pvm7103
-
Posts
28 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by pvm7103
-
-
Hello.
I encountered the redirect when I logged into another Windows user account. Does that mean that I will need to reset the FF defaults for each user account? I have 3 user accounts, one for each kid. LOL.
I reset the defaults for this Admin account. I've done some searching and have not had the problem.
.
-
Hello.
I completed the removal of the programs. Can I automate the scheduling of the temp file cleanup?
I am in need of a security program as mine expired during the timeframe of this infection cleanup. I was planning on renewing MacAfee. Is there a reason why you recommend MSE over MacAfee? Does Microsoft create a restore point prior to the installs of any software?
Thank you very much for your help. I so much appreciate it.
Blessings!
Pat
-
I don't want to delete Youtubedownloader.exe. I use that every week. I got that software from CNET so I know originally it was a good source. Do you see an issue with keeping it?
-
Here is the log. The ESET scan program did not uninstall. I checked the box, but there was no Finish on the next screen.
C:\ProgramData\dsgsdgdsgdsgw.js JS/Agent.NIG trojan
C:\Qoobox\Quarantine\C\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll.vir a variant of Win32/Kryptik.ASDS trojan
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Admin\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application
C:\Users\All Users\dsgsdgdsgdsgw.js JS/Agent.NIG trojan
C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll a variant of Win32/Kryptik.ASDS trojan
C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan
C:\Users\Home\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application
-
Hi. I can't get to this until this weekend. Thanks for the patience.
-
I restored Firefox. I have not spent much time on the computer, but the limited time I did, I have not experienced any redirect.
-
I really don't know for sure. I had both IE and Moz open. And now the history is deleted so I can't check
-
Prior to running these utilities tonight, I had 2 instances of redirection when I typed in the url. I was redirected to one of the same fake pages showing a Monster brand career site. I have not encountered a redirection when searching in the past few days.
The redirection is sporadic.
-
HijackThis Report
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:08:34 AM, on 1/18/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Bsecure\BSecAMX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Bsecure\BsecTray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\DDNI\Lenovo Smile Dock\CenterStage.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe
C:\Users\Home\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll (file missing)
O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
O4 - HKLM\..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
O4 - HKCU\..\Run: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28G2B0MC05XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [Citrix] rundll32 "C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll",DllRegisterServerW
O4 - Global Startup: Bluetooth.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Broken Internet access because of LSP provider '%programfiles%\bsecure\inetctrl57.dll' missing
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG endpoint components) - https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CloudCare (Bsecure) - Bsecure Technologies, Inc. - C:\Program Files (x86)\Bsecure\InetCtrl.exe
O23 - Service: CloudCare AntiVirus (BsecureAV) - Bsecure Technologies, Inc. - C:\Program Files (x86)\Bsecure\BsecAV.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxed_device - - C:\windows\system32\lxedcoms.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13261 bytes
-
Here's the MB log. I will get the other report you requested shortly. Thanks again.
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
Database version: v2013.01.18.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Home :: HOME-PC [administrator]
Protection: Enabled
1/17/2013 11:58:09 PM
mbam-log-2013-01-17 (23-58-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 302546
Time elapsed: 2 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hello.
I had a family emergency and cannot get to this until Thursday if that's ok. I have had 1 redirect in the past few days.
Thanks for checking.
-
Sansa Media Converter
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Amazon MP3 Downloader 1.0.17
Apple Application Support
Apple Software Update
Audacity 2.0.2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco WebEx Meetings
CloudCare
Coupon Printer for Windows
CyberLink YouCam
D3DX10
Energy Management
Facebook Video Calling 1.0.0.8953
Freemake Video Downloader
GoToAssist Corporate
GoToMeeting 4.8.0.723
Intel® Management Engine Components
Intel® Rapid Storage Technology
Java Auto Updater
Java 7 Update 4
JavaFX 2.1.0
JMicron Flash Media Controller Driver
Junk Mail filter update
LAME v3.99.3 (for Windows)
Lenovo DirectShare
Lenovo EasyCamera
Lenovo Games Console
Lenovo MuteSync
Lenovo OneKey Recovery
Lenovo SlideNav
Lenovo Smile Dock
Lenovo SplitScreen
Lexmark Printable Web
Lexmark Toolbar
LG Verizon United Drivers
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
McAfee SiteAdvisor
Mesh Runtime
Microsoft Forefront UAG endpoint components v4.0.0
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Oasis2Service 1.0
Octoshape Streaming Services
Onekey Theater
ooVoo
Power2Go
QuickTime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Sansa Updater
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
VeriFace
WebEx Recorder and Player
West Point Bridge Designer 2011 (2nd Edition) (remove only)
West Point Bridge Designer 2012 (2nd Edition) (remove only)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YTD Video Downloader 3.9.6
-
Restored successfully. The internet connection is working now.
-
Is this the windows system restore?
-
Oh no! I can't access the internet any longer. When the system first restarted I got some message that a Windows service could not be found. The connection diagnosis message is 'windows could not automatically detect this networks proxy settiings'. I'll have to find a computer to post the latest log.
-
So far so good. But the search redirect is sporadic so I will continue to try it for the next few hours and let you know.
Thank you very much. I have made a donation in appreciation for your help.
Blessings!
-
This log doesn't look right. The date of the log and the properties show that this is the one that ran 4 hours ago. Should I have deleted the log before I ran this OTL.exe the second time.
OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free
15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS
Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)
SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online)
DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]
[2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions
[1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi
[2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml
[2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine
[2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com
[2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs
[2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7
[2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll
[2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP
[2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}
[2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG
[2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity
[2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy
[2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
========== Files - Modified Within 30 Days ==========
[2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job
[2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm
[2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job
[2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4
[2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe
[2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv
[2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv
[2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com
[2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe
[2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
[2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv
[2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv
[2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk
[2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk
[2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf
[2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3
[2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv
[2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv
[2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv
[2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm
[2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4
[2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe
[2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv
[2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv
[2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe
[2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv
[2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv
[2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk
[2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk
[2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf
[2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3
[2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv
[2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv
[2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv
[2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv
[2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm
[2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg
[2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND
[2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys
[2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll
[2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll
[2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll
[2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll
[2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll
[2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll
[2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll
[2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll
[2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll
[2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll
[2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll
[2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll
[2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll
[2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll
[2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll
[2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll
[2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe
[2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe
[2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll
[2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe
[2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll
[2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll
[2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll
[2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol
[2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-
Hi.
Is everything in the gray box above supposed to be copied? It appears that some of this is an execution log. Or is it just the following:
:Files
ipconfig /flushdns /c
:Commands
[PURITY]
[emptyjava]
[EMPTYFLASH]
[reboot]
Also, I'm assuming that I should run it with the same settings as previously.
Thanks.
-
Hello.
Here is the log from the OTL.exe. Thank you.
OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free
15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS
Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)
PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo)
PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe ()
MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll ()
MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll ()
MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( )
SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.)
SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.)
SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( )
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.)
DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.)
DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online)
DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.)
DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online)
DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local
IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M]
[2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions
[2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions
[1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi
[2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml
[2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\
CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe ()
O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe ()
O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.)
O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo)
O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo)
O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo)
O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp
[2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll
[2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll
[2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
[2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll
[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs
[2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs
[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs
[2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs
[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs
[2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs
[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs
[2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs
[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs
[2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs
[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs
[2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs
[2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll
[2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll
[2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll
[2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll
[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs
[2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs
[2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs
[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs
[2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs
[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs
[2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs
[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs
[2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs
[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs
[2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs
[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs
[2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs
[2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe
[2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe
[2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine
[2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com
[2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs
[2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection
[2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7
[2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
[2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll
[2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP
[2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity
[2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}
[2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG
[2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade
[2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity
[2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
[2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy
[2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll
[2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll
========== Files - Modified Within 30 Days ==========
[2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job
[2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe
[2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm
[2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job
[2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4
[2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe
[2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv
[2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv
[2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable
[2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com
[2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe
[2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe
[2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv
[2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv
[2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk
[2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk
[2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf
[2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3
[2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv
[2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv
[2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv
[2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv
[2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll
[2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll
[2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll
[2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm
[2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4
[2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe
[2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe
[2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv
[2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv
[2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable
[2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe
[2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe
[2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip
[2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv
[2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv
[2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk
[2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk
[2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf
[2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3
[2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv
[2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf
[2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv
[2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv
[2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv
[2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm
[2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg
[2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND
[2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys
[2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll
[2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll
[2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll
[2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll
[2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll
[2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll
[2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll
[2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll
[2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll
[2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll
[2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll
[2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll
[2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll
[2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll
[2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll
[2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll
[2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe
[2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe
[2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll
[2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe
[2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll
[2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll
[2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll
[2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol
[2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
========== ZeroAccess Check ==========
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
< End of report >
-
Hello.
I ran Combofix and it finished successfully. However, there is no log on the Desktop. Notepad did open up with a log, but I had to do a restart and I was not able to find the log after restart. I searched on the C drive for .txt for today's date and no log.
I am still being redirected to other pages sporadically from search results in IE and Firefox.
Please let me know if you want me to rerun Combofix to get the log or what the next step should be.
Thank you very much.
-
Hello.
I am working on turning off the security. Do I need to turn off Bsecure which is a parental control software? The software directs to the Bsecure server and validates the websites to their database of blocked sites. I do not have the security module. But I think I'm only able to uninstall as I don't see a way to disable it.
Thanks again.
-
Here is the RKreport.txt. Thanks.
RogueKiller V8.4.3 [Jan 8 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Home [Admin rights]
Mode : Remove -- Date : 01/08/2013 22:38:55
¤¤¤ Bad processes : 2 ¤¤¤
[sUSP PATH] FreemakeUtilsService.exe -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc]
[sUSP PATH] SansaDispatch.exe -- C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED
[TASK][ROGUE ST] 4574 : wscript.exe C:\Users\Home\AppData\Local\Temp\launchie.vbs //B -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> NOT REMOVED, USE PROXYFIX
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\shell32.dll)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\wbem\fastprox.dll)
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++
--- User ---
[MBR] 287b2b09d321953dfd398492aa1f0023
[bSP] ae6f066611dbbe12f7d9a41a78f5bd42 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 668670 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1369847808 | Size: 31425 Mo
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2]_D_01082013_02d2238.txt >>
RKreport[1]_S_01082013_02d2238.txt ; RKreport[2]_D_01082013_02d2238.txt
-
Hello.
Here is the AdwCleaner.txt
# AdwCleaner v2.105 - Logfile created 01/08/2013 at 22:29:57
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Home - HOME-PC
# Boot Mode : Normal
# Running from : C:\Users\Home\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Admin\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\Home\AppData\Local\APN
Folder Deleted : C:\Users\Home\AppData\Local\TempDir
Folder Deleted : C:\Users\Home\AppData\LocalLow\AskToolbar
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\prefs.js
C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\user.js ... Deleted !
[OK] File is clean.
File : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\d1malkfy.default\prefs.js
[OK] File is clean.
File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qg46kkuz.default\prefs.js
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bce285f5d-25db-4a46-af5f-a2c88508e987%[...]
File : C:\Users\jodan\AppData\Roaming\Mozilla\Firefox\Profiles\8e24xnbv.default\prefs.js
[OK] File is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences
Deleted [l.1] : icon_url ={"apps_promo_counter":11,"browser":{"clear_lso_data_enabled":true,"window_placement":{"bottom":709,"[...]
File : C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [4277 octets] - [08/01/2013 22:29:57]
########## EOF - C:\AdwCleaner[s1].txt - [4337 octets] ##########
-
Here is the DDS.txt file
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1
Run by Home at 19:22:19 on 2013-01-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5878 [GMT -6:00]
.
AV: CloudCare *Disabled/Updated* {BABEE769-087B-572E-AD62-21FF46C86F61}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: CloudCare AntiSpyware *Disabled/Updated* {01DF068D-2E41-58A0-97D2-1A8D3D4F25DC}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Bsecure\InetCtrl.exe
C:\Program Files (x86)\Bsecure\BsecAV.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\windows\system32\lxedcoms.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Bsecure\BSecAMX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe
C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe
C:\Program Files (x86)\Bsecure\BsecTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\splwow64.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearch Bar = Preserve
mStart Page = hxxp://lenovo.msn.com
uProxyServer = 127.0.0.1:9666
uProxyOverride = 127.0.0.1;*.local
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mWinlogon: Userinit = userinit.exe,
BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
TB: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} -
uRun: [Octoshape Streaming Services] "C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
uRun: [sansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
uRun: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe
uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28G2B0MC05XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1
uRun: [Citrix] rundll32 "C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll",DllRegisterServerW
uRun: [bdprmf] rundll32.exe "C:\Users\Home\AppData\Roaming\bdprmf.dll",TruncateLog
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe"
mRun: [uCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe"
mRun: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://dwa.deluxe.com/InternalSite/WhlCompMgr.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F} : DHCPNameServer = 61.13.0.10 61.13.0.99
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://lenovo.msn.com
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [synBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window
x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [lxedmon.exe] "C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe"
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264]
R2 Bsecure;CloudCare;C:\Program Files (x86)\Bsecure\InetCtrl.exe [2011-6-19 66344]
R2 BsecureAV;CloudCare AntiVirus;C:\Program Files (x86)\Bsecure\BsecAV.exe [2011-6-19 161776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-2-15 76288]
R2 lxed_device;lxed_device;C:\windows\System32\lxedcoms.exe -service --> C:\windows\System32\lxedcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-24 682344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-8-22 103472]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-10-31 301760]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568]
R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-6-20 150928]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176]
R3 BSecACFltr;BSecACFltr;C:\windows\System32\drivers\BSecACFltr.sys [2011-9-17 22832]
R3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-6-24 24176]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]
S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-6-20 468368]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 ToolkitDisk;ToolkitDisk;C:\windows\System32\drivers\toolkitdisk.sys [2012-3-17 62552]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-9-2 229456]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice]
.
=============== Created Last 30 ================
.
2013-01-08 01:55:43 -------- d-----w- C:\Users\Home\AppData\Local\Programs
2013-01-08 00:16:04 -------- d-sh--w- C:\windows\System32\%APPDATA%
2013-01-08 00:06:09 -------- d-----w- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7
2013-01-08 00:04:55 174592 ----a-w- C:\Users\Home\AppData\Roaming\bdprmf.dll
2013-01-04 17:47:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5040281E-7AA9-48A1-A379-7ED8CCB2DFA7}\mpengine.dll
2013-01-03 13:13:48 741480 ------w- C:\windows\System32\HPDiscoPMBC11.dll
2013-01-03 13:13:38 -------- d-----w- C:\Program Files\HP
2013-01-03 13:13:38 -------- d-----w- C:\Program Files (x86)\HP
2013-01-03 13:13:22 -------- d-----w- C:\Users\Home\AppData\Local\HP
2013-01-03 05:41:51 -------- d-----w- C:\Program Files (x86)\Lame For Audacity
2013-01-02 09:56:13 -------- d-----w- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA}
2013-01-02 03:56:41 -------- d-----w- C:\LGMobileUpgrade
2013-01-02 03:55:50 -------- d-----w- C:\Program Files (x86)\LG Electronics
2013-01-02 03:49:57 98304 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll
2013-01-02 03:49:57 5275648 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.7.1.msi
2013-01-02 03:49:57 24576 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll
2013-01-02 03:49:52 1347584 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe
2013-01-02 03:49:44 90112 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGUTchkdl.dll
2013-01-02 03:49:44 24576 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGEUSBAutorun.dll
2012-12-29 18:51:01 -------- d-----w- C:\Program Files (x86)\Audacity
2012-12-25 20:56:46 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys
2012-12-25 20:56:25 -------- d-----w- C:\Program Files\iPod
2012-12-25 20:56:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-25 20:56:24 -------- d-----w- C:\Program Files\iTunes
2012-12-25 20:56:24 -------- d-----w- C:\Program Files (x86)\iTunes
2012-12-23 04:10:34 -------- d-----w- C:\Program Files (x86)\Amazon
2012-12-22 09:00:31 46080 ----a-w- C:\windows\System32\atmlib.dll
2012-12-22 09:00:31 367616 ----a-w- C:\windows\System32\atmfd.dll
2012-12-22 09:00:31 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-22 09:00:30 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
2012-12-17 04:13:13 16363960 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-12-17 03:21:42 478208 ----a-w- C:\windows\System32\dpnet.dll
2012-12-17 03:21:42 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-12-10 19:52:00 -------- d-----w- C:\Users\Home\AppData\Local\CyberLink
.
==================== Find3M ====================
.
2012-12-17 04:13:18 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 04:13:18 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-12-14 22:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys
2012-11-12 12:28:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb
2012-11-12 11:52:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-10-31 20:38:44 13504 ----a-w- C:\windows\System32\drivers\PSVolAcc.sys
2012-10-31 20:38:18 57024 ----a-w- C:\windows\System32\drivers\psmounterex.sys
2012-10-27 06:26:55 981504 ----a-w- C:\windows\SysWow64\wininet.dll
2012-10-27 05:51:21 1188864 ----a-w- C:\windows\System32\wininet.dll
2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll
.
============= FINISH: 19:22:51.67 ===============
Google Search Redirect Virus Help
in Resolved Malware Removal Logs
Posted
Hi. I restored the FF defaults on all profiles. I tried searching on 2 of the 3 profiles and have not had any issue.