:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari [2012/06/21 15:22:53 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012/06/21 14:19:17 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Intel Corporation [2012/06/21 13:28:27 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012/06/21 13:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012/06/21 13:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012/06/20 21:11:20 | 002,128,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Briana~\Desktop\TDSSKiller.exe [2012/06/20 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files\Square Soft, Inc [2012/06/20 20:53:32 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformer [2012/06/20 20:53:22 | 000,000,000 | ---D | C] -- C:\4c8370469825473f33ed179d19 [2012/06/20 20:52:38 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\PerformerSoft [2012/06/20 20:52:37 | 000,019,000 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe [2012/06/20 20:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Performer [2012/06/20 20:52:22 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Babylon [2012/06/20 20:52:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon [2012/06/20 20:52:21 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Babylon [2012/06/20 20:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins [2012/06/20 20:52:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions [2012/06/20 20:52:17 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows [2012/06/20 19:29:23 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\WinZip [2012/06/20 19:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion [2012/06/20 19:21:16 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\WinZip [2012/06/20 16:49:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012/06/20 16:48:55 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012/06/20 16:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer [2012/06/20 16:48:24 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Mozilla [2012/06/20 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload [2012/06/20 16:44:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012/06/14 16:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2012/06/14 16:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012/06/14 16:55:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2012/06/14 16:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012/06/14 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2012/06/14 15:57:47 | 000,000,000 | ---D | C] -- C:\Users\Briana~\Adobe [2012/06/14 15:55:55 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/06/14 15:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012/06/14 15:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant [2012/06/14 15:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2012/06/14 15:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2012/06/14 15:55:18 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Adobe [2012/06/13 23:35:08 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Apple Computer [2012/06/12 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Skype [2012/06/09 12:41:00 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Apple [2012/06/08 01:16:06 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\ElevatedDiagnostics [2012/06/05 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Macromedia [2012/06/05 00:47:15 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Adobe [2012/06/05 00:45:34 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Google [2012/06/05 00:45:11 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Apps [2012/06/05 00:45:10 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Deployment [2012/06/05 00:42:37 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\SupportSoft [2012/06/05 00:42:37 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Apple Computer [2012/06/05 00:42:30 | 000,000,000 | R--D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012/06/05 00:42:30 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Searches [2012/06/05 00:42:30 | 000,000,000 | R--D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012/06/05 00:42:30 | 000,000,000 | -H-D | C] -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2012/06/05 00:42:23 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Identities [2012/06/05 00:42:21 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Contacts [2012/06/05 00:42:15 | 000,000,000 | --SD | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Videos [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Saved Games [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Pictures [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Music [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Links [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Favorites [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Downloads [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Documents [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\Desktop [2012/06/05 00:42:15 | 000,000,000 | R--D | C] -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\AppData\Local\Temporary Internet Files [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Templates [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Start Menu [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\SendTo [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Recent [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\PrintHood [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\NetHood [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Documents\My Videos [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Documents\My Pictures [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Documents\My Music [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\My Documents [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Local Settings [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\AppData\Local\History [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Cookies [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\Application Data [2012/06/05 00:42:15 | 000,000,000 | -HSD | C] -- C:\Users\Briana~\AppData\Local\Application Data [2012/06/05 00:42:15 | 000,000,000 | -H-D | C] -- C:\Users\Briana~\AppData [2012/06/05 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Temp [2012/06/05 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Local\Microsoft [2012/06/05 00:42:15 | 000,000,000 | ---D | C] -- C:\Users\Briana~\AppData\Roaming\Media Center Programs [2012/06/04 20:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012/06/04 19:26:50 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/06/04 19:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2012/06/01 17:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2012/05/31 03:23:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat [2012/05/31 03:23:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat [2012/05/31 02:43:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/31 02:43:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2012/05/31 02:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/31 02:42:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/05/31 02:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/31 02:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012/05/31 02:42:51 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2012/05/31 02:38:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2012/05/31 02:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2012/05/31 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/05/31 02:38:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2012/05/31 02:38:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2012/05/31 02:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2012/05/30 17:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/05/30 17:56:28 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad [2012/05/30 17:55:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Digital Line Detect [2012/05/30 17:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modem Diagnostic Tool [2012/05/30 17:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool [2012/05/30 17:52:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting [2012/05/30 17:52:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netwaiting [2012/05/30 17:51:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SupportSoft [2012/05/30 17:50:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center [2012/05/30 17:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PCDr [2012/05/30 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportsoft [2012/05/30 17:50:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Support Center [2012/05/30 17:48:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dell [2012/05/30 17:46:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64 [2012/05/30 17:46:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang [2012/05/30 17:44:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012/05/30 17:41:40 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2012/05/30 17:41:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2012/05/30 17:41:32 | 000,000,000 | ---D | C] -- C:\Intel [2012/05/30 17:40:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2012/05/30 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012/05/30 17:40:32 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2012/05/30 17:40:32 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2012/05/30 17:40:31 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2012/05/30 17:40:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2012/05/30 17:40:31 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2012/05/30 17:40:31 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2012/05/30 17:40:31 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2012/05/30 17:40:31 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2012/05/30 17:40:30 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2012/05/30 17:40:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2012/05/30 17:40:26 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2012/05/30 17:37:28 | 001,594,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys [2012/05/30 17:37:28 | 001,594,368 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys [2012/05/30 17:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dell Wireless [2012/05/30 17:33:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2012/05/30 17:33:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2012/05/30 17:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink [2012/05/30 17:29:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/23 11:55:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2012/06/23 11:54:34 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012/06/23 11:47:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/23 11:27:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1004UA.job [2012/06/23 11:25:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1003UA.job [2012/06/23 10:37:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/22 20:25:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1003Core.job [2012/06/22 16:15:35 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1004Core.job [2012/06/22 03:05:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 03:05:57 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/22 02:57:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012/06/22 02:56:25 | 3191,623,680 | -HS- | M] () -- C:\hiberfil.sys [2012/06/22 02:13:18 | 002,128,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Briana~\Desktop\TDSSKiller.exe [2012/06/21 21:31:42 | 000,109,016 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012/06/21 21:31:20 | 000,002,515 | ---- | M] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/06/21 21:31:20 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/06/21 19:48:39 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/21 19:48:39 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/21 19:48:39 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/20 20:52:35 | 000,000,684 | ---- | M] () -- C:\user.js [2012/06/16 12:33:24 | 004,891,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012/06/05 00:44:39 | 000,001,441 | ---- | M] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/05/31 03:06:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2012/05/31 03:06:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2012/05/31 02:43:04 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/30 18:01:25 | 000,015,140 | ---- | M] () -- C:\Windows\SysNative\results.xml [2012/05/30 17:57:00 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012/05/30 17:56:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/23 11:54:34 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk [2012/06/23 11:41:33 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt [2012/06/22 02:47:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/22 02:47:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/22 02:47:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/22 02:47:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/22 02:47:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/22 02:06:24 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012/06/21 21:50:35 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/21 21:31:42 | 000,109,016 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012/06/21 21:31:20 | 000,002,515 | ---- | C] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2012/06/21 21:31:20 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk [2012/06/21 21:31:20 | 000,002,491 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk [2012/06/21 15:22:13 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1004UA.job [2012/06/21 15:22:13 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1004Core.job [2012/06/20 16:49:05 | 000,000,684 | ---- | C] () -- C:\user.js [2012/06/14 16:59:36 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk [2012/06/14 16:59:06 | 000,001,211 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk [2012/06/14 16:58:34 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk [2012/06/14 16:58:18 | 000,001,173 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk [2012/06/14 16:56:24 | 000,001,357 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk [2012/06/14 16:56:22 | 000,001,523 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk [2012/06/14 15:55:52 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk [2012/06/05 00:44:39 | 000,001,441 | ---- | C] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2012/06/05 00:42:34 | 000,001,413 | ---- | C] () -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012/06/05 00:42:31 | 000,001,447 | ---- | C] () -- C:\Users\Briana~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012/06/05 00:42:15 | 000,000,290 | ---- | C] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2012/06/05 00:42:15 | 000,000,272 | ---- | C] () -- C:\Users\Briana~\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2012/05/31 03:06:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2012/05/31 03:06:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2012/05/31 02:43:04 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/31 02:38:49 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2012/05/30 20:20:10 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1003UA.job [2012/05/30 20:20:10 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2729589744-3720136073-1283141420-1003Core.job [2012/05/30 18:01:25 | 000,015,140 | ---- | C] () -- C:\Windows\SysNative\results.xml [2012/05/30 17:56:59 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk [2012/05/30 17:56:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf [2012/05/30 17:46:00 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa [2012/05/30 17:46:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2012/05/30 17:46:00 | 000,982,220 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin [2012/05/30 17:46:00 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp [2012/05/30 17:46:00 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp [2012/05/30 17:46:00 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp [2012/05/30 17:46:00 | 000,004,440 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp [2012/05/30 17:46:00 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp [2012/05/30 17:45:59 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2012/05/30 17:45:59 | 000,134,592 | ---- | C] () -- C:\Windows\SysNative\igfcg500.bin [2012/05/30 17:45:59 | 000,092,216 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2012/05/30 17:45:59 | 000,092,216 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin [2012/05/30 17:45:58 | 000,439,300 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2012/05/30 17:45:58 | 000,439,300 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin [2012/05/30 17:40:37 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat [2012/05/30 17:37:28 | 000,021,162 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf [2012/05/30 17:37:28 | 000,008,806 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat ========== LOP Check ========== [2012/06/20 20:52:21 | 000,000,000 | ---D | M] -- C:\Users\Briana~\AppData\Roaming\Babylon [2012/06/14 15:55:55 | 000,000,000 | ---D | M] -- C:\Users\Briana~\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012/06/21 02:28:32 | 000,000,000 | ---D | M] -- C:\Users\Briana~\AppData\Roaming\PerformerSoft [2012/06/22 03:09:27 | 000,000,000 | ---D | M] -- C:\Users\Briana~\AppData\Roaming\TeamViewer [2012/06/20 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Briana~\AppData\Roaming\WinZip [2009/07/14 01:08:49 | 000,012,860 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report >
Incredibar Infection

UndeadSummonerMila replied to UndeadSummonerMila's topic in Resolved Malware Removal Logs

I will be able to do this when my friend gets back online. I am remotely fixing her computer. I hope you do not mind the wait...
Incredibar Infection

UndeadSummonerMila posted a topic in Resolved Malware Removal Logs

I am trying to help someone get rid of Incredibar. She uses google chrome and I tried to remove it via Mbam, seems that it still redirects her to the Incredibar search and the AVG search... I also checked in the add/remove programs and there is no Incredibar there... Any help please?

Sign In

UndeadSummonerMila

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by UndeadSummonerMila

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Running computer at 98% Ram used from start

Incredibar Infection

Incredibar Infection

Incredibar Infection

Incredibar Infection

Incredibar Infection

Incredibar Infection

Incredibar Infection

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information