Jump to content

HemiGuy

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral

About HemiGuy

  • Birthday 03/29/1963

Contact Methods

  • Yahoo
    tbonziron@sbcglobal.net
  1. ok, the first time I copied/pasted that text in the window, it pasted all in one line. This time when I pasted it I hit enter where the lines are supposed to be divided and looked like the original and this is what came back. I also shut off ALL of my virus scanners and fire walls. All processes killed ========== FILES ========== C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.html moved successfully. C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe moved successfully. C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\Setup.exe moved successfully. C:\Users\Kat Cyganiak\Downloads\WinZip170.exe moved successfully. File\Folder [EmptyTemp] not found. OTL by OldTimer - Version 3.2.69.0 log created on 01242013_180137 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot... My computer seems to be quite a bit faster
  2. It seems to be running ok, no BIG change. I don't know if it matters but on the (processes killed) I still see the google chrome thing and Frostwire and MP3 convert things. ALL of these were deleted (uninstalled) but like I said I am not THAT savy. THANKS AGAIN! All processes killed Error: Unable to interpret <:FilesC:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.htmlC:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exeC:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exeC:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exeC:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exeC:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exeC:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exeC:\Users\Kat Cyganiak\Downloads\Setup.exeC:\Users\Kat Cyganiak\Downloads\WinZip170.exe[EmptyTemp]> in the current context! OTL by OldTimer - Version 3.2.69.0 log created on 01222013_204856 Files\Folders moved on Reboot... PendingFileRenameOperations files... Registry entries deleted on Reboot...
  3. sorry again, Heres that log from ESET. WOW the word Trojan is in there a lot! C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Default\aalecobnbdlnmjlmkbmefgeecfnlnhjl\background.html Win32/BHO.OEI trojan C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\1eae594e-6e4fce4c a variant of Java/Exploit.Agent.NEA trojan C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\34182e61-687a0d34 a variant of Java/TrojanDownloader.Agent.NBA trojan C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\67c420ef-552a2e2f a variant of Java/Exploit.CVE-2012-4681.CD trojan C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\10663c71-71541a46 a variant of Java/Exploit.Agent.NEA trojan C:\Users\Kat Cyganiak\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\729f233f-3f2be397 a variant of Java/Exploit.Agent.NEA trojan C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.5.windows.exe Win32/OpenCandy application C:\Users\Kat Cyganiak\AppData\Roaming\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application C:\Users\Kat Cyganiak\Downloads\cbsidlm-tr1_7-Free_Convert_MP3_to_WMA-SEO-75176736.exe Win32/DownloadAdmin.D application C:\Users\Kat Cyganiak\Downloads\DownloadManagerSetup.exe a variant of Win32/InstallCore.BB application C:\Users\Kat Cyganiak\Downloads\FreeMp3WmaConverterSetup-r100-w.exe Win32/Toolbar.SearchSuite application C:\Users\Kat Cyganiak\Downloads\installer_adobe_illustrator.exe multiple threats C:\Users\Kat Cyganiak\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application C:\Users\Kat Cyganiak\Downloads\WinZip170.exe a variant of Win32/OpenInstall application C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP8AK6ME\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FP8AK6ME\updater-startnow-200-2.5-g[1].exe a variant of Win32/Toolbar.Zugo application
  4. Sorry it took so long my Father is in the hospital, he has cancer. Anyway here are the logs you asked for. There are two logs for the MBAM because I forgot to shut down McAfee the first time and and it "QUARANTINED" the infected stuff. I keep noticing that this "FUNMOODS" SEARCH tab keeps popping up in the background of Google Chrome when my daughter uses it. (I HATE G.C.) so I uninstalled it. Don't know if that was cool or not, That FUNMOODS thing just wouldn't GO AWAY. If I "Fed"up I'm sorry, I said I would follow directions, PLEASE don't blow me off now:( Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.15.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Kat Cyganiak :: CYGANIAKS-PC [administrator] 1/14/2013 7:26:25 PM mbam-log-2013-01-14 (19-26-25).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 552603 Time elapsed: 2 hour(s), 57 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully. HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully. (end) Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.15.02 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Kat Cyganiak :: CYGANIAKS-PC [administrator] 1/15/2013 6:50:06 PM mbam-log-2013-01-15 (18-50-06).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 552774 Time elapsed: 1 hour(s), 36 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.4.2 (01.08.2013:1) OS: Windows Vista Home Premium x64 Ran by Kat Cyganiak on Tue 01/15/2013 at 3:00:12.43 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\datamngr_toolbar Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\crossrider Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\fun web products Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\funwebproducts Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\esrv.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.BHO Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\CrossriderApp0021802.Sandbox.1 Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINE\software\classes\Toolbar.CT1641676 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110211181102} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110211181102} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{d824f0de-3d60-4f57-9eb1-66033ecd8abb} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess" Successfully deleted: [Folder] "C:\ProgramData\trymedia" Successfully deleted: [Folder] "C:\ProgramData\wecarereminder" Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\AppData\Roaming\funmoods" Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\AppData\Roaming\opencandy" Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\local\opencandy" Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\locallow\conduit" Successfully deleted: [Folder] "C:\Users\Kat Cyganiak\appdata\locallow\datamngr" ~~~ FireFox Successfully deleted: [File] C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\user.js Successfully deleted: [File] C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\searchplugins\search_results.xml Successfully deleted the following from C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\prefs.js user_pref("browser.search.order.1", "Search Results"); user_pref("extensions.funmoods.aflt", "adknlg1y"); user_pref("extensions.funmoods.autoRvrt", false); user_pref("extensions.funmoods.dfltLng", ""); user_pref("extensions.funmoods.dfltSrch", true); user_pref("extensions.funmoods.dnsErr", true); user_pref("extensions.funmoods.envrmnt", "production"); user_pref("extensions.funmoods.excTlbr", false); user_pref("extensions.funmoods.hmpg", true); user_pref("extensions.funmoods.hmpgUrl", "http://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtF user_pref("extensions.funmoods.id", "002564D74ED48B11"); user_pref("extensions.funmoods.instlDay", "15713"); user_pref("extensions.funmoods.instlRef", "adknlg1y"); user_pref("extensions.funmoods.isdcmntcmplt", true); user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); user_pref("extensions.funmoods.newTabUrl", "http://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutB user_pref("extensions.funmoods.prdct", "funmoods"); user_pref("extensions.funmoods.prtnrId", "funmoods"); user_pref("extensions.funmoods.srchPrvdr", "Funmoods"); user_pref("extensions.funmoods.tlbrId", "base"); user_pref("extensions.funmoods.tlbrSrchUrl", "http://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2Xzu user_pref("extensions.funmoods.vrsn", "1.5.23.22"); user_pref("extensions.funmoods.vrsni", "1.5.23.22"); user_pref("extensions.funmoods_i.newTab", true); user_pref("extensions.funmoods_i.smplGrp", "none"); user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2221:40:58"); Emptied folder: C:\Users\Kat Cyganiak\AppData\Roaming\mozilla\firefox\profiles\sojvyjpv.default\minidumps [14 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 01/15/2013 at 3:08:01.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  5. OK, I did what you said to a "T" and both programs didn't run as you said they would. I shut down ALL of my McAfee and it was red. I got some error screen shots saying I had "processes running that may not allow CombFix to work properly". Only on the ComboFix scan. But the report said it was still running. Maybe I'm reading it wrong and should just do what I'm told. Here are the 2 log reports. --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 6432174080, free: 4173111296 ------------ Kernel report ------------ 01/09/2013 23:22:31 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\acpi.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\drivers\mfehidk.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\msrpc.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\McPvDrv.sys \SystemRoot\System32\drivers\ecache.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\drivers\crcdisk.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\tunmp.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\system32\DRIVERS\nvBridge.kmd \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\ohci1394.sys \SystemRoot\system32\DRIVERS\1394BUS.SYS \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\msiscsi.sys \SystemRoot\system32\DRIVERS\storport.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\nvhda64v.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\MOBK.sys \SystemRoot\System32\Drivers\Fs_Rec.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\DRIVERS\rasacd.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\mfewfpk.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\smb.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\drivers\mfeavfk.sys \SystemRoot\system32\drivers\mfefirek.sys \SystemRoot\system32\DRIVERS\mfencbdc.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\system32\DRIVERS\usbprint.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\system32\DRIVERS\kbdhid.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\spsys.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\drivers\mrxdav.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\system32\drivers\cfwids.sys \SystemRoot\system32\drivers\mfeapfk.sys \??\C:\Users\KATCYG~1\AppData\Local\Temp\aswMBR.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8007c0f060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000072\ Lower Device Object: 0xfffffa8008af6640 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8008719060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000071\ Lower Device Object: 0xfffffa8008af6060 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa800871b060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000070\ Lower Device Object: 0xfffffa8008f2bb70 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa80085ad060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\0000006f\ Lower Device Object: 0xfffffa80086ca9b0 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80066c7060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8006427520 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Downloaded database version: v2013.01.10.02 Downloaded database version: v2013.01.04.01 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80066c7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80066920e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80066c7060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa800642b520, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa8006427520, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8800fc7b550, 0xfffffa80066c7060, 0xfffffa80196c9080 Lower DeviceData: 0xfffff880123548c0, 0xfffffa8006427520, 0xfffffa80158748f0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 22CF417C Partition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 80262 Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 81920 Numsec = 30720000 Partition 2 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 30801920 Numsec = 945969200 Partition file system is NTFS Partition is bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500107862016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)... Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa80085ad060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008538b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80085ad060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa80086ca9b0, DeviceName: \Device\0000006f\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa800871b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008719b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800871b060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008f2bb70, DeviceName: \Device\00000070\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8008719060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800871bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008719060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008af6060, DeviceName: \Device\00000071\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8007c0f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007c272e0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007c0f060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa8008af6640, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Done! Performing system, memory and registry scan... Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll --> [PUP.215Apps] Infected: HKLM\SOFTWARE\CLASSES\TYPELIB\{44444444-4444-4444-4444-440244184402}\1.0\0\win32 --> [PUP.215Apps] Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll --> [PUP.215Apps] Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe --> [PUP.215Apps] Infected: C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe --> [PUP.215Apps] Infected: HKLM\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods] Infected: HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods] Infected: HKCU\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} --> [PUP.Funmoods] Infected: HKCU\SOFTWARE\INSTALLCORE\funmoods --> [PUP.FunMoods] Done! Scan finished Creating System Restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.0.6002 Windows Vista Service Pack 2 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_30 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.660000 GHz Memory total: 6432174080, free: 5185740800 ComboFix 13-01-08.01 - Kat Cyganiak 01/10/2013 13:21:13.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6134.4217 [GMT -6:00] Running from: c:\users\Kat Cyganiak\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kat Cyganiak\AppData\Roaming\E2C539 c:\users\Public\invokesi.exe c:\windows\security\Database\tmp.edb c:\windows\SysWow64\Cache c:\windows\SysWow64\Cache\272512937d9e61a4.fb c:\windows\SysWow64\Cache\287204568329e189.fb c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb c:\windows\SysWow64\Cache\3917078cb68ec657.fb c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb c:\windows\SysWow64\Cache\610289e025a3ee9a.fb c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb c:\windows\SysWow64\Cache\6d03dad1035885d3.fb c:\windows\SysWow64\Cache\a8556537add6dfc5.fb c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb c:\windows\SysWow64\Cache\bc700ca0c660fd66.fb c:\windows\SysWow64\Cache\c1fa887b03019701.fb c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb c:\windows\SysWow64\Cache\d201ef9910cd39de.fb c:\windows\SysWow64\Cache\d2e94710a5708128.fb c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb c:\windows\SysWow64\Cache\f998975c9cc711ee.fb . . ((((((((((((((((((((((((( Files Created from 2012-12-10 to 2013-01-10 ))))))))))))))))))))))))))))))) . . 2013-01-10 19:33 . 2013-01-10 19:51 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\temp 2013-01-10 19:33 . 2013-01-10 19:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-10 04:31 . 2013-01-10 04:31 -------- d-----w- C:\_OTL 2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\skins 2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\w 2013-01-10 04:29 . 2013-01-10 04:29 -------- d-----w- C:\Cache 2013-01-09 06:16 . 2012-11-20 04:22 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll 2013-01-09 06:16 . 2012-11-20 04:21 253952 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 06:15 . 2012-11-23 01:54 2770432 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 06:15 . 2012-11-02 10:47 1869824 ----a-w- c:\windows\system32\msxml3.dll 2013-01-09 06:15 . 2012-11-02 10:47 1794560 ----a-w- c:\windows\system32\msxml6.dll 2013-01-09 06:15 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-01-09 06:15 . 2012-11-02 10:19 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-01-09 06:15 . 2012-11-22 04:22 456192 ----a-w- c:\windows\system32\shlwapi.dll 2013-01-09 03:57 . 2013-01-09 04:00 -------- d-----w- c:\programdata\MFAData 2013-01-09 03:57 . 2013-01-09 03:57 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\MFAData 2013-01-09 03:57 . 2013-01-09 03:57 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Avg2013 2013-01-09 03:42 . 2005-03-12 06:07 87040 ----a-w- c:\windows\system32\pdfcmnnt.dll 2013-01-09 03:42 . 1998-06-24 06:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX 2013-01-09 03:42 . 2013-01-09 03:42 -------- d-----w- c:\program files (x86)\PDFCreator 2013-01-09 03:42 . 1998-07-06 06:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL 2013-01-09 03:41 . 2013-01-09 03:41 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Shopping Sidekick Plugin 2013-01-09 03:41 . 2013-01-10 08:19 -------- d-----w- c:\program files (x86)\Shopping Sidekick Plugin 2013-01-09 03:41 . 2013-01-09 03:41 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\Funmoods 2013-01-08 05:07 . 2013-01-08 05:07 -------- d-----w- c:\program files\ESET 2013-01-07 22:12 . 2013-01-07 22:12 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\programdata\Symantec 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\windows\system32\drivers\NSSx64 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\programdata\Norton 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\program files (x86)\Norton Security Scan 2013-01-07 12:48 . 2013-01-07 12:48 -------- d-----w- c:\program files (x86)\NortonInstaller 2013-01-07 12:07 . 2013-01-07 12:07 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\RealNetworks 2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\program files (x86)\RealNetworks 2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\programdata\RealNetworks 2013-01-07 12:03 . 2013-01-07 12:03 -------- d-----w- c:\program files (x86)\Common Files\xing shared 2013-01-07 12:02 . 2013-01-07 12:02 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2013-01-07 12:02 . 2013-01-07 12:02 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2013-01-07 11:59 . 2013-01-07 11:59 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\Real 2013-01-07 11:09 . 2013-01-07 11:10 -------- d-----w- C:\FRST 2013-01-07 05:00 . 2013-01-07 05:00 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\WinZip 2013-01-07 04:59 . 2013-01-07 04:59 -------- d-----w- c:\programdata\WinZip 2013-01-07 04:59 . 2013-01-07 04:59 -------- d-----w- c:\program files\WinZip 2013-01-05 01:42 . 2013-01-05 02:11 -------- d-----w- c:\users\Kat Cyganiak\AppData\Local\McAfee File Lock 2013-01-04 23:48 . 2013-01-04 23:48 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\McAfee File Lock 2013-01-04 23:48 . 2012-05-28 16:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-12-21 16:00 . 2012-12-21 16:00 -------- d-----w- c:\users\Kat Cyganiak\AppData\Roaming\Malwarebytes 2012-12-21 16:00 . 2012-12-21 16:00 -------- d-----w- c:\programdata\Malwarebytes 2012-12-21 16:00 . 2013-01-04 06:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-21 16:00 . 2012-12-14 22:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-21 14:48 . 2013-01-10 04:29 -------- d-----w- C:\e 2012-12-21 14:48 . 2013-01-10 04:29 -------- d-----w- C:\Data 2012-12-21 09:00 . 2012-12-16 13:31 48128 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 09:00 . 2012-12-16 13:12 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 09:00 . 2012-12-16 11:08 368128 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 09:00 . 2012-12-16 10:50 293376 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-13 16:26 . 2012-12-13 16:27 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2012-12-13 16:21 . 2012-12-13 16:21 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2012-12-13 16:21 . 2012-12-13 16:21 -------- d-----w- c:\program files (x86)\QuickTime 2012-12-13 09:01 . 2012-11-14 06:11 2312704 ----a-w- c:\windows\system32\jscript9.dll 2012-12-13 01:18 . 2012-09-28 16:34 1210368 ----a-w- c:\windows\system32\kernel32.dll 2012-12-13 01:18 . 2012-08-21 11:50 267648 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 01:17 . 2012-11-13 01:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-13 01:17 . 2012-11-13 01:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-13 01:17 . 2012-11-02 10:45 477696 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 01:17 . 2012-11-02 10:45 68096 ----a-w- c:\windows\system32\dpnathlp.dll 2012-12-13 01:17 . 2012-11-02 10:18 376320 ----a-w- c:\windows\SysWow64\dpnet.dll 2012-12-13 01:17 . 2012-11-02 08:59 26112 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-13 01:17 . 2012-11-02 08:26 23040 ----a-w- c:\windows\SysWow64\dpnsvr.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 10:29 . 2012-03-29 13:58 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 10:29 . 2012-03-14 17:41 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 09:03 . 2006-11-02 12:35 67599240 ----a-w- c:\windows\system32\mrt.exe 2012-11-09 12:40 . 2012-11-09 12:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-11-09 12:37 . 2011-12-06 23:44 339776 ----a-w- c:\windows\system32\drivers\mfewfpk.sys 2012-11-09 12:37 . 2011-12-06 23:28 177680 ----a-w- c:\windows\system32\mfevtps.exe 2012-11-09 12:35 . 2011-03-13 17:20 771096 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2012-11-09 12:34 . 2012-11-09 12:34 515528 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-11-09 12:34 . 2012-11-09 12:34 309400 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-11-09 12:33 . 2012-11-09 12:33 178840 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2012-11-02 07:46 . 2012-11-02 07:46 97208 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2012-11-02 07:46 . 2012-11-02 07:46 328976 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2012-11-02 07:46 . 2012-11-02 07:46 10544 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx 2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts 2012-10-19 15:51 . 2012-09-26 04:30 74120 ----a-w- c:\windows\system32\drivers\McPvDrv.sys 2012-05-17 15:52 . 2012-11-18 07:17 172400 ----a-w- c:\program files (x86)\2pres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll" [2012-11-26 1525088] . [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1] [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}] [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9ee802e8-c931-47ab-b570-aa8f791598ca}] 2009-11-20 08:22 2166296 ----a-w- c:\program files (x86)\eMusic\tbeMu1.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{9ee802e8-c931-47ab-b570-aa8f791598ca}"= "c:\program files (x86)\eMusic\tbeMu1.dll" [2009-11-20 2166296] . [HKEY_CLASSES_ROOT\clsid\{9ee802e8-c931-47ab-b570-aa8f791598ca}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-07-07 1779952] "YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856] "dcmsvc"="c:\program files (x86)\dcmsvc\dcmsvc.exe" [2009-04-07 30440] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-29 151952] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "YMailAdvisor"="c:\program files (x86)\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-10-07 454160] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2013-01-07 295072] . c:\users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . c:\users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2010-3-20 95232] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-10-18 685496] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-03-31 92160] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 10:29] . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 18:56] . 2013-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-14 18:56] . 2013-01-09 c:\windows\Tasks\Norton Security Scan for Kat Cyganiak.job - c:\progra~2\NORTON~2\Engine\376~1.5\Nss.exe [2013-01-07 10:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK] @="{3c3f3c1a-9153-7c05-f938-622e7003894d}" [HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}] 2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2] @="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}" [HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}] 2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3] @="{b4caf489-1eec-c617-49ad-8d7088598c06}" [HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}] 2010-04-14 02:11 3816248 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBKshell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-17 16308768] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 192.168.*.*;<local> uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s Trusted Zone: internet Trusted Zone: mcafee.com Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p= FF - ExtSQL: 2013-01-03 11:08; {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi FF - ExtSQL: 2013-01-03 11:08; {4176DFF4-4698-11DE-BEEB-45DA55D89593}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi FF - ExtSQL: 2013-01-03 11:08; {3e0c7f3a-3f50-4730-beb5-4a9a10e2831c}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c} FF - ExtSQL: 2013-01-03 11:08; {2b5e07c4-cc81-4624-8936-820622afdbd5}; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{2b5e07c4-cc81-4624-8936-820622afdbd5}.xpi FF - ExtSQL: 2013-01-03 11:08; twitter@disconnect.me; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\twitter@disconnect.me.xpi FF - ExtSQL: 2013-01-03 11:08; personas@christopher.beard; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\personas@christopher.beard.xpi FF - ExtSQL: 2013-01-03 11:08; chromeview@systemantics.net; c:\users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\chromeview@systemantics.net.xpi FF - user.js: yahoo.ytff.general.dontshowhpoffer - true FF - user.js: extensions.funmoods.hmpg - true FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836 FF - user.js: extensions.funmoods.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Funmoods FF - user.js: extensions.funmoods.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836 FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836&q= FF - user.js: extensions.funmoods.id - 002564D74ED48B11 FF - user.js: extensions.funmoods.instlDay - 15713 FF - user.js: extensions.funmoods.vrsn - 1.5.23.22 FF - user.js: extensions.funmoods.vrsni - 1.5.23.22 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2221:40 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - adknlg1y FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - adknlg1y FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods.envrmnt - production FF - user.js: extensions.funmoods.isdcmntcmplt - true FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0 . - - - - ORPHANS REMOVED - - - - . BHO-{11111111-1111-1111-1111-110211181102} - c:\program files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll BHO-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll Toolbar-{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - c:\progra~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll Toolbar-10 - (no file) Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Kat Cyganiak\AppData\Local\Akamai\netsession_win.exe Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-ROC_roc_ssl_v12 - c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe SafeBoot-WudfPf SafeBoot-WudfRd Toolbar-10 - (no file) WebBrowser-{9EE802E8-C931-47AB-B570-AA8F791598CA} - (no file) HKLM-Run-Skytel - c:\program files\Realtek\Audio\HDA\Skytel.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-RealPlayer 16.0 - c:\program files (x86)\real\realplayer\Update\r1puninst.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] @Denied: (Full) (RestrictedCode) @Denied: (Full) (LocalSystem) @Denied: (Full) (S-1-5-21-1443698480-2959366254-1151133129-1000) @Denied: (Full) (Administrators) . [HKEY_USERS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes\Wow6432Node\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] @Denied: (Full) (RestrictedCode) @Denied: (Full) (LocalSystem) "LangID"=hex:09,04 "@c:\\Windows\\SysWOW64\\ieframe.dll,-903"="URL:HyperText Transfer Protocol" "@c:\\Windows\\system32\\notepad.exe,-469"="Text Document" "c:\\Program Files (x86)\\Microsoft Office\\Office12\\EXCEL.EXE"="Microsoft Office Excel" "c:\\Program Files (x86)\\Microsoft Office\\Office12\\WINWORD.EXE"="Microsoft Office Word" "c:\\Windows\\system32\\NOTEPAD.EXE"="Notepad" "@c:\\Windows\\SysWOW64\\ieframe.dll,-880"="Internet Explorer" "@c:\\Windows\\system32\\NetworkExplorer.dll,-1"="Network" "@c:\\Program Files (x86)\\Windows Live\\Messenger\\msgsres.dll,-4200"="Windows Live Messenger" "@netlogon.dll,-1010"="Netlogon Service" "@c:\\Windows\\System32\\hhctrl.ocx,-452"="Compiled HTML Help file" "@c:\\Program Files (x86)\\Windows Mail\\WinMail.exe,-221"="Windows Mail E-Mail Message" "@c:\\Windows\\SysWOW64\\ieframe.dll,-912"="HTML Document" "@c:\\Windows\\SysWOW64\\ieframe.dll,-913"="MHTML Document" "@c:\\Windows\\System32\\msxml3r.dll,-1"="XML Document" "@c:\\Windows\\System32\\msimsg.dll,-34"="Windows Installer Package" "@c:\\Windows\\System32\\msimsg.dll,-35"="Windows Installer Patch" "@c:\\Windows\\system32\\unregmp2.exe,-9903"="AIFF Format Sound" "@c:\\Windows\\system32\\unregmp2.exe,-9904"="AU Format Sound" "@c:\\Windows\\system32\\unregmp2.exe,-9918"="CD Audio Track" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-1"="MPEG-4 Audio File" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-2"="MPEG-4 Audio File (Protected)" "@c:\\Windows\\system32\\unregmp2.exe,-9907"="MIDI Sequence" "@c:\\Windows\\system32\\unregmp2.exe,-9902"="Movie Clip" "@c:\\Windows\\system32\\unregmp2.exe,-9925"="MP3 Format Sound" "@c:\\Windows\\system32\\unregmp2.exe,-9908"="Wave Sound" "@c:\\Windows\\system32\\unregmp2.exe,-9912"="Windows Media Audio file" "@c:\\Windows\\system32\\unregmp2.exe,-9909"="Windows Media Audio/Video file" "@c:\\Windows\\system32\\unregmp2.exe,-9910"="Windows Media Audio/Video playlist" "@c:\\Windows\\system32\\unregmp2.exe,-9905"="Video Clip" "@c:\\Windows\\system32\\unregmp2.exe,-9914"="Windows Media Audio/Video file" "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3072;en-us.8051.1204"="Bitmap Image" "@c:\\Windows\\system32\\mspaint.exe,-59418"="Paintbrush Picture" "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3070;en-us.8051.1204"="JPEG Image" "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3071;en-us.8051.1204"="PNG Image" "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3074;en-us.8051.1204"="TIFF Image" "@c:\\Program Files (x86)\\Common Files\\system\\wab32res.dll,-10100"="Contacts" "c:\\Program Files (x86)\\Windows Photo Gallery\\PhotoViewer.dll"="Windows Photo Gallery" "c:\\Program Files (x86)\\QuickTime\\PictureViewer.exe"="PictureViewer" "c:\\Program Files (x86)\\Windows Live\\Photo Gallery\\WLXPhotoGallery.exe"="Windows Live Photo Gallery" "c:\\Program Files (x86)\\Internet Explorer\\iexplore.exe"="Internet Explorer" "c:\\Windows\\system32\\mspaint.exe"="Paint" "c:\\PROGRA~2\\MICROS~1\\Office12\\OIS.EXE"="Microsoft Office Picture Manager" "@c:\\Windows\\system32\\NetworkExplorer.dll,-2"="Provides access to the computers and devices that are on your network." "@%SystemRoot%\\system32\\mlang.dll,-4386"="English (United States)" "c:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\AcroRd32.exe"="Adobe Reader 9.4" "@c:\\Windows\\system32\\unregmp2.exe,-9926"="M3U file" "@c:\\Windows\\system32\\unregmp2.exe,-9923"="Windows Media playlist" "@c:\\Windows\\system32\\mmsys.cpl,-701"="chord.wav" "@c:\\Windows\\system32\\mmsys.cpl,-700"="chimes.wav" "@c:\\Windows\\system32\\mmsys.cpl,-702"="ding.wav" "@c:\\Windows\\system32\\mmsys.cpl,-705"="ir_inter.wav" "@c:\\Windows\\system32\\mmsys.cpl,-704"="ir_end.wav" "@c:\\Windows\\system32\\mmsys.cpl,-703"="ir_begin.wav" "@c:\\Windows\\system32\\mmsys.cpl,-707"="recycle.wav" "@c:\\Windows\\system32\\mmsys.cpl,-706"="notify.wav" "@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5580"="Speech Misrecognition.wav" "@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5581"="Speech Disambiguation.wav" "@c:\\Windows\\system32\\mmsys.cpl,-708"="ringout.wav" "@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5579"="Speech Sleep.wav" "@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5577"="Speech On.wav" "@c:\\Windows\\system32\\Speech\\SpeechUX\\sapi.cpl,-5578"="Speech Off.wav" "@c:\\Windows\\system32\\mmsys.cpl,-711"="Windows Balloon.wav" "@c:\\Windows\\system32\\mmsys.cpl,-710"="tada.wav" "@c:\\Windows\\system32\\mmsys.cpl,-714"="Windows Critical Stop.wav" "@c:\\Windows\\system32\\mmsys.cpl,-713"="Windows Battery Low.wav" "@c:\\Windows\\system32\\mmsys.cpl,-712"="Windows Battery Critical.wav" "@c:\\Windows\\system32\\mmsys.cpl,-717"="Windows Error.wav" "@c:\\Windows\\system32\\mmsys.cpl,-716"="Windows Ding.wav" "@c:\\Windows\\system32\\mmsys.cpl,-715"="Windows Default.wav" "@c:\\Windows\\system32\\mmsys.cpl,-720"="Windows Hardware Fail.wav" "@c:\\Windows\\system32\\mmsys.cpl,-719"="Windows Feed Discovered.wav" "@c:\\Windows\\system32\\mmsys.cpl,-718"="Windows Exclamation.wav" "@c:\\Windows\\system32\\mmsys.cpl,-736"="Windows Information Bar.wav" "@c:\\Windows\\system32\\mmsys.cpl,-722"="Windows Hardware Remove.wav" "@c:\\Windows\\system32\\mmsys.cpl,-721"="Windows Hardware Insert.wav" "@c:\\Windows\\system32\\mmsys.cpl,-725"="Windows Menu Command.wav" "@c:\\Windows\\system32\\mmsys.cpl,-724"="Windows Logon Sound.wav" "@c:\\Windows\\system32\\mmsys.cpl,-723"="Windows Logoff Sound.wav" "@c:\\Windows\\system32\\mmsys.cpl,-727"="Windows Notify.wav" "@c:\\Windows\\system32\\mmsys.cpl,-734"="Windows Navigation Start.wav" "@c:\\Windows\\system32\\mmsys.cpl,-726"="Windows Minimize.wav" "@c:\\Windows\\system32\\mmsys.cpl,-729"="Windows Recycle.wav" "@c:\\Windows\\system32\\mmsys.cpl,-728"="Windows Print complete.wav" "@c:\\Windows\\system32\\mmsys.cpl,-737"="Windows Pop-up Blocked.wav" "@c:\\Windows\\system32\\mmsys.cpl,-732"="Windows Ringout.wav" "@c:\\Windows\\system32\\mmsys.cpl,-731"="Windows Ringin.wav" "@c:\\Windows\\system32\\mmsys.cpl,-730"="Windows Restore.wav" "@c:\\Windows\\system32\\mmsys.cpl,-735"="Windows Startup.wav" "@c:\\Windows\\system32\\mmsys.cpl,-733"="Windows Shutdown.wav" "@c:\\Windows\\system32\\mmsys.cpl,-738"="Windows User Account Control.wav" "@c:\\Windows\\system32\\SampleRes.dll,-111"="Desert Landscape" "@c:\\Windows\\system32\\SampleRes.dll,-101"="Creek" "@c:\\Windows\\system32\\SampleRes.dll,-114"="Autumn Leaves" "@c:\\Windows\\system32\\SampleRes.dll,-105"="Forest Flowers" "@c:\\Windows\\system32\\SampleRes.dll,-107"="Dock" "@c:\\Windows\\system32\\SampleRes.dll,-102"="Frangipani Flowers" "@c:\\Windows\\system32\\SampleRes.dll,-103"="Forest" "@c:\\Windows\\system32\\SampleRes.dll,-108"="Green Sea Turtle" "@c:\\Windows\\system32\\SampleRes.dll,-115"="Garden" "@c:\\Windows\\system32\\SampleRes.dll,-112"="Oryx Antelope" "@c:\\Windows\\system32\\SampleRes.dll,-109"="Humpback Whale" "@c:\\Windows\\system32\\SampleRes.dll,-110"="Tree" "@c:\\Windows\\system32\\SampleRes.dll,-104"="Toco Toucan" "@c:\\Windows\\system32\\SampleRes.dll,-113"="Winter Leaves" "@c:\\Windows\\system32\\SampleRes.dll,-106"="Waterfall" "@c:\\Windows\\system32\\SampleRes.dll,-144"="Lake" "@c:\\Windows\\system32\\SampleRes.dll,-142"="Butterfly" "@c:\\Windows\\system32\\SampleRes.dll,-143"="Bear" "@c:\\Windows\\help\\Tablet PC\\PTRes.dll,-342"="Tablet PC Pen Training" "@c:\\Windows\\system32\\StikyNot.exe,-551"="Sticky Notes" "@c:\\Windows\\help\\Tablet PC\\TTRes.dll,-342"="Tablet PC Touch Training" "@themeui.dll,-2037"="{Tahoma, 8 pt}" "@themeui.dll,-2038"="{Tahoma, 8 pt}" "@themeui.dll,-2039"="{Tahoma, 8 pt}" "@themeui.dll,-2040"="{Tahoma, 8 pt}" "@themeui.dll,-2041"="{Tahoma, 8 pt}" "@themeui.dll,-2042"="{Tahoma, 8 pt}" "@c:\\Windows\\SysWOW64\\ieframe.dll,-5723"="The Internet" "@c:\\Windows\\System32\\ieframe.dll,-12385"="Favorites Bar" "@c:\\Program Files (x86)\\Windows Live\\Toolbar\\wltcore.dll,-151"="Windows Live Toolbar" "@c:\\Program Files (x86)\\Windows Live\\Toolbar\\wltcore.dll,-150"="Windows Live Toolbar BHO" "@c:\\Windows\\System32\\wpccpl.dll,-100"="Parental Controls" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4920"="Accelerated graphics" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4921"="Use software rendering instead of GPU rendering" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4746"="Accessibility" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4731"="Always expand ALT text for images" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4918"="Enable Caret Browsing for new windows and tabs" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4732"="Move system caret with focus/selection changes" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4919"="Play system sounds" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4908"="Reset text size to medium for new windows and tabs" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4907"="Reset zoom level for new windows and tabs" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4745"="Browsing" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4913"="Enable automatic crash recovery" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4917"="Display Accelerator button on selection" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4902"="Automatically recover from page layout errors with Compatibility View" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4852"="Use inline AutoComplete in Windows Explorer and Run Dialog" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4851"="Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4910"="Use most recent order when switching tabs with Ctrl+Tab" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4833"="Show friendly HTTP error messages" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4743"="Use Passive FTP (for firewall and DSL modem compatibility)" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4737"="Enable FTP folder view (outside of Internet Explorer)" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4849"="Go to an intranet site for a single word entry in the Address bar" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4835"="Notify when downloads complete" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4838"="Close unused folders in History and Favorites" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4861"="Reuse windows for launching shortcuts (when tabbed browsing is off)" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6005"="Disable script debugging (Other)" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6004"="Disable script debugging (Internet Explorer)" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4832"="Display a notification about every script error" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6622"="Enable websites to use the search pane" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4735"="Use smooth scrolling" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4733"="Enable Suggested Sites" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4828"="Underline links" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4825"="Always" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4827"="Hover" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4826"="Never" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4874"="Enable third-party browser extensions" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4873"="Enable visual styles on buttons and controls in webpages" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4747"="Security" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6310"="Block unsecured images with other mixed content" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4750"="Empty Temporary Internet Files folder when browser is closed" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4749"="Do not save encrypted pages to disk" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4892"="Allow active content from CDs to run on My Computer" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4761"="Check for publisher's certificate revocation" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4762"="Check for signatures on downloaded programs" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6304"="Enable DOM Storage" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4891"="Allow active content to run in files on My Computer" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4863"="Enable Integrated Windows Authentication" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6019"="Enable memory protection to help mitigate online attacks" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5365"="Enable SmartScreen Filter" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6006"="Allow software to run or install even if the signature is invalid" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4757"="Warn if changing between secure and not secure mode" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4759"="Warn about certificate address mismatch" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4752"="Use SSL 2.0" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4753"="Use SSL 3.0" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4760"="Check for server certificate revocation" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4758"="Warn if POST submittal is redirected to a zone that does not permit posts" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4754"="Use TLS 1.0" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6300"="Enable native XMLHTTP support" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4822"="HTTP 1.1 settings" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4823"="Use HTTP 1.1" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4824"="Use HTTP 1.1 through proxy connections" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6000"="International" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6002"="Send IDN server names" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6008"="Show Notification bar for encoded addresses" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6003"="Send IDN server names for Intranet addresses" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6007"="Always show encoded addresses" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6018"="Use UTF-8 for mailto links" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4839"="Send UTF-8 URLs" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4744"="Multimedia" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4922"="Enable alternative codecs in HTML5 media elements" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4741"="Play animations in webpages" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4871"="Enable automatic image resizing" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4742"="Show pictures" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4843"="Show image download placeholders" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4739"="Play sounds in webpages" "@c:\\Windows\\system32\\wmploc.dll,-1721"="Windows Media Player" "@c:\\Program Files (x86)\\Microsoft Silverlight\\4.0.60531.0\\npctrlui.dll,-400"="Microsoft Silverlight" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4774"="ActiveX controls and plug-ins" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4775"="Run ActiveX controls and plug-ins" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4803"="Enable" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4806"="Administrator approved" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4805"="Disable" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4804"="Prompt" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4897"="Allow previously unused ActiveX controls to run without prompt" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4900"="Only allow approved domains to use ActiveX without prompt" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4899"="Display video and animation on a webpage that does not use external media player" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4889"="Automatic prompting for ActiveX controls" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4884"="Binary and script behaviors" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4776"="Download signed ActiveX controls" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4923"="Allow ActiveX Filtering" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4783"="Initialize and script ActiveX controls not marked as safe for scripting" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4780"="Allow Scriptlets" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4784"="Script ActiveX controls marked safe for scripting" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4777"="Download unsigned ActiveX controls" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4788"="User Authentication" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4790"="Logon" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4807"="Anonymous logon" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4808"="Prompt for user name and password" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4810"="Automatic logon only in Intranet zone" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4809"="Automatic logon with current user name and password" "@mscorier.dll,-1001"=".NET Framework-reliant components" "@mscorier.dll,-1006"="Run components signed with Authenticode" "@mscorier.dll,-1004"="Enable" "@mscorier.dll,-1003"="Disable" "@mscorier.dll,-1005"="Prompt" "@mscorier.dll,-1002"="Run components not signed with Authenticode" "@mscorier.dll,-1007"="Permissions for components with manifests" "@mscorier.dll,-1008"="High Safety" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4791"="Downloads" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4792"="File download" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4793"="Font download" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4794"="Miscellaneous" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4862"="Don't prompt for client certificate selection when only one certificate exists" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4785"="Access data sources across domains" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4796"="Drag and drop or copy and paste files" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4898"="Allow websites to open windows without address or status bars" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4797"="Submit non-encrypted form data" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4911"="Include local directory path when uploading files to a server" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4798"="Launching programs and files in an IFRAME" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4870"="Allow META REFRESH" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4885"="Enable MIME Sniffing" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4872"="Display mixed content" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4883"="Use Pop-up Blocker" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5368"="Use SmartScreen Filter" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4890"="Allow webpages to use restricted protocols for active content" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4864"="Launching applications and unsafe files" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4855"="Navigate windows and frames across different domains" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4853"="Userdata persistence" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4879"="Allow scripting of Microsoft web browser control" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4887"="Allow script-initiated windows without size or position constraints" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4886"="Websites in less privileged web content zone can navigate into this zone" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4782"="Scripting" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4786"="Active scripting" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4787"="Scripting of Java applets" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4854"="Allow Programmatic clipboard access" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4912"="Allow websites to prompt for information using scripted windows" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4867"="Allow status bar updates via script" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-4901"="Enable XSS filter" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6400"=".NET Framework" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6401"="Loose XAML" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6403"="XAML browser applications" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-6402"="XPS documents" "@c:\\Windows\\SysWOW64\\inetcpl.cpl,-5440"="Enable .NET Framework setup" "c:\\Program Files (x86)\\Jasc Software Inc\\Paint Shop Pro 7\\psp.exe"="Paint Shop Pro 7" "@c:\\Windows\\SysWOW64\\ieframe.dll,-914"="SVG Document" "@c:\\Program Files (x86)\\Common Files\\System\\wab32res.dll,-4602"="Contact file" "@c:\\Program Files (x86)\\Common Files\\system\\wab32res.dll,-10203"="Contact" "@c:\\Windows\\system32\\zipfldr.dll,-10195"="Compressed (zipped) Folder" "@c:\\Windows\\system32\\ieframe.dll,-904"="URL:HyperText Transfer Protocol with Privacy" "c:\\Program Files (x86)\\iTunes\\iTunes.exe"="iTunes" "c:\\Program Files (x86)\\Windows Calendar\\wincal.exe"="Windows Calendar" "@%ProgramFiles%\\Windows Live\\Photo Gallery\\regres.dll,-10;en-us.8051.1204"="Windows Live Photo Gallery" "@wmploc.dll,-102"="Windows Media Player" "c:\\Program Files (x86)\\Windows Media Player\\wmplayer.exe"="Windows Media Player" "c:\\Program Files (x86)\\Windows NT\\Accessories\\WORDPAD.EXE"="WordPad" "@c:\\Windows\\system32\\ieframe.dll,-903"="URL:HyperText Transfer Protocol" "@c:\\Windows\\SysWOW64\\occache.dll,-1070"="Downloaded Program Files" "@c:\\Windows\\SysWOW64\\occache.dll,-1071"="Downloaded Program Files are ActiveX controls and Java applets downloaded automatically from the Internet when you view certain pages. They are temporarily stored in the Downloaded Program Files folder on your hard disk." "@c:\\Windows\\SysWOW64\\occache.dll,-1072"="&View Files" "@%systemroot%\\system32\\setupcln.dll,-1002"="Previous Windows installation(s)" "@%systemroot%\\system32\\setupcln.dll,-1003"="Files from a previous Windows installation. Files and folders that may conflict with the installation of Windows have been moved to folders named Windows.old. You can access data from the previous Windows installations in this folder." "@%SystemRoot%\\system32\\werfault.exe,-100"="System error memory dump files" "@%SystemRoot%\\system32\\werfault.exe,-101"="Remove system error memory dump files." "@%SystemRoot%\\system32\\werfault.exe,-102"="System error minidump files" "@%SystemRoot%\\system32\\werfault.exe,-103"="Remove system error minidump files." "@%systemroot%\\system32\\setupcln.dll,-1000"="Temporary Windows installation files" "@%systemroot%\\system32\\setupcln.dll,-1001"="Installation files used by Windows setup. These files are left over from the installation process and can be safely deleted." "@%systemroot%\\system32\\setupcln.dll,-1004"="Files discarded by Windows upgrade" "@%systemroot%\\system32\\setupcln.dll,-1005"="Files from a previous Windows installation. As a precaution, Windows upgrade keeps a copy of any files that were not moved to the new version of Windows and were not identified as Windows system files. If you are sure that no user's personal files are missing after the upgrade, you can delete these files." "@%SystemRoot%\\system32\\wer.dll,-297"="Per user archived Windows Error Reporting Files" "@%SystemRoot%\\system32\\wer.dll,-298"="Files used for error reporting and solution checking." "@%SystemRoot%\\system32\\wer.dll,-295"="Per user queued Windows Error Reporting Files" "@%SystemRoot%\\system32\\wer.dll,-296"="Files used for error reporting and solution checking." "@%SystemRoot%\\system32\\wer.dll,-301"="System archived Windows Error Reporting Files" "@%SystemRoot%\\system32\\wer.dll,-302"="Files used for error reporting and solution checking." "@%SystemRoot%\\system32\\wer.dll,-299"="System queued Windows Error Reporting Files" "@%SystemRoot%\\system32\\wer.dll,-300"="Files used for error reporting and solution checking." "@c:\\Windows\\system32\\filemgmt.dll,-2204"="Services" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-3"="AIFF Audio File" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-9"="MPEG Layer 2 Audio" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-7"="M3U Audio Playlist" "c:\\Program Files (x86)\\QuickTime\\QuickTimePlayer.exe"="QuickTime Player" "c:\\Program Files (x86)\\Real\\RealPlayer\\RealPlay.exe"="RealPlayer" "@c:\\Windows\\System32\\gameux.dll,-10046"="Microsoft Games" "@c:\\Windows\\ehome\\ehepgres.dll,-277"="Recorded TV" "c:\\Program Files (x86)\\Microsoft Office\\Office12\\POWERPNT.EXE"="Microsoft Office PowerPoint" "c:\\Program Files (x86)\\Inkscape\\inkscape.exe"="Inkscape" "@c:\\Program Files (x86)\\Microsoft Silverlight\\4.1.10111.0\\npctrlui.dll,-400"="Microsoft Silverlight" "@c:\\PROGRA~1\\MICROS~1\\PURBLE~1\\PurblePlace.exe,-112"="Purble Place" "@c:\\PROGRA~1\\MICROS~1\\Mahjong\\Mahjong.exe,-44419"="Mahjong Titans" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-10"="MPEG Layer 3 Audio" "@c:\\Program Files (x86)\\iTunes\\iTunes.Resources\\iTunesRegistry.dll,-15"="WAVE Audio File" "c:\\Program Files\\Windows Photo Gallery\\WindowsPhotoGallery.exe"="Windows Photo Gallery" "@c:\\Windows\\SysWOW64\\ieframe.dll,-24585"="Cascading Style Sheet Document" "@c:\\Windows\\System32\\wshext.dll,-4804"="JScript Script File" "@c:\\Windows\\System32\\wshext.dll,-4802"="VBScript Script File" "c:\\Windows\\SysWOW64\\javaws.exe"="Java Web Start Launcher" "c:\\Program Files (x86)\\Microsoft Digital Image 2006\\pi.exe"="Microsoft Digital Image 2006 Editor" "c:\\PROGRA~2\\Rhapsody\\rhapsody.exe"="RealNetworks Rhapsody" "@c:\\Windows\\system32\\unregmp2.exe,-9991"="&Play" "c:\\Program Files\\WinZip\\WINZIP64.EXE"="WinZip" "@%ProgramFiles(x86)%\\Windows Live\\Photo Gallery\\regres.dll,-3077;en-us.8051.1204"="Icon" "@c:\\Windows\\system32\\mmcbase.dll,-130"="Microsoft Common Console Document" "@c:\\Windows\\System32\\msxml3r.dll,-2"="XSL Stylesheet" "@c:\\Windows\\System32\\msrating.dll,-3000"="Rating System File" "@c:\\Windows\\System32\\setupapi.dll,-2000"="Setup Information" "@c:\\Windows\\System32\\acppage.dll,-6003"="Windows Command Script" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . ------------------------ Other Running Processes ------------------------ . c:\program files\Dell\DellDock\DockLogin.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe . ************************************************************************** . Completion time: 2013-01-10 13:55:10 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-10 19:55 . Pre-Run: 404,320,927,744 bytes free Post-Run: 406,006,222,848 bytes free . - - End Of File - - B7157D4981E031E192808170A4BEA2CA
  6. aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software Run date: 2013-01-09 17:59:54 ----------------------------- 17:59:54.914 OS Version: Windows x64 6.0.6002 Service Pack 2 17:59:54.914 Number of processors: 4 586 0x1E05 17:59:54.914 ComputerName: CYGANIAKS-PC UserName: Kat Cyganiak 17:59:58.861 Initialize success 18:00:14.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 18:00:14.154 Disk 0 Vendor: ST3500418AS CC44 Size: 476940MB BusType: 3 18:00:14.170 Disk 0 MBR read successfully 18:00:14.185 Disk 0 MBR scan 18:00:14.185 Disk 0 Windows VISTA default MBR code 18:00:14.185 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 18:00:14.185 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 15000 MB offset 81920 18:00:14.201 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 461899 MB offset 30801920 18:00:14.232 Disk 0 scanning C:\Windows\system32\drivers 18:00:17.571 Service scanning 18:00:27.336 Modules scanning 18:00:27.336 Disk 0 trace - called modules: 18:00:27.367 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 18:00:27.367 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80066ca060] 18:00:27.383 3 CLASSPNP.SYS[fffffa60010bcc33] -> nt!IofCallDriver -> [0xfffffa800642c520] 18:00:27.383 5 acpi.sys[fffffa60008ddfde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8006429060] 18:00:27.383 Scan finished successfully 18:01:29.908 Disk 0 MBR has been saved successfully to "C:\Users\Kat Cyganiak\Desktop\MBR.dat" 18:01:29.923 The log file has been saved successfully to "C:\Users\Kat Cyganiak\Desktop\aswMBR.txt"
  7. OTL Extras logfile created on: 1/9/2013 4:09:33 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kat Cyganiak\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.40% Memory free 12.09 Gb Paging File | 9.92 Gb Available in Paging File | 82.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 314.00 Gb Free Space | 69.61% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 5.72 Gb Free Space | 39.08% Space Free | Partition Type: NTFS Computer Name: CYGANIAKS-PC | User Name: Kat Cyganiak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 01 D5 7A EC AB 5F CA 01 [binary data] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64 "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables "{22D8AE6F-3C6B-47E8-8F04-629F23DBE978}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java 6 Update 13 (64-bit) "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup "{655107BA-F557-4B0E-B344-BA1C85B08488}" = Motorola Mobile Drivers Installation 4.8.0 "{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel "{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{CD95F661-A5C4-44F5-A6AA-ECDD91C240D7}" = WinZip 17.0 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup "{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support "{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "NVIDIA Drivers" = NVIDIA Drivers [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data "{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0E6EC2D7-5C9B-28B7-C848-171EDACB9625}" = Warner Bros. Digital Copy Manager "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.6 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java 7 Update 5 "{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{49FA793C-785E-47E9-93DF-BD442B0B45D1}" = McAfee Virtual Technician "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor "{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library "{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer "{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{7860ADB4-6A16-4245-B956-4DCCA6B371CF}" = Frontline Excel Solvers V11.0 "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C25D3128-3136-4B33-9D32-8F0F5E81F349}" = MGTEK dopisp "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update "{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials "{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform "{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery "{F751C062-87DA-4D33-8A12-6E7F1D4C051C}" = Netflix in Windows Media Center "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content "{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "AT&T Yahoo! Browser Configuration" = AT&T Yahoo! Browser Configuration "AudibleDownloadManager" = Audible Download Manager "com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1" = Warner Bros. Digital Copy Manager "dcmsvc_is1" = dcmsvc 1.0 "eMusic Toolbar" = eMusic Toolbar "FrostWire" = FrostWire 4.21.8 "Google Chrome" = Google Chrome "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "Inkscape" = Inkscape 0.48.2 "InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MegaStat Excel 2007" = MegaStat Excel 2007 "MotoHelper" = MotoHelper 2.0.34 Driver 4.8.0 "Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSC" = McAfee Total Protection "NSS" = Norton Security Scan "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006 "RealPlayer 16.0" = RealPlayer "Rhapsody" = Rhapsody "Shopping Sidekick Plugin" = Shopping Sidekick Plugin "webmmf" = WebM Media Foundation Components "WinLiveSuite_Wave3" = Windows Live Essentials "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Mail" = Yahoo! Internet Mail "Yahoo! Mail Advisor" = Yahoo! Mail Advisor "Yahoo! Search Defender" = Yahoo! Search Protection "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10/19/2012 8:20:39 PM | Computer Name = Cyganiaks-PC | Source = MsiInstaller | ID = 11606 Description = Error - 10/19/2012 8:20:39 PM | Computer Name = Cyganiaks-PC | Source = MsiInstaller | ID = 11606 Description = Error - 10/21/2012 11:47:13 AM | Computer Name = Cyganiaks-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1bfc Start Time: 01cdaf95ed894a77 Termination Time: 79 Error - 10/23/2012 12:57:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application MotoHelperAgent.exe, version 2.0.34.0, time stamp 0x4cc216d4, faulting module IEBHO.dll_unloaded, version 0.0.0.0, time stamp 0x507aa066, exception code 0xc0000005, fault offset 0x6ac406f0, process id 0xf48, application start time 0x01cdae5816d1648f. Error - 10/23/2012 12:57:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application msnmsgr.exe, version 14.0.8050.1202, time stamp 0x493623f7, faulting module IEBHO.dll_unloaded, version 0.0.0.0, time stamp 0x507aa066, exception code 0xc0000005, fault offset 0x6ac406f0, process id 0xf10, application start time 0x01cdae5826941f2f. Error - 10/23/2012 12:57:46 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp 0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066, exception code 0xc0000005, fault offset 0x0001bcbf, process id 0xdc4, application start time 0x01cdb13f626d270f. Error - 10/23/2012 12:58:41 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp 0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066, exception code 0xc0000005, fault offset 0x0001bcbf, process id 0x1a84, application start time 0x01cdb13dcf5aacc7. Error - 10/23/2012 1:01:20 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 9.0.8112.16450, time stamp 0x503723f6, faulting module IEBHO.dll, version 1.0.0.1, time stamp 0x507aa066, exception code 0xc0000005, fault offset 0x0001bcbf, process id 0x14f4, application start time 0x01cdb13db5b5b3f7. Error - 10/23/2012 6:28:22 PM | Computer Name = Cyganiaks-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 9.0.8112.16450 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1030 Start Time: 01cdb16da4f3dbef Termination Time: 31 Error - 10/23/2012 6:35:28 PM | Computer Name = Cyganiaks-PC | Source = Application Error | ID = 1000 Description = Faulting application nvvsvc.exe, version 8.15.11.8595, time stamp 0x4a0fba70, faulting module NVSVC64.DLL, version 8.15.11.8595, time stamp 0x4a0fba6b, exception code 0xc0000005, fault offset 0x000000000000408b, process id 0x4c4, application start time 0x01cdb16ea8359ea4. [ OSession Events ] Error - 6/6/2010 3:52:10 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 459 seconds with 360 seconds of active time. This session ended with a crash. Error - 3/20/2011 7:20:39 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5270 seconds with 900 seconds of active time. This session ended with a crash. Error - 2/25/2012 6:07:15 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 4682 seconds with 2220 seconds of active time. This session ended with a crash. Error - 2/29/2012 8:41:12 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 65 seconds with 60 seconds of active time. This session ended with a crash. Error - 12/18/2012 10:49:33 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3162 seconds with 1200 seconds of active time. This session ended with a crash. Error - 1/7/2013 11:20:40 PM | Computer Name = Cyganiaks-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7678 seconds with 4080 seconds of active time. This session ended with a crash. [ System Events ] Error - 1/9/2013 4:12:15 PM | Computer Name = Cyganiaks-PC | Source = DCOM | ID = 10010 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7023 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7003 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7003 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7000 Description = Error - 1/9/2013 4:37:35 PM | Computer Name = Cyganiaks-PC | Source = Service Control Manager | ID = 7026 Description = Error - 1/9/2013 4:38:07 PM | Computer Name = Cyganiaks-PC | Source = WMPNetworkSvc | ID = 866293 Description = Error - 1/9/2013 4:38:54 PM | Computer Name = Cyganiaks-PC | Source = WMPNetworkSvc | ID = 866293 Description = < End of report >
  8. Here are all the logs you asked for. THANK YOU SO much for your help. When I tried to "POST" an "ERROR OCCURED post too long" happened so I will post them separately. OTL logfile created on: 1/9/2013 4:09:33 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kat Cyganiak\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.99 Gb Total Physical Memory | 3.68 Gb Available Physical Memory | 61.40% Memory free 12.09 Gb Paging File | 9.92 Gb Available in Paging File | 82.02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451.07 Gb Total Space | 314.00 Gb Free Space | 69.61% Space Free | Partition Type: NTFS Drive D: | 14.65 Gb Total Space | 5.72 Gb Free Space | 39.08% Space Free | Partition Type: NTFS Computer Name: CYGANIAKS-PC | User Name: Kat Cyganiak | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/01/09 16:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe PRC - [2013/01/08 21:41:42 | 000,945,152 | ---- | M] (215 Apps) -- C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe PRC - [2013/01/07 06:02:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/11/29 20:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2012/11/26 05:14:06 | 000,213,344 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\ytbb.exe PRC - [2012/10/18 17:00:00 | 000,685,496 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE PRC - [2012/09/05 09:57:26 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/10/22 16:57:40 | 000,210,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe PRC - [2010/10/22 16:57:26 | 000,660,800 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe PRC - [2010/10/19 12:09:04 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe PRC - [2010/03/20 14:58:42 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe PRC - [2009/07/17 15:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe PRC - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe PRC - [2009/05/08 04:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe PRC - [2009/04/07 12:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe PRC - [2009/02/03 07:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2013/01/09 03:37:47 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f042f66c2ad8fd5b8c34fa22cd22079e\System.Management.ni.dll MOD - [2013/01/09 03:35:10 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\439eccf3a1fb34830a0a38cdf48afa08\System.Web.Services.ni.dll MOD - [2013/01/09 03:34:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013/01/09 03:34:50 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/09 03:34:38 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0c3da9004b277959e24a9fd606d3dd05\System.Windows.Forms.ni.dll MOD - [2013/01/09 03:34:31 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/09 03:33:48 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/09 03:33:43 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010/10/22 16:57:26 | 000,660,800 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe MOD - [2010/03/20 14:58:42 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe MOD - [2009/07/07 09:24:00 | 000,268,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll MOD - [2009/07/07 09:24:00 | 000,140,528 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll MOD - [2009/07/07 09:24:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll MOD - [2009/07/07 09:23:00 | 001,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe MOD - [2009/07/07 09:23:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll MOD - [2009/07/07 09:23:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll MOD - [2009/04/07 12:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2012/11/22 04:42:06 | 000,378,952 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV:64bit: - [2012/11/09 06:37:30 | 000,177,680 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012/11/09 06:34:50 | 000,218,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV:64bit: - [2012/10/07 03:13:42 | 000,220,856 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc) SRV:64bit: - [2012/10/06 07:28:16 | 001,007,288 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore) SRV:64bit: - [2012/08/31 12:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service) SRV:64bit: - [2009/03/31 13:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters) SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2008/01/20 20:51:26 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\inetsrv\inetinfo.exe -- (IISADMIN) SRV:64bit: - [2007/06/07 01:50:32 | 000,567,280 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbtcoms.exe -- (dlbt_device) SRV - [2013/01/09 04:29:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/12/07 22:09:08 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2012/09/05 09:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService) SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010/10/22 16:57:40 | 000,210,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper) SRV - [2010/04/13 20:11:18 | 000,231,224 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/02/20 17:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009/06/26 10:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10) SRV - [2009/04/11 00:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/11/09 06:40:24 | 000,069,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012/11/09 06:37:42 | 000,339,776 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012/11/09 06:35:50 | 000,771,096 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012/11/09 06:34:58 | 000,515,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012/11/09 06:34:18 | 000,309,400 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012/11/09 06:33:58 | 000,178,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012/11/02 01:46:50 | 000,328,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\mfencbdc.sys -- (mfencbdc) DRV:64bit: - [2012/11/02 01:46:50 | 000,097,208 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mfencrk.sys -- (mfencrk) DRV:64bit: - [2012/10/19 09:51:50 | 000,074,120 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\McPvDrv.sys -- (McPvDrv) DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/05/28 10:28:18 | 000,197,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/04/13 20:10:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\DRIVERS\MOBK.sys -- (MOBKFilter) DRV:64bit: - [2009/11/04 16:54:06 | 000,049,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfesmfk.sys -- (mfesmfk) DRV:64bit: - [2009/09/30 18:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/09/16 10:15:38 | 000,040,904 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdk.sys -- (mferkdk) DRV:64bit: - [2009/06/18 08:15:16 | 000,041,032 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfebopk.sys -- (mfebopk) DRV:64bit: - [2009/06/04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2009/05/20 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/05/11 23:19:20 | 000,081,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2009/05/08 11:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\motodrv.sys -- (MotDev) DRV:64bit: - [2009/04/06 19:25:08 | 000,292,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2008/01/20 20:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) DRV:64bit: - [2006/11/02 01:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV - [2009/06/26 09:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}: "URL" = http://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=adknlg1y&ir=adknlg1y&cd=2XzuyEtN2Y1L1QzutDtDtByDyCyE0DyByE0E0DyEzz0BtCtCtN0D0Tzu0CtAyByEtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1892756836 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKLM\..\URLSearchHook: {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1641676 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1514BC5F-681F-4FED-83C5-7AE89459354C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8 IE - HKCU\..\SearchScopes\{43AF21D6-884C-47A2-8F8F-5EF6465AE905}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=100&systemid=410&apn_dtid=BND410&apn_ptnrs=AGA&o=APN10649&apn_uid=5366121342314564&q={searchTerms} IE - HKCU\..\SearchScopes\{E0FA9551-4AE2-453F-A45E-285EF0F281A5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;<local> ========== FireFox ========== FF - prefs.js..browser.search.defaultEngine: "Yahoo" FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-tyc8" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-tyc8" FF - prefs.js..browser.search.param.yahoo-type: "" FF - prefs.js..browser.search.selectedEngine: "Secure Search" FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.1.20121011034613 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B4176DFF4-4698-11DE-BEEB-45DA55D89593%7D:0.8.37 FF - prefs.js..extensions.enabledAddons: %7B3e0c7f3a-3f50-4730-beb5-4a9a10e2831c%7D:6.9 FF - prefs.js..extensions.enabledAddons: %7B2b5e07c4-cc81-4624-8936-820622afdbd5%7D:1.0 FF - prefs.js..extensions.enabledAddons: twitter%40disconnect.me:2.1.2 FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: chromeview%40systemantics.net:0.2.2 FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL () FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/21 03:18:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/07 06:03:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/07 06:03:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 10:21:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/01/04 20:03:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/13 10:21:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/11/28 23:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Extensions [2013/01/08 23:37:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions [2013/01/03 11:08:26 | 000,000,000 | ---D | M] (Browser Backgrounds) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{3e0c7f3a-3f50-4730-beb5-4a9a10e2831c} [2012/12/06 18:23:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013/01/03 11:08:26 | 000,020,387 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\chromeview@systemantics.net.xpi [2013/01/03 11:08:26 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\personas@christopher.beard.xpi [2013/01/03 11:08:26 | 000,035,303 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\twitter@disconnect.me.xpi [2013/01/03 11:08:26 | 000,009,599 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{2b5e07c4-cc81-4624-8936-820622afdbd5}.xpi [2013/01/03 11:08:23 | 000,222,578 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2013/01/03 11:08:23 | 000,269,905 | ---- | M] () (No name found) -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012/10/14 23:28:26 | 000,002,687 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\Mozilla\Firefox\Profiles\sojvyjpv.default\searchplugins\Search_Results.xml [2012/12/07 22:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/12/21 03:18:02 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES (X86)\MCAFEE\SITEADVISOR [2012/12/06 18:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/12/07 22:09:08 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/08/29 15:58:29 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/12/26 22:00:46 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml [2012/10/14 23:28:26 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012/10/11 21:30:39 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll CHR - Extension: Angry Birds = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\ CHR - Extension: Shopping Sidekick Plugin = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\crossrider CHR - Extension: Shopping Sidekick Plugin = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0\ CHR - Extension: SiteAdvisor = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\ CHR - Extension: RealDownloader = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ CHR - Extension: Cath Kidston = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndlpkmaeinmnbiadacenijnhlolneopm\3_0\ CHR - Extension: Cut The Rope = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\oifmiihfojalcnahgflekehmhbnlandb\1.0.1_0\ CHR - Extension: Angry Birds Wonderful Pistachios HD = C:\Users\Kat Cyganiak\AppData\Local\Google\Chrome\User Data\Default\Extensions\olacfkfcglkclgojodocdaladnipiigo\1.0_0\ O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.) O2 - BHO: (Shopping Sidekick Plugin) - {11111111-1111-1111-1111-110211181102} - C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (215 Apps) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (eMusic Toolbar) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll File not found O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (eMusic Toolbar) - {9ee802e8-c931-47ab-b570-aa8f791598ca} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (eMusic Toolbar) - {9EE802E8-C931-47AB-B570-AA8F791598CA} - C:\Program Files (x86)\eMusic\tbeMu1.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe () O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe () O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.) O4 - HKLM..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc) O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Users\Kat Cyganiak\AppData\Local\Akamai\netsession_win.exe" File not found O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions) O4 - Startup: C:\Users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) O4 - Startup: C:\Users\Kat Cyganiak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D26857BB-2F49-4A2F-B6B1-4062C58553CB}: DhcpNameServer = 192.168.1.254 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O20 - AppInit_DLLs: (C:\Windows\system32\d3d8thk32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\cdosys32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dmime32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\cryptsvc32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dxmasf32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dllfxteu32.dll) - File not found O20 - AppInit_DLLs: (C:\Windows\system32\dhcpsapi32.dllbpj9uy2m32.dllmj38k32.dllfxteu32.dllijapy3o32.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Tree.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0e2008ad-c71e-11de-ba31-002564d74ed4}\Shell - "" = AutoRun O33 - MountPoints2\{0e2008ad-c71e-11de-ba31-002564d74ed4}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a O33 - MountPoints2\L\Shell - "" = AutoRun O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/01/09 16:06:40 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe [2013/01/09 15:04:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.com [2013/01/09 15:03:39 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.scr [2013/01/09 13:35:19 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum_files [2013/01/09 00:16:26 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 00:15:48 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shlwapi.dll [2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\MFAData [2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013/01/08 21:57:16 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Avg2013 [2013/01/08 21:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2013/01/08 21:42:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMAPI32.OCX [2013/01/08 21:42:31 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPIDE.DLL [2013/01/08 21:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2013/01/08 21:41:51 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Shopping Sidekick Plugin [2013/01/08 21:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin [2013/01/08 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\Funmoods [2013/01/08 21:31:18 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\Desktop\RK_Quarantine [2013/01/07 23:07:12 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2013/01/07 23:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013/01/07 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/01/07 06:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2013/01/07 06:48:18 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan [2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64 [2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan [2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013/01/07 06:48:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0307060.005 [2013/01/07 06:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2013/01/07 06:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013/01/07 06:07:33 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\RealNetworks [2013/01/07 06:03:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013/01/07 06:03:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013/01/07 06:03:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013/01/07 06:03:20 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013/01/07 06:03:01 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013/01/07 06:03:01 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013/01/07 06:02:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013/01/07 06:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013/01/07 05:59:53 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\Real [2013/01/07 05:09:56 | 000,000,000 | ---D | C] -- C:\FRST [2013/01/06 23:00:19 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\WinZip [2013/01/06 22:59:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip [2013/01/06 22:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip [2013/01/06 22:59:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip [2013/01/04 19:42:35 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Local\McAfee File Lock [2013/01/04 17:48:26 | 000,197,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys [2012/12/21 10:00:23 | 000,000,000 | ---D | C] -- C:\Users\Kat Cyganiak\AppData\Roaming\Malwarebytes [2012/12/21 10:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/12/21 10:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/12/21 10:00:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/21 10:00:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/12/21 08:48:34 | 000,000,000 | ---D | C] -- C:\e [2012/12/21 08:48:33 | 000,000,000 | ---D | C] -- C:\Data [2012/12/21 03:00:17 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/21 03:00:17 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/21 03:00:17 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/21 03:00:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/13 10:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud [2012/12/13 10:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/13 10:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/12/13 10:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012/12/13 03:02:54 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012/12/13 03:02:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012/12/13 03:02:52 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winusb.dll [2012/12/13 03:02:51 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012/12/13 03:02:51 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012/12/13 03:02:51 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012/12/13 03:02:51 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012/12/13 03:02:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012/12/13 03:02:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012/12/13 03:02:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012/12/13 03:02:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012/12/13 03:02:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012/12/13 03:02:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012/12/13 03:02:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012/12/13 03:02:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012/12/13 03:01:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012/12/13 03:01:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012/12/13 03:01:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012/12/13 03:01:59 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012/12/13 03:01:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012/12/13 03:01:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012/12/13 03:01:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012/12/12 19:18:28 | 001,210,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012/12/12 19:17:42 | 000,477,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012/12/12 19:17:42 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012/12/12 19:17:42 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnathlp.dll [2012/12/12 19:17:42 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnsvr.exe [2012/12/12 19:17:42 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnsvr.exe [2009/12/02 16:53:59 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\Kat Cyganiak\AppData\Roaming\DataSafeDotNet.exe [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/09 16:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kat Cyganiak\Desktop\OTL.exe [2013/01/09 15:29:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/09 15:23:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/09 15:04:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.com [2013/01/09 15:03:39 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\Kat Cyganiak\Desktop\dds.scr [2013/01/09 14:40:25 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013/01/09 14:40:25 | 000,079,916 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013/01/09 14:38:20 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/09 14:36:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 14:36:16 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/09 14:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/09 13:35:20 | 000,301,945 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum.htm [2013/01/09 04:29:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/09 04:29:31 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/09 03:29:53 | 004,948,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/09 03:09:08 | 000,731,514 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/09 03:09:08 | 000,613,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/09 03:09:08 | 000,107,806 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/08 18:29:14 | 000,000,928 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\RogueKillerX64 - Shortcut.lnk [2013/01/08 02:05:30 | 000,000,588 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\notepad - Shortcut.lnk [2013/01/08 02:01:26 | 000,037,376 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/07 17:41:42 | 000,000,709 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\eset_smart_security_live_installer - Shortcut.lnk [2013/01/07 17:37:54 | 000,000,462 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Kat Cyganiak.job [2013/01/07 06:48:21 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2013/01/07 06:04:11 | 000,000,877 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/01/07 06:03:20 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013/01/07 06:03:01 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013/01/07 06:03:01 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013/01/07 06:02:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013/01/07 05:09:38 | 000,000,567 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\FRST64 - Shortcut.lnk [2013/01/07 04:10:52 | 000,000,594 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\RogueKiller - Shortcut.lnk [2013/01/07 03:07:11 | 000,003,355 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\pspbrwse.jbf [2013/01/07 01:35:58 | 000,000,866 | ---- | M] () -- C:\Users\Kat Cyganiak\Desktop\mbam-chameleon - Shortcut.lnk [2013/01/06 22:59:34 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk [2013/01/06 22:59:34 | 000,001,802 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013/01/04 00:37:29 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 09:21:57 | 401,129,403 | ---- | M] () -- C:\Windows\MEMORY.DMP [2012/12/21 09:14:14 | 000,751,078 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.bmp [2012/12/21 09:14:02 | 000,018,252 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\sound.mp3 [2012/12/21 09:13:57 | 000,114,890 | ---- | M] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.jpg [2012/12/16 07:31:20 | 000,048,128 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012/12/16 07:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012/12/16 05:08:21 | 000,368,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012/12/16 04:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/12/13 10:29:34 | 000,000,629 | ---- | M] () -- C:\Windows\SysNative\mapisvc.inf [2012/12/13 10:27:44 | 000,001,696 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/13 10:21:23 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/12/13 10:19:16 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2012/12/13 10:19:16 | 000,001,866 | ---- | M] () -- C:\Users\Kat Cyganiak\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/09 13:35:18 | 000,301,945 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\HELP! how to removie rans_gendarm and google redirect viruses - Malwarebytes Forum.htm [2013/01/08 21:42:32 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll [2013/01/08 18:29:14 | 000,000,928 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\RogueKillerX64 - Shortcut.lnk [2013/01/08 02:05:30 | 000,000,588 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\notepad - Shortcut.lnk [2013/01/07 17:41:42 | 000,000,709 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\eset_smart_security_live_installer - Shortcut.lnk [2013/01/07 06:48:22 | 000,000,462 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Kat Cyganiak.job [2013/01/07 06:48:21 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2013/01/07 06:48:18 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0307060.005\isolate.ini [2013/01/07 06:04:11 | 000,000,877 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013/01/07 05:09:38 | 000,000,567 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\FRST64 - Shortcut.lnk [2013/01/07 04:10:52 | 000,000,594 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\RogueKiller - Shortcut.lnk [2013/01/07 03:07:11 | 000,003,355 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\pspbrwse.jbf [2013/01/07 01:35:58 | 000,000,866 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\mbam-chameleon - Shortcut.lnk [2013/01/06 22:59:34 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk [2013/01/06 22:59:33 | 000,001,802 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2013/01/04 17:47:53 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf [2013/01/04 17:47:51 | 000,002,946 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf [2012/12/31 13:19:07 | 000,079,428 | ---- | C] () -- C:\Users\Kat Cyganiak\Desktop\sarah.jpg [2012/12/21 10:00:19 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/12/21 09:21:57 | 401,129,403 | ---- | C] () -- C:\Windows\MEMORY.DMP [2012/12/21 09:14:14 | 000,751,078 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.bmp [2012/12/21 09:14:02 | 000,018,252 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\sound.mp3 [2012/12/21 09:13:56 | 000,114,890 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\1.jpg [2012/12/13 10:21:23 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/12/13 03:03:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/12/13 03:03:00 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/28 23:27:48 | 000,079,916 | ---- | C] () -- C:\ProgramData\nvModes.001 [2012/11/18 01:17:05 | 000,172,400 | ---- | C] () -- C:\Program Files (x86)\2pres.dll [2012/04/24 15:39:30 | 000,000,218 | ---- | C] () -- C:\Users\Kat Cyganiak\.recently-used.xbel [2011/10/23 15:02:40 | 000,000,702 | ---- | C] () -- C:\Windows\HEGAMES.INI [2011/10/19 13:39:15 | 000,099,350 | ---- | C] () -- C:\Users\Kat Cyganiak\New document 1.2011_10_19_14_39_15.0.svg [2011/09/15 22:27:17 | 000,000,016 | ---- | C] () -- C:\Windows\RealityFusion.ini [2010/12/28 22:41:35 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010/12/15 12:40:44 | 000,000,380 | ---- | C] () -- C:\Users\Kat Cyganiak\Documents - Shortcut.lnk [2010/09/26 08:50:24 | 000,024,247 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\UserTile.png [2010/04/17 23:06:53 | 000,000,139 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2010/02/10 06:08:52 | 000,001,356 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Local\d3d9caps.dat [2009/12/02 01:02:11 | 000,870,128 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\mcs.rma [2009/12/02 01:02:11 | 000,000,004 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Roaming\E2C539 [2009/11/02 14:10:30 | 000,037,376 | ---- | C] () -- C:\Users\Kat Cyganiak\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/10/14 17:26:26 | 000,079,916 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84 < End of report >
  9. Hi, I've kinda been following other threads about how to handle these Trojans and what they can do. I also understand that each case is unique so I would appreciate your help. I already have downloaded the necessary virus programs but ran ONLY my Malwarebytes and Chameleon, My Mcafee, (which I don't understand what I'm paying for if it can't catch these things), Rogue Killer; and Farbar. The only anti-virus that I've downloaded to my desk top but have NOT run is Combo-fix. I have ALL log files on hand but PLEASE let me know if I'm ahead of myself or not following your instruction. I REALLY want my computer clean and I WILL donate via Paypal after we're done. THANK YOU in advance. Here is the RK log identifying the Rans. gendarm trojan, I however could not find any evidence of the ZeroAccess Trojan. Please advise. RogueKiller V8.4.2 [Jan 6 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User : Kat Cyganiak [Admin rights] Mode : Scan -- Date : 01/07/2013 06:08:28 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 16 ¤¤¤ [RUN][Rans.Gendarm] HKUS\S-1-5-21-1443698480-2959366254-1151133129-1000_Classes[...]\Run : Update (rundll32.exe "C:\Users\Kat Cyganiak\AppData\Roaming\Elluminate\Elluminate\mijimxh.dll",DllRegisterServer) -> FOUND [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\RunOnce : SymInstallStub (C:\Users\KATCYG~1\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=5 /affid=rplr /desktopshortcut=1 /startmenushortcut=1 /launchedby=3) -> FOUND [TASK][sUSP PATH] Norton Product InstallerIdle.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 -> FOUND [TASK][sUSP PATH] Norton Product Installer.job : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND [TASK][sUSP PATH] Norton Product Installer : C:\Users\Kat Cyganiak\AppData\Local\Temp\SymInstallStub.exe /partnerid=realnw /productlist=nss /staging=false /delay=0 /affid=RPLR /desktopshortcut=1 /startmenushortcut=1 /launchedby=2 -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Extern Hives: ¤¤¤ -> D:\windows\system32\config\SOFTWARE -> D:\windows\system32\config\SYSTEM -> D:\Users\Default\NTUSER.DAT ¤¤¤ Infection : Rans.Gendarm ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST3500418AS ATA Device +++++ --- User --- [MBR] eb6d0d160b40dc281d5f2801a0252f33 [bSP] 7dd49a80c8617bcaaa65ef71a28057c9 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo 2 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 461899 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[2]_S_01072013_02d0608.txt >> RKreport[1]_S_01072013_02d0413.txt ; RKreport[2]_S_01072013_02d0608.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.