Jump to content

Black screen after Malwarebytes scan


michael49
 Share

Recommended Posts

Ran Malwarebytes scan, was prompted that I needed to restart, then developed black screen with blinking cursor upon restart. If I enter task manager desktop loads after about 5 minutes.

Here are logs:

Thanks!

==== System Restore Points ===================

.

RP3: 2/21/2013 9:03:05 PM - Malwarebytes Anti-Rootkit Restore Point

RP4: 2/22/2013 8:25:48 PM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Photoshop Lightroom 3.6 64-bit

Adobe Photoshop Lightroom 4.3 64-bit

Adobe Reader X (10.1.4)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 2013

Bonjour

Canon Utilities Digital Photo Professional

Canon Utilities EOS Utility

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Color Efex Pro 4

Common Desktop Agent

CyberLink PowerDVD 9.5

Dell B1160 Mono Laser Printer

Dell Support Center

Dell V505

Dfine 2.0

DirectX 9 Runtime

EOSInfo

EPSON Printer Software

FotoSketcher 2.25

FreeUndelete 2.1.36867.1

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist Corporate

HDR Efex Pro

Hugin 2012.0.0

InfoAtoms [uninstall]

iTunes

Jacquie Lawson Alpine Advent Calendar

Java 7 Update 13

Java Auto Updater

Junk Mail filter update

Luminance HDR 2.1.0

Malwarebytes Anti-Malware version 1.70.0.1100

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Octoshape add-in for Adobe Flash Player

OverDrive Media Console

PDFCreator

Photomatix Essentials 64-bit version 3.0

PhotoShowExpress

Picturenaut 3.2

Portrait Professional 11.0

Portrait Professional 11.0 Trial

QuickTime

R-Undelete 4.5

RBVirtualFolder64Inst

Realtek High Definition Audio Driver

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Sendori

SES Driver

Shopping Sidekick Plugin

Silver Efex Pro 2

Sonic CinePlayer Decoder Pack

Spybot - Search & Destroy

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Viveza 2

WD SmartWare

Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

.

==== Event Viewer Messages From Past Week ========

.

2/22/2013 8:59:08 PM, Error: Service Control Manager [7022] - The Service Sendori service hung on starting.

2/22/2013 8:57:43 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

2/22/2013 8:28:03 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070103: ATI Technologies Inc. - Display - ATI Radeon HD 5450.

2/21/2013 9:48:06 PM, Error: Service Control Manager [7031] - The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

2/21/2013 9:27:03 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

2/21/2013 9:22:31 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

2/21/2013 9:22:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

2/21/2013 9:22:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

2/21/2013 9:22:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

2/21/2013 9:22:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

2/21/2013 9:22:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 discache spldr Wanarpv6

2/21/2013 9:22:12 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgtdia DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf ws2ifsl

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 9:11:17 PM, Error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.

2/21/2013 8:39:03 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.

2/21/2013 8:39:03 PM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/19/2013 9:20:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

2/19/2013 9:20:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

2/19/2013 9:17:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}

2/19/2013 9:17:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}

2/19/2013 9:03:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

2/19/2013 8:54:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

2/19/2013 8:54:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

2/19/2013 8:54:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

2/19/2013 8:54:09 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

2/19/2013 8:52:52 PM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

2/19/2013 3:32:01 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

2/18/2013 11:11:42 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.13.2

Run by Michael at 21:02:14 on 2013-02-22

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8174.6142 [GMT -5:00]

.

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dldwcoms.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\nlssrv32.exe

C:\Program Files (x86)\Sendori\sndappv2.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Program Files (x86)\Sendori\SendoriSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Sendori\Sendori.Service.exe

C:\Program Files (x86)\Sendori\SendoriUp.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86) (x86)\Dell V505\dldwmon.exe

C:\Program Files (x86) (x86)\Dell V505\dldwMsdMon.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Sendori\SendoriTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Michael\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = www.dell.com

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [dldwmon.exe] "C:\Program Files (x86) (x86)\Dell V505\dldwmon.exe"

mRun: [dldwamon] "C:\Program Files (x86) (x86)\Dell V505\dldwamon.exe"

mRun: [Dell V505] "C:\Program Files (x86) (x86)\Dell V505\fm3032.exe" /s

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Michael\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JLALPI~1.LNK - C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DRIVER~1.LNK - C:\Users\Michael\Downloads\DriverPerformer_16i.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

LSP: C:\Windows\System32\Sendori.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} - hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab

DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} - hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab

DPF: {B15C3921-CCFA-4403-9E6F-4470839E835E} - hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab

DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} - hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} - hxxps://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{084A41F1-3763-46FA-A112-8DA09CFB8FD8} : NameServer = 216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76

TCP: Interfaces\{084A41F1-3763-46FA-A112-8DA09CFB8FD8} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{084A41F1-3763-46FA-A112-8DA09CFB8FD8}\C696E6B6379737 : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

SSODL: WebCheck - <orphaned>

x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe

x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-6-21 55856]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-6-21 203264]

R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-12-10 118632]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]

R2 dldw_device;dldw_device;C:\Windows\System32\dldwcoms.exe -service --> C:\Windows\System32\dldwcoms.exe -service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-21 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-21 682344]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-11-22 66560]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-2-21 1153368]

R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-12-10 14696]

R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-12-10 3569512]

R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.sys [2011-12-1 11576]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-19 248248]

R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-6-21 116240]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-21 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-6-21 406056]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-2-21 24176]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-6-21 158976]

S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-6-21 75264]

S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-6-21 176640]

S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-6-14 25072]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-8 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2011-2-16 14464]

.

=============== Created Last 30 ================

.

2013-02-22 02:30:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-02-22 00:59:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-02-22 00:59:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2013-02-19 08:02:15 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-19 08:02:15 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-19 02:54:28 -------- d-----w- C:\Firefox

2013-02-19 02:43:51 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-19 02:43:51 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-19 02:43:38 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-18 13:45:14 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-18 13:45:13 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-18 13:45:12 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-18 13:45:03 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-18 13:45:01 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-18 13:45:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-18 13:45:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-18 13:45:00 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-18 13:45:00 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-18 13:45:00 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-18 13:44:58 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-02-18 13:44:58 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-10 03:22:50 -------- d-----w- C:\Users\Michael\AppData\Roaming\OfficeRecovery

2013-02-10 03:22:46 -------- d-----w- C:\Users\Michael\AppData\Local\Apps

2013-02-10 03:22:22 -------- d-----w- C:\Program Files (x86)\InfoAtoms

2013-02-10 03:15:40 -------- d-----w- C:\Users\Michael\AppData\Roaming\R-TT

2013-02-10 03:15:37 -------- d-----w- C:\Program Files (x86)\R-Undelete

2013-02-10 03:04:53 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll

2013-02-10 03:04:50 -------- d-----w- C:\ProgramData\Sendori

2013-02-10 03:04:49 -------- d-----w- C:\Program Files (x86)\Sendori

2013-02-10 02:58:20 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX

2013-02-10 02:58:19 87040 ----a-w- C:\Windows\System32\pdfcmnnt.dll

2013-02-10 02:58:18 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL

2013-02-10 02:58:18 -------- d-----w- C:\Program Files (x86)\PDFCreator

2013-02-10 02:57:22 -------- d-----w- C:\Users\Michael\AppData\Local\Shopping Sidekick Plugin

2013-02-10 02:57:17 -------- d-----w- C:\Users\Michael\AppData\Local\Updater21802

2013-02-10 02:57:15 -------- d-----w- C:\Program Files (x86)\Shopping Sidekick Plugin

2013-02-10 02:55:57 -------- d-----w- C:\Users\Michael\AppData\Local\CRE

2013-02-08 01:58:13 15739760 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2013-02-08 01:58:19 74096 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-02-08 01:58:19 697712 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll

2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll

2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll

2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll

2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs

2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs

2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs

2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs

2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs

2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs

2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs

2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs

2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs

2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs

2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs

2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs

2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs

2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs

2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll

2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll

2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll

2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe

2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll

2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll

2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll

2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll

.

============= FINISH: 21:02:37.10 ===============

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Can you post the log from Malwarebytes that shows what was deleted in the last scan.

Then..........

Please download and run RogueKiller to your desktop.

http://tigzy.geeksto...ueKillerX64.exe <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop. (please don't put logs in code or quotes)

If you're using Peer 2 Peer software such as uTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>Please stick with me until I give you the "all clear".

<+>The removal of malware isn't instantaneous, please be patient.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Thanks so much for your help. Its been a few days now, but I think this was the scan that caused all the trouble.....

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

Database version: v2013.02.19.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Michael :: MININT-T6C8KQG [administrator]

2/19/2013 8:02:02 PM

mbam-log-2013-02-19 (20-02-02).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 209399

Time elapsed: 3 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 15

HKCR\CLSID\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCR\TypeLib\{44444444-4444-4444-4444-440244184402} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCR\Interface\{55555555-5555-5555-5555-550255185502} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0021802.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181102} (PUP.215Apps) -> Quarantined and deleted successfully.

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Users\Michael\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.

C:\Users\Michael\Local Settings\Temporary Internet Files\Content.IE5\05LUZWSJ\ShoppingSidekick_Test[1] (PUP.215Apps) -> Quarantined and deleted successfully.

C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Yes post it.

-----------------------------

That scan was run on > 2/19/2013 8:02:02 PM

I see you also ran Malwarebytes Anti-Rootkit on 2/21/2013:

RP3: 2/21/2013 9:03:05 PM - Malwarebytes Anti-Rootkit Restore Point

Are you sure it didn't happen after running MBAR.

There's nothing in the log from MB that would cause your problem.

Check you system restore points and see if you have any that would have been created before the problem.

MrC

Link to post
Share on other sites

I ran MWB anti-Rootkit after the problem started, looking for a fix here.

Unfortunately, I had system restore shut off (didn't realize it).

Let me know if there is any other info that I can provide.

Here is the Spybot log......

--- Report generated: 2013-02-21 20:20 ---

Yontoo.Pagerage: [sBI $7EA79EE0] Settings (Registry key, nothing done)

HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}

Yontoo.Pagerage: [sBI $243758A5] Settings (Registry key, nothing done)

HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Yontoo.Pagerage: [sBI $243758A5] Settings (Registry key, nothing done)

HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Yontoo.Pagerage: [sBI $B64479C2] Program directory (Directory, nothing done)

C:\Program Files (x86)\Yontoo\

Win32.2UrFace.bho: [sBI $78ED33A6] Settings (Registry key, nothing done)

HKEY_CLASSES_ROOT\CLSID\{99066096-8989-4612-841F-621A01D54AD7}

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Right Media: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DirectTrack: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SDWinSec.exe (1.0.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-01-26 TeaTimer.exe (1.6.4.26)

2013-02-21 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-01-26 advcheck.dll (1.6.2.15)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2012-12-18 Includes\Adware.sbi (*)

2013-02-13 Includes\AdwareC.sbi (*)

2010-08-13 Includes\Cookies.sbi (*)

2012-11-14 Includes\Dialer.sbi (*)

2012-11-14 Includes\DialerC.sbi (*)

2012-11-14 Includes\HeavyDuty.sbi (*)

2012-11-14 Includes\Hijackers.sbi (*)

2012-11-14 Includes\HijackersC.sbi (*)

2012-11-14 Includes\iPhone.sbi (*)

2012-11-14 Includes\Keyloggers.sbi (*)

2012-12-18 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2012-11-21 Includes\Malware.sbi (*)

2013-02-19 Includes\MalwareC.sbi (*)

2012-11-14 Includes\PUPS.sbi (*)

2013-02-05 Includes\PUPSC.sbi (*)

2010-01-25 Includes\Revision.sbi (*)

2012-11-14 Includes\Security.sbi (*)

2012-11-14 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2012-11-14 Includes\Spyware.sbi (*)

2012-11-14 Includes\SpywareC.sbi (*)

2012-11-19 Includes\Tracks.uti

2013-01-16 Includes\Trojans.sbi (*)

2013-02-06 Includes\TrojansC-02.sbi (*)

2013-02-19 Includes\TrojansC-03.sbi (*)

2013-02-06 Includes\TrojansC-04.sbi (*)

2012-11-14 Includes\TrojansC-05.sbi (*)

2013-02-13 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

Link to post
Share on other sites

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Please zip it up and attach it to your next post.

MrC

Link to post
Share on other sites

Ran aswMBR. Here is the log.....

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software

Run date: 2013-02-23 09:53:34

-----------------------------

09:53:34.953 OS Version: Windows x64 6.1.7601 Service Pack 1

09:53:34.953 Number of processors: 4 586 0x2A07

09:53:34.953 ComputerName: MININT-T6C8KQG UserName: Michael

09:53:42.136 Initialize success

09:55:00.513 AVAST engine defs: 13022300

09:55:21.239 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

09:55:21.240 Disk 0 Vendor: ST31000528AS CC46 Size: 953869MB BusType: 11

09:55:21.273 Disk 0 MBR read successfully

09:55:21.274 Disk 0 MBR scan

09:55:21.277 Disk 0 Windows 7 default MBR code

09:55:21.312 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 939867 MB offset 2048

09:55:21.806 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14000 MB offset 1924849664

09:55:21.843 Disk 0 scanning C:\Windows\system32\drivers

09:55:41.501 Service scanning

09:56:05.086 Service TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe **HIDDEN**

09:56:09.941 Modules scanning

09:56:09.945 Disk 0 trace - called modules:

09:56:09.971 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys

09:56:09.977 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80078a8530]

09:56:09.981 3 CLASSPNP.SYS[fffff880016b343f] -> nt!IofCallDriver -> [0xfffffa80074861e0]

09:56:09.984 5 ACPI.sys[fffff88000ef67a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80077fb060]

09:56:17.177 AVAST engine scan C:\Windows

09:56:40.899 AVAST engine scan C:\Windows\system32

10:03:13.000 AVAST engine scan C:\Windows\system32\drivers

10:03:55.942 AVAST engine scan C:\Users\Michael

10:29:47.322 Disk 0 MBR has been saved successfully to "C:\Users\Michael\Desktop\MBR.dat"

10:29:47.326 The log file has been saved successfully to "C:\Users\Michael\Desktop\aswMBR.txt"

Link to post
Share on other sites

Please create a new system restore point before running TDSSKiller.

-----------------------------------

Please read the directions carefully so you don't end up deleting something that is good!!

If in doubt about an entry....please ask or choose Skip!!!!

Don't Delete anything unless instructed to!

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If a suspicious object is detected, the default action will be Skip, click on Continue

Please note that TDSSKiller can be run in safe mode if needed.

Here's a video that explains how to run it if needed:

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    clip.jpg
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
    If in doubt about an entry....please ask or choose Skip
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If in doubt about an entry....please ask or choose Skip

Don't Delete anything unless instructed to!

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

~~~~~~~~~~~~~~~~~~~~

You can attach the logs if they're too long:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

MrC

Link to post
Share on other sites

That was clean...I'm not seeing anything.....run this scan and post back the 2 logs:

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://www.itxassociates.com/OT-Tools/OTL.exe

http://oldtimer.geekstogo.com/OTL.com (<---renamed version)

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

The scan will take about 10 minutes...depends on your hard drive size.

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

Here is the OLT scan log......

OTL logfile created on: 2/23/2013 11:21:40 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michael\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 5.63 Gb Available Physical Memory | 70.52% Memory free

15.96 Gb Paging File | 13.49 Gb Available in Paging File | 84.48% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 917.84 Gb Total Space | 500.65 Gb Free Space | 54.55% Space Free | Partition Type: NTFS

Drive D: | 13.67 Gb Total Space | 7.49 Gb Free Space | 54.81% Space Free | Partition Type: NTFS

Drive E: | 308.37 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MININT-T6C8KQG | User Name: Michael | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/23 11:20:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\Downloads\OTL.exe

PRC - [2013/02/23 10:49:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\AppData\Local\Temp\38E04163-BBEA-45CF-8E11-329F2064F3AF.exe

PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe

PRC - [2012/12/10 18:01:54 | 003,569,512 | ---- | M] (Sendori) -- C:\Program Files (x86)\Sendori\sndappv2.exe

PRC - [2012/12/10 18:01:54 | 000,196,456 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriUp.exe

PRC - [2012/12/10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriSvc.exe

PRC - [2012/12/10 18:01:54 | 000,082,792 | ---- | M] (Sendori, Inc.) -- C:\Program Files (x86)\Sendori\SendoriTray.exe

PRC - [2012/12/10 18:01:54 | 000,014,696 | ---- | M] (sendori) -- C:\Program Files (x86)\Sendori\Sendori.Service.exe

PRC - [2012/12/03 16:48:06 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe

PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

PRC - [2012/09/19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe

PRC - [2012/09/19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

PRC - [2012/09/19 21:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

PRC - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/11/22 17:15:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe

PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

PRC - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwmon.exe

PRC - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwmsdmon.exe

PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/18 20:05:26 | 012,638,576 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll

MOD - [2013/01/25 21:35:06 | 000,460,240 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll

MOD - [2013/01/25 21:35:04 | 004,012,496 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll

MOD - [2013/01/25 21:34:19 | 000,597,968 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll

MOD - [2013/01/25 21:34:18 | 000,124,368 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll

MOD - [2013/01/25 21:34:16 | 001,552,848 | ---- | M] () -- C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll

MOD - [2012/12/12 00:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012/12/03 16:48:06 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe

MOD - [2012/10/05 05:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012/10/05 05:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012/08/31 05:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll

MOD - [2010/11/20 22:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2010/11/20 22:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

MOD - [2010/02/10 08:57:36 | 000,676,520 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwmon.exe

MOD - [2010/02/10 08:57:32 | 000,025,256 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwmsdmon.exe

MOD - [2010/01/21 05:09:30 | 000,036,864 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\app4r.monitor.core.dll

MOD - [2010/01/21 05:09:30 | 000,028,672 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\app4r.monitor.common.dll

MOD - [2010/01/21 05:08:34 | 000,065,536 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\app4r.devmons.mcmdevmon.dll

MOD - [2009/07/23 15:52:40 | 001,036,288 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwdrs.dll

MOD - [2009/07/23 15:51:56 | 000,380,928 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwscw.dll

MOD - [2009/06/10 16:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2009/05/13 10:50:52 | 000,081,920 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwcaps.dll

MOD - [2009/05/13 10:48:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwmonr.dll

MOD - [2008/04/25 02:44:40 | 000,077,906 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\DLDWcfg.dll

MOD - [2008/03/25 04:53:10 | 000,012,288 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\app4r.devmons.mcmdevmon.autoplayutil.dll

MOD - [2008/03/10 07:30:50 | 000,188,416 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwdatr.dll

MOD - [2008/02/26 15:24:06 | 000,069,632 | ---- | M] () -- C:\Program Files (x86) (x86)\Dell V505\dldwcnv4.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010/08/03 22:51:22 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2008/05/03 00:05:10 | 001,035,776 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dldwcoms.exe -- (dldw_device)

SRV - [2013/02/07 20:58:20 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012/12/10 18:01:54 | 003,569,512 | ---- | M] (Sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\sndappv2.exe -- (sndappv2)

SRV - [2012/12/10 18:01:54 | 000,118,632 | ---- | M] (Sendori, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sendori\SendoriSvc.exe -- (Application Sendori)

SRV - [2012/12/10 18:01:54 | 000,014,696 | ---- | M] (sendori) [Auto | Running] -- C:\Program Files (x86)\Sendori\Sendori.Service.exe -- (Service Sendori)

SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)

SRV - [2012/09/19 21:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)

SRV - [2012/09/19 21:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)

SRV - [2012/09/19 21:02:48 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)

SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/11/22 17:15:56 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)

SRV - [2011/06/30 21:15:44 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)

SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)

SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/07/24 17:04:12 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dldwcoms.exe -- (dldw_device)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/01 11:05:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)

DRV:64bit: - [2011/06/14 18:13:52 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 15:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)

DRV:64bit: - [2010/12/09 09:38:18 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/10/15 17:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/08/03 23:22:38 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)

DRV:64bit: - [2010/08/03 22:15:46 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)

DRV:64bit: - [2010/07/26 21:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/07/19 23:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2010/07/19 23:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010/07/15 09:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)

DRV:64bit: - [2010/06/08 05:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2010/06/03 11:35:02 | 000,033,792 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir3.sys -- (hcw85cir)

DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010/02/02 14:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/10/27 00:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2009/10/27 00:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.dell.com

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes\{44B515BA-11A7-43D6-833A-68D0650BC9A6}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=D137C202-588F-4870-B5C5-FA7EA82C5A76&apn_sauid=104075F2-8ED9-4CC9-B6F8-FE2A4D418C3B

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS439

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes\{92F54D18-3D30-492E-B1DC-73C9940CD96A}: "URL" = http://search.avg.com/?d=4e19a7ac&i=23&tp=chrome&q={searchTerms}&lng={language}&nt=1

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\SearchScopes\{B9ED0398-7907-43AC-B5E0-E3191382B385}: "URL" = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms}

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Michael\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\infoatoms@infoatoms.com: C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com [2013/02/09 22:22:25 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi

[2013/02/09 22:22:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

[2013/02/09 22:22:25 | 000,000,000 | ---D | M] (InfoAtoms) -- C:\Program Files (x86)\Mozilla FireFox\extensions\infoatoms@infoatoms.com

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll

CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.14.40.136_0\plugins/ConduitChromeApiPlugin.dll

CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oelbclnhkbhlhikfmpmbakbgeonbjjnp\10.14.40.136_0\plugins/np-cwmp.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [CDAServer] C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Dell V505] C:\Program Files (x86) (x86)\Dell V505\fm3032.exe ()

O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()

O4 - HKLM..\Run: [dldwamon] C:\Program Files (x86) (x86)\Dell V505\dldwamon.exe ()

O4 - HKLM..\Run: [dldwmon.exe] C:\Program Files (x86) (x86)\Dell V505\dldwmon.exe ()

O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)

O4 - HKLM..\Run: [sendori Tray] C:\Program Files (x86)\Sendori\SendoriTray.exe (Sendori, Inc.)

O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = C:\Program Files (x86)\JL Alpine Advent Calendar\JL Alpine Advent Calendar.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\Sendori.dll (Sendori)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\Sendori.dll (Sendori)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\Sendori.dll (Sendori)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\Sendori.dll (Sendori)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\Sendori.dll (Sendori)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2688355490-3884386746-895769739-1005\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab (PPMDForms.Forms)

O16 - DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab (AMDSControls50.XGroupCategory)

O16 - DPF: {B15C3921-CCFA-4403-9E6F-4470839E835E} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab (Leadtools.XLead)

O16 - DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab (AMDSAudio.XAudio)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} https://a-sl1-app01.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab (PPMDVBDownload.XShowReady)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{084A41F1-3763-46FA-A112-8DA09CFB8FD8}: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{084A41F1-3763-46FA-A112-8DA09CFB8FD8}: NameServer = 216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\615\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/12/22 11:18:37 | 000,001,398 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{4730082e-9c14-11e0-a33e-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{4730082e-9c14-11e0-a33e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2012/01/10 03:26:08 | 000,865,600 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/21 21:30:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/02/21 21:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/02/21 19:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy

[2013/02/21 19:59:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2013/02/21 19:59:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy

[2013/02/18 21:54:28 | 000,000,000 | ---D | C] -- C:\Firefox

[2013/02/18 21:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2013/02/18 21:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2013/02/18 21:43:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013/02/18 08:41:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

[2013/02/09 22:25:20 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\Backups 2

[2013/02/09 22:22:50 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\OfficeRecovery

[2013/02/09 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeUndelete

[2013/02/09 22:22:46 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Apps

[2013/02/09 22:22:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox

[2013/02/09 22:22:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InfoAtoms

[2013/02/09 22:15:40 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\R-TT

[2013/02/09 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Undelete

[2013/02/09 22:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R-Undelete

[2013/02/09 22:15:37 | 000,000,000 | ---D | C] -- C:\Users\Michael\Documents\R-TT

[2013/02/09 22:04:53 | 000,321,384 | ---- | C] (Sendori) -- C:\Windows\SysWow64\Sendori.dll

[2013/02/09 22:04:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sendori

[2013/02/09 22:04:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sendori

[2013/02/09 21:58:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator

[2013/02/09 21:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator

[2013/02/09 21:57:22 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Shopping Sidekick Plugin

[2013/02/09 21:57:17 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\Updater21802

[2013/02/09 21:57:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shopping Sidekick Plugin

[2013/02/09 21:55:57 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Local\CRE

========== Files - Modified Within 30 Days ==========

[2013/02/23 11:18:00 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job

[2013/02/23 11:12:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job

[2013/02/23 11:10:41 | 000,083,291 | ---- | M] () -- C:\Users\Michael\Desktop\TDSSKiller.2.8.16.0_23.02.2013_10.59.02_log.zip

[2013/02/23 11:00:33 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/02/23 11:00:33 | 000,021,472 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/02/23 10:59:48 | 000,001,155 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk

[2013/02/23 10:58:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/02/23 10:53:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2688355490-3884386746-895769739-1002UA.job

[2013/02/23 10:51:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/02/23 10:51:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/02/23 10:51:34 | 2133,684,223 | -HS- | M] () -- C:\hiberfil.sys

[2013/02/23 10:44:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/02/23 10:41:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2688355490-3884386746-895769739-1005UA.job

[2013/02/23 10:29:47 | 000,000,512 | ---- | M] () -- C:\Users\Michael\Desktop\MBR.dat

[2013/02/21 21:30:15 | 000,001,139 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/02/21 21:30:15 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/21 19:59:54 | 000,001,288 | ---- | M] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/02/21 19:59:54 | 000,001,264 | ---- | M] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk

[2013/02/19 03:25:14 | 000,322,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/02/19 00:41:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2688355490-3884386746-895769739-1005Core.job

[2013/02/18 19:02:42 | 000,000,748 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\.ptbt0

[2013/02/18 18:53:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2688355490-3884386746-895769739-1002Core.job

[2013/02/18 08:41:40 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk

[2013/02/09 22:23:52 | 000,000,620 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog

[2013/02/09 22:22:46 | 000,002,310 | ---- | M] () -- C:\Users\Michael\Desktop\FreeUndelete.lnk

[2013/02/09 22:04:42 | 000,000,258 | RHS- | M] () -- C:\Users\Michael\ntuser.pol

[2013/02/03 17:28:14 | 000,001,059 | ---- | M] () -- C:\Users\Michael\Desktop\Hugin.lnk

[2013/02/02 08:37:18 | 000,002,388 | ---- | M] () -- C:\Users\Michael\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/02/23 11:10:41 | 000,083,291 | ---- | C] () -- C:\Users\Michael\Desktop\TDSSKiller.2.8.16.0_23.02.2013_10.59.02_log.zip

[2013/02/23 10:29:47 | 000,000,512 | ---- | C] () -- C:\Users\Michael\Desktop\MBR.dat

[2013/02/21 21:30:15 | 000,001,139 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk

[2013/02/21 21:30:15 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/02/21 19:59:54 | 000,001,288 | ---- | C] () -- C:\Users\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2013/02/21 19:59:54 | 000,001,264 | ---- | C] () -- C:\Users\Michael\Desktop\Spybot - Search & Destroy.lnk

[2013/02/09 22:23:38 | 000,000,620 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog

[2013/02/09 22:22:46 | 000,002,310 | ---- | C] () -- C:\Users\Michael\Desktop\FreeUndelete.lnk

[2013/02/09 22:04:42 | 000,000,258 | RHS- | C] () -- C:\Users\Michael\ntuser.pol

[2013/02/09 21:58:19 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll

[2013/02/03 17:32:15 | 000,000,748 | ---- | C] () -- C:\Users\Michael\AppData\Roaming\.ptbt0

[2012/12/09 16:45:09 | 000,484,672 | ---- | C] () -- C:\Windows\SSndii.exe

[2012/11/23 17:25:18 | 000,002,159 | ---- | C] () -- C:\Windows\checkip.dat

[2012/11/23 17:25:08 | 000,003,129 | ---- | C] () -- C:\Windows\ipconfig.dat

[2012/09/12 18:38:40 | 000,006,212 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/02/27 14:44:48 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\SilverEfexPro2FC32.dll

[2012/02/22 22:26:34 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\Viveza2FC32.dll

[2012/02/06 20:45:30 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\HDREfexProFC32.dll

[2012/01/31 14:36:50 | 000,326,144 | ---- | C] () -- C:\Windows\SysWow64\ColorEfexPro4FC32.dll

[2012/01/16 18:23:30 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwserv.dll

[2012/01/16 18:23:30 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwusb1.dll

[2012/01/16 18:23:30 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwpmui.dll

[2012/01/16 18:23:30 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwlmpm.dll

[2012/01/16 18:23:30 | 000,536,576 | ---- | C] () -- C:\Windows\SysWow64\dldwutil.dll

[2012/01/16 18:23:30 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\DLDWinst.dll

[2012/01/16 18:23:30 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwinpa.dll

[2012/01/16 18:23:30 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwiesc.dll

[2012/01/16 18:23:30 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\dldwcomx.dll

[2012/01/16 18:23:30 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\dldwinsb.dll

[2012/01/16 18:23:30 | 000,176,128 | ---- | C] () -- C:\Windows\SysWow64\dldwins.dll

[2012/01/16 18:23:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\dldwjswr.dll

[2012/01/16 18:23:30 | 000,106,496 | ---- | C] () -- C:\Windows\SysWow64\dldwinsr.dll

[2012/01/16 18:23:30 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dldwcub.dll

[2012/01/16 18:23:30 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\dldwcu.dll

[2012/01/16 18:23:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\dldwcur.dll

[2012/01/16 18:23:29 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcomc.dll

[2012/01/16 18:23:29 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwhbn3.dll

[2012/01/16 18:23:29 | 000,594,600 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcoms.exe

[2012/01/16 18:23:29 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcomm.dll

[2012/01/16 18:23:29 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwcfg.exe

[2012/01/16 18:23:29 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\dldwih.exe

[2012/01/16 18:23:29 | 000,077,906 | ---- | C] () -- C:\Windows\SysWow64\DLDWcfg.dll

[2011/10/08 11:41:59 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat

[2011/10/08 11:41:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat

[2011/10/08 11:41:59 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat

[2011/10/08 11:41:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat

[2011/10/08 11:41:59 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat

[2011/10/08 11:41:59 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat

[2011/10/08 11:41:59 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat

[2011/10/08 11:41:59 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat

[2011/10/08 11:41:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat

[2011/10/08 11:41:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat

[2011/10/08 11:41:59 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat

[2011/10/08 11:41:59 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat

[2011/10/08 11:41:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat

[2011/10/08 11:41:59 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat

[2011/10/08 11:41:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat

[2011/10/08 11:41:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini

[2011/10/08 11:41:18 | 000,000,057 | ---- | C] () -- C:\Windows\EPSP1400.ini

[2011/06/21 10:29:02 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2011/06/21 09:41:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011/06/21 07:45:05 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/10 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2013/01/10 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012/11/17 12:56:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Anthropics

[2012/12/28 21:08:18 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVG2013

[2013/01/19 21:42:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon

[2012/06/01 19:29:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\CoCo_Lightroom

[2011/10/09 19:29:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\fdrtools.com

[2011/10/09 19:31:44 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\HDRsoft

[2011/12/23 17:56:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ImagingLuminaryLLC

[2012/12/03 16:48:09 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\JLAdventCalendarAlpine2012

[2012/06/01 19:46:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nik Software

[2013/02/09 22:22:50 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OfficeRecovery

[2012/09/04 19:35:39 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\OverDrive

[2011/12/23 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Picturenaut

[2013/02/09 22:15:40 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\R-TT

[2012/12/28 20:54:28 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\TuneUp Software

[2012/01/16 18:55:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\V505 Series

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

For now..please uninstall Spybot - Search & Destroy from add/remove programs.

-----------------------------

Do you know what this is:

PRC - [2013/02/23 10:49:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\AppData\Local\Temp\38E04163-BBEA-45CF-8E11-329F2064F3AF.exe

MrC

Link to post
Share on other sites

For now..please uninstall Spybot - Search & Destroy from add/remove programs.

-----------------------------

Do you know what this is:

PRC - [2013/02/23 10:49:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\AppData\Local\Temp\38E04163-BBEA-45CF-8E11-329F2064F3AF.exe

MrC

Uninstalled. Kaspersky Lab is the maker of Spybot, no?

Link to post
Share on other sites

Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

:OTL

PRC - [2013/02/23 10:49:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Michael\AppData\Local\Temp\38E04163-BBEA-45CF-8E11-329F2064F3AF.exe

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:Commands

[EMPTYJAVA]

[emptytemp]

[EMPTYFLASH]

[*]Then click the Run Fix button at the top

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

Did as you said, made me reboot. Just so you know whenever I reboot it opens to black screen with cursor. If I open the task window then after about 3-5 min the desktop loads.

Here is the log....

All processes killed

========== OTL ==========

No active process named 38E04163-BBEA-45CF-8E11-329F2064F3AF.exe was found!

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.

File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.

File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Michael

->Java cache emptied: 322192 bytes

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.