Jump to content

Rootkit and Bagle worm, at least.


Recommended Posts

Greetings, Malwarebytes forum. My name is Erik, and here is my problem:

My computer was playing ads in the background, loads of them at once, whenever I started up my computer. This was a couple of days ago. I restarted in safe mode, ran Malwarebytes, ran Spybot, but still had problems. Some forums suggested some stuff that I ran, but realise was perhaps not the best choice, as this forum recommends not running any temporary file cleaners yet (which was then unknown to me).

I ran TDSSKiller, which found a harbinger rootkit and removed it (it says).

I ran SystemLook. I clicked a link from a malwareremoval com forum post in order to download it, and trusted it blindly I suppose. It seems someone had turned that link into a download of easylifeapp (or was that my own malware?) I couldn't remove that thing for all I tried. I did get a real SystemLook, and ran it. It or something else caused my computer to restart (which I made sure was in safe mode).

Then came ESET online scanner, which found 52 threats and removed 43 of those. One of the many threats was the Bagle worm. Most of the worm files were removed, but not all.

I want to fix my computer completely, and switch to Linux. I just have lost most of my installers and prefer to backup my programs as they are, with all my files, and otherwise start fresh.

Here is the requested dds log file:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK

Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.17.2

Run by Erik at 16:27:35 on 2013-06-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4833 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\ctfmon.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ctfmon.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US

uDefault_Page_URL = g.msn.com/USCON/1

mStart Page = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US

uProxyOverride = <local>

uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file>

mWinlogon: Userinit = userinit.exe,

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>

BHO: Zoomex: {B662A5D3-A35A-B033-EE17-0C0CCEC68727} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - LocalServer32 - <no file>

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>

uRun: [Google Update] "C:\Users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

mRunOnce: [292C0D6C-BC4F-47DE-8C7E-8C5528E735A7] cmd.exe /C start /D "C:\Users\Erik\AppData\Local\Temp" /B 292C0D6C-BC4F-47DE-8C7E-8C5528E735A7.exe -postboot

StartupFolder: C:\Users\Erik\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736} : NameServer = 0.0.0.0

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\0556C68616D602D4573796360214274737023547574696F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\0556C68616D6D457379636142747373547574696F6 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\4405451434 : DHCPNameServer = 192.168.2.1 192.168.2.1 167.206.251.129 167.206.251.130

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\45753475966496 : DHCPNameServer = 10.240.205.161 10.240.205.162

TCP: Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}\A4F686E6E6970225F636B656473702D202B41666564756279616 : DHCPNameServer = 208.67.222.222 208.67.220.220

TCP: Interfaces\{65AB2A8E-0C7E-4984-9412-8F9B1B396EE7} : DHCPNameServer = 192.168.42.129

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs=

SSODL: WebCheck - <orphaned>

x64-BHO: Expat Shield Class: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray

x64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplash

x64-Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&hid=1288959593&lg=EN&cc=US&l=1&q=

FF - prefs.js: browser.search.selectedEngine - EasyLife

FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/30&hid=1288959593&lg=EN&cc=US

FF - prefs.js: keyword.URL - hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&hid=1288959593&lg=EN&cc=US&l=1&q=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor.dll

FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-05-10 21:56; 50d9fc30dd63e@50d9fc30dd677.com; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\50d9fc30dd63e@50d9fc30dd677.com

FF - ExtSQL: 2013-05-10 21:56; 50d9fcc62d939@50d9fcc62d972.com; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\50d9fcc62d939@50d9fcc62d972.com

FF - ExtSQL: 2013-05-30 12:28; br7a@gwvgkf-.co.uk; C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\br7a@gwvgkf-.co.uk

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-11-18 55280]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-2-9 279616]

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2012-6-27 33320]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-18 56344]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-11-18 74280]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-11-18 7689216]

S1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2012-6-27 89128]

S1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2012-6-27 116776]

S1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2012-6-27 113192]

S1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2012-6-27 93224]

S1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2012-6-27 116776]

S1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2012-6-27 304680]

S1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2012-6-27 109096]

S1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2012-6-27 112680]

S1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2012-7-12 219688]

S1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2012-6-27 105000]

S1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2012-7-13 205352]

S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2010-11-18 98208]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-28 606720]

S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]

S2 ExpatShieldService;Expat Shield Service;C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe [2012-1-6 331608]

S2 ExpatSrv;Expat Shield Routing Service;C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-1-4 363336]

S2 ExpatWd;Expat Shield Monitoring Service;C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat --> C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat [?]

S2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-7-13 140064]

S2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-7-17 4948992]

S2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2012-7-13 167464]

S2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2012-7-13 119336]

S2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2012-7-13 123944]

S2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2012-7-13 130088]

S2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-7-13 36640]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-10 1153368]

S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-11-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-18 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-28 911872]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\System32\drivers\ssadadb.sys [2011-5-13 36328]

S3 bpenum;bpenum;C:\Windows\System32\drivers\bpenum.sys [2010-11-18 71168]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\System32\drivers\bpmp.sys [2010-11-18 175104]

S3 bpusb;bpusb;C:\Windows\System32\drivers\bpusb.sys [2010-11-18 81920]

S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\System32\drivers\BrSerIb.sys [2009-7-13 281088]

S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\System32\drivers\BrUsbSIb.sys [2009-7-13 15360]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2010-11-18 172704]

S3 ExpatTrayService;Expat Shield Tray Service;C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.exe [2012-1-6 77520]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-11-18 158976]

S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-11-18 287232]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-11-18 245792]

S3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

S3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

S3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

S3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\drivers\ssadbus.sys [2011-5-13 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\System32\drivers\ssadmdfl.sys [2011-5-13 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\System32\drivers\ssadmdm.sys [2011-5-13 177640]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);C:\Windows\System32\drivers\ssadserd.sys [2011-5-13 146920]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-23 59392]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-18 1255736]

S3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2010-6-18 39832]

S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2012-6-27 68648]

.

=============== Created Last 30 ================

.

2013-06-01 02:50:49 -------- d-----w- C:\Program Files (x86)\ESET

2013-05-31 13:16:56 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CE10C0-168B-4D69-9B06-E5E6805D1A63}\mpengine.dll

2013-05-30 17:00:47 921 ----a-w- C:\Windows\QSFVExit.bat

2013-05-30 16:27:23 -------- d-----w- C:\ProgramData\SearchNewTab

2013-05-30 16:26:51 -------- d-----w- C:\ProgramData\StarApp

2013-05-30 14:44:41 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-22 13:07:26 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2013-05-22 13:07:02 -------- d-----w- C:\Program Files\My Dell

2013-05-22 04:33:00 262552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2013-05-16 14:00:49 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-16 14:00:49 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-05-15 23:19:42 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-14 16:35:22 -------- d-----w- C:\Windows\SysWow64\wbem\ga-IE

2013-05-14 16:35:21 -------- d-----w- C:\Windows\SysWow64\ga-IE

2013-05-14 16:35:21 -------- d-----w- C:\Windows\System32\wbem\ga-IE

2013-05-14 16:35:20 -------- d-----w- C:\Windows\System32\ga-IE

2013-05-14 16:35:20 -------- d-----w- C:\Windows\ga-IE

.

==================== Find3M ====================

.

2013-05-15 03:35:22 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-15 03:35:22 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-05 01:08:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 01:00:30 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 00:59:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-04-05 00:56:16 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-04-05 00:55:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-04-04 22:11:34 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-04 22:02:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-04-04 22:02:17 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-04 21:58:51 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-04-04 21:57:45 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-15 03:04:14 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-15 03:04:14 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-15 03:04:13 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 16:29:07.15 ===============

And here is the attach one:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 1/16/2011 4:12:07 PM

System Uptime: 6/1/2013 3:42:20 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 08VFX1

Processor: Intel® Core i5 CPU M 460 @ 2.53GHz | U2E1 | 2527/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 581 GiB total, 203.403 GiB free.

D: is CDROM ()

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: Security Processor Loader Driver

Device ID: ROOT\LEGACY_SPLDR\0000

Manufacturer:

Name: Security Processor Loader Driver

PNP Device ID: ROOT\LEGACY_SPLDR\0000

Service: spldr

.

==== System Restore Points ===================

.

RP297: 5/14/2013 10:06:35 AM - Windows Update

RP298: 5/14/2013 12:32:57 PM - Language Pack Installation

RP299: 5/15/2013 10:37:03 AM - Removed Skype™ 6.3

RP300: 5/16/2013 9:58:00 AM - Windows Update

RP301: 5/21/2013 8:05:23 AM - Windows Update

RP303: 5/21/2013 11:31:17 AM - Windows Defender Checkpoint

RP304: 5/24/2013 9:48:24 AM - Windows Update

RP306: 5/24/2013 10:00:24 AM - Windows Defender Checkpoint

RP308: 5/25/2013 5:39:53 PM - Windows Defender Checkpoint

RP309: 5/28/2013 10:31:04 AM - Windows Update

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

aaa

Adobe AIR

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader X (10.1.7)

Adobe Stock Photos 1.0

Advanced Audio FX Engine

Any Video Converter 3.1.8

ASIO4ALL

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Best Buy pc app

Best Service Chris Hein Horns

BitLord 1.2

Bulgarian (Phonetic) by Iliya Dankov

CamStudio OSS Desktop Recorder

D3DX10

DAEMON Tools Lite

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Dock

Dell Edoc Viewer

Dell Getting Started Guide

Dell Product Registration

Dell Webcam Central

East West Colossus

East West EWQLSO Gold Edition

East West Ra

East West Stormdrum Kompakt

escv

ESET Online Scanner v3

Expat Shield 2.24

FamilySearch Indexing 3.17.3

FoxTab PDF Converter

Free Mp3 Wma Converter V 1.91

GetDiz 4.5

Google Chrome

Google Earth Plug-in

Google Update Helper

GoToAssist 8.0.0.514

Guitar Pro 5.2

HiJackThis

ImgBurn

Intel PROSet Wireless

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor

Intel® Wireless Display

Intel® PROSet/Wireless WiMAX Software

Internet Explorer

Java 7 Update 17

Java Auto Updater

Java 6 Update 21 (64-bit)

Java 6 Update 35

Junk Mail filter update

Live 8.0.4

Live! Cam Avatar Creator

Malwarebytes Anti-Malware Version 1.75.0.1300

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office File Validation Add-In

Microsoft Office Office 64-bit Components 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Starter 2010 - English

Microsoft Office Word 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft Works 6-9 Converter

Mignet Assistant Service

Mozilla Firefox 21.0 (x86 ga-IE)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

My Dell

Native Instruments Controller Editor

Native Instruments Guitar Rig 4

Native Instruments Kontakt 4

Native Instruments Kontakt Factory Selection

Native Instruments Service Center

Panda Cloud Antivirus

Panda Security URL Filtering

PDF24 Creator 3.8.0

Quickset64

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealStrat 1.0

Realtek High Definition Audio Driver

RealUpgrade 1.1

Reason 5.0

Roxio Burn

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Sibelius 6

Sibelius Scorch (Firefox, Opera, Netscape only)

Spybot - Search & Destroy

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Mobile Device Updater Component

WinRAR archiver

Xvid 1.2.2 final uninstall

YTD Toolbar v6.6

Zune

Zune Language Pack (DEU)

Zune Language Pack (ESP)

Zune Language Pack (FRA)

Zune Language Pack (ITA)

Zune Language Pack (NLD)

Zune Language Pack (PTB)

Zune Language Pack (PTG)

.

==== Event Viewer Messages From Past Week ========

.

6/1/2013 4:21:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 3:53:27 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 3:43:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

6/1/2013 3:43:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

6/1/2013 3:43:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

6/1/2013 3:43:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

6/1/2013 3:43:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21

6/1/2013 3:42:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr Wanarpv6

6/1/2013 3:42:52 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.

6/1/2013 3:39:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/31/2013 9:09:36 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service.

5/31/2013 9:08:20 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Panda Product Service service to connect.

5/31/2013 9:08:20 AM, Error: Service Control Manager [7000] - The Panda Product Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.

5/31/2013 11:49:37 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/31/2013 11:34:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

5/30/2013 12:55:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/30/2013 10:46:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache NNSALPC NNSHTTP NNSIDS NNSPICC NNSPOP3 NNSPROT NNSPRV NNSSMTP NNSSTRM NNSTLSC PSINKNC spldr sptd Wanarpv6

5/30/2013 10:45:21 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .

5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/30/2013 10:25:33 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

5/30/2013 10:25:33 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure.

5/30/2013 10:25:33 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.

5/30/2013 10:25:33 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/29/2013 9:44:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIHardwareService service.

5/29/2013 11:13:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - Rinneadh athbhútáil ar an ríomhaire ó sheiceáil dífhabhtóirí. Ba é 0x0000001e (0xffffffffc0000005, 0xfffffa8008b253ef, 0x0000000000000000, 0x000000007efa003c) an seiceáil dífhabhtóirí. Sábháladh dumpa in: C:\Windows\MEMORY.DMP. Aitheantóir na tuairisce: 052913-26863-01.

5/28/2013 10:19:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

5/26/2013 5:13:07 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - Rinneadh athbhútáil ar an ríomhaire ó sheiceáil dífhabhtóirí. Ba é 0x0000007e (0xffffffffc0000005, 0xfffff88001985369, 0xfffff8800b487018, 0xfffff8800b486870) an seiceáil dífhabhtóirí. Sábháladh dumpa in: C:\Windows\MEMORY.DMP. Aitheantóir na tuairisce: 052613-32729-01.

5/25/2013 5:33:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

5/25/2013 3:39:49 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OEM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

I am extremely grateful for all the help I'm told I will receive. I appreciate what ye forum experts volunteer to do in order to help those who have less experience, knowledge, expertise, or whatever else.

Thanks,

Erik.

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.

    [*]Please do not attach logs or use code boxes, just copy and paste the text.

    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.

    [*]Please read every post completely before doing anything.

    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.

    [*]Please provide feedback about your experience as we go.

    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

That was quite fast, Gringo. Thanks for your help. I've not done much with my computer since I've been afraid to leave safe mode. Do you advise checking for issues with the internet connected and with the normal boot and all? In all honesty, if I didn't know that I was after deleting the harbinger rootkit twice (ran TDSSkiller twice before you replied) and I didn't know of the ESET results (the worm), I'd expect that the computer were grand. The redirect to easylifeapp is gone, but that was so following the ESET scan. I forgot to mention also that I had run TFC (Oldtimer I think) before posting.

Have you any recommendation of a method of backing up programmes? I'd considered a disc image (I think that's what it was called), but that sounds like something that would backup the malware as well. I also can-not backup much without access to my USB port (as I'm in safe mode still).

Here is the JRT report:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Home Premium x64

Ran by Erik on Sat 06/01/2013 at 20:34:23.75

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{72007943-281F-4682-9530-51F2385BA2A9}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E710FE12-BA4C-4349-9C34-84627D7FE871}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{E710FE12-BA4C-4349-9C34-84627D7FE871}

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"

Successfully deleted: [Folder] "C:\Users\Erik\appdata\local\best buy pc app"

Successfully deleted: [Folder] "C:\Program Files (x86)\ytd toolbar"

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{2380AD5E-18EC-4913-B20E-5980DF4B0BFF}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{420310C4-7117-439C-A517-0BCD7BED2703}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{42EDFF27-2D82-49E1-BCE4-DDCBA04534D3}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{6E3671DE-FE31-4E87-A098-9880CE5311AC}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{736F6D5C-D691-4775-9458-0FD807F32552}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{7D0B8E93-36F3-47DC-9431-404F2C5C75DD}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{982FB13B-1ABA-4DEB-A21C-428E65A40E77}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{C59C9D35-DC0B-4C0B-9E36-CC067AA538E0}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{C5B6646D-0399-4BFD-B6BE-B5F6349BB773}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{E1679695-9E6A-40AB-96F1-19037FA8B5E7}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{E7D42E87-EB94-4B29-857B-49C7791799BF}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{E90A59F4-25A2-4F8A-8A2D-41B7143CDFB8}

Successfully deleted: [Empty Folder] C:\Users\Erik\appdata\local\{F162D27A-119E-4392-A0DA-51745F8A98A1}

~~~ FireFox

Successfully deleted: [File] C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\searchplugins\bing-zugo.xml

Successfully deleted: [Folder] C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\extensions\50d9fc30dd63e@50d9fc30dd677.com

Successfully deleted: [Folder] C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\extensions\50d9fcc62d939@50d9fcc62d972.com

Successfully deleted: [Folder] C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\extensions\searchtoolbar@zugo.com

Failed to delete: [Folder] C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\extensions\ytd@mybrowserbar.com

Successfully deleted the following from C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\prefs.js

user_pref("browser.search.defaultengine", "Privitize VPN");

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);

Emptied folder: C:\Users\Erik\AppData\Roaming\mozilla\firefox\profiles\tfbhskc5.default\minidumps [14 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 06/01/2013 at 20:35:59.27

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And here is the other:

# AdwCleaner v2.301 - Logfile created 06/01/2013 at 18:37:59

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Erik - ENDLOSER_WINTER

# Boot Mode : Safe mode with networking

# Running from : C:\Users\Erik\Desktop\AdwCleaner(1).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\searchplugins\search.xml

File Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\searchplugins\Searchab.xml

Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com

Folder Deleted : C:\Program Files (x86)\Search Toolbar

Folder Deleted : C:\Program Files (x86)\Zoomex

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Delta

Folder Deleted : C:\ProgramData\SearchNewTab

Folder Deleted : C:\ProgramData\Zoomex

Folder Deleted : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\oibbnokkimkpmfbegbinjefhdhgibmhn

Folder Deleted : C:\Users\Erik\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\extensions\br7a@gwvgkf-.co.uk

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B662A5D3-A35A-B033-EE17-0C0CCEC68727}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B662A5D3-A35A-B033-EE17-0C0CCEC68727}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKCU\Software\PrivitizeVPNInstallDates

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2830765

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B662A5D3-A35A-B033-EE17-0C0CCEC68727}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{01BD49D7-C76B-4310-8BEB-14D7E5F322C6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B662A5D3-A35A-B033-EE17-0C0CCEC68727}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9D425283-D487-4337-BAB6-AB8354A81457}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16483

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US --> hxxp://www.google.com

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2830765 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.easylifeapp.com/?pid=388&src=ie1&r=2013/05/30&hid=1288959593&lg=EN&cc=US --> hxxp://www.google.com

-\\ Mozilla Firefox v21.0 (ga-IE)

File : C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\prefs.js

Deleted : user_pref("browser.search.defaultenginename", "EasyLife");

Deleted : user_pref("browser.search.defaultenginename,S", "EasyLife");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&[...]

Deleted : user_pref("browser.search.order.1", "EasyLife");

Deleted : user_pref("browser.search.order.1,S", "EasyLife");

Deleted : user_pref("browser.search.selectedEngine", "EasyLife");

Deleted : user_pref("browser.search.selectedEngine,S", "EasyLife");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=388&src=ff1&r=2013/05/30&h[...]

Deleted : user_pref("extensions.50d9fc30dd6e9.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.50d9fcc62d9e4.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=388&src=ff2&r=2013/05/30&hid=1288959593[...]

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2769] : homepage = "hxxp://search.easylifeapp.com/?pid=388&src=ch1&r=2013/05/30&hid=1288959593&lg=EN&cc=US[...]

*************************

AdwCleaner[s1].txt - [7079 octets] - [01/06/2013 18:37:59]

########## EOF - C:\AdwCleaner[s1].txt - [7139 octets] ##########

Thanks again!

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

After this scan go ahead and use the computer like you normaly would and check it out.

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

Link to post
Share on other sites

It's running grand I believe. No more ads in the background, not very slow at-all, and still no easylifeapp or other redirects or browser hijacking, easy booting normally.

One thing I had forgotten to mention was frequent prompting from my computer to update Adobe software and Java. In safe mode, this was not happening, but before the ads started in the background, a couple of days ago (whereafter I ran it only in safe mode), there were the Adobe and Java prompts. I let it update, but it kept asking to do it again. Then came the ads and all that.

Sorry to ask you so many questions here, but in an effort to be more self-sufficient in the future (I'm sure ye are all busy, and one fewer computer to repair ought to help), here they are:

Now, I mean to switch over to Linux from Windows. Have you any advice on that? or maybe know a good place I can find some? I hear it can be fair difficult and confusing at first. Do I need to backup all my files before I switch? I've heard both that I do and don't need to do that. And how would I backup programmes? If my computer were absolutely clean, would that disc image thing work?

Here is the ComboFix log:

ComboFix 13-06-01.01 - Erik 06/01/2013 21:32:09.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.4912 [GMT -4:00]

Running from: c:\users\Erik\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\406F.tmp

c:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll

c:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dll

c:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dll

c:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll

c:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dll

c:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dll

c:\programdata\PCDr\6261\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dll

c:\programdata\PCDr\6261\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dll

c:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dll

c:\programdata\PCDr\6261\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dll

c:\users\Erik\Documents\~WRL0001.tmp

c:\users\Erik\Documents\~WRL0004.tmp

c:\users\Erik\Documents\~WRL2885.tmp

c:\windows\security\Database\tmp.edb

c:\windows\wininit.ini

.

.

((((((((((((((((((((((((( Files Created from 2013-05-02 to 2013-06-02 )))))))))))))))))))))))))))))))

.

.

2013-06-02 01:38 . 2013-06-02 01:38 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-06-02 01:38 . 2013-06-02 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-06-02 00:34 . 2013-06-02 00:34 -------- d-----w- c:\windows\ERUNT

2013-06-02 00:01 . 2013-06-02 00:01 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80CE10C0-168B-4D69-9B06-E5E6805D1A63}\offreg.dll

2013-06-02 00:01 . 2013-06-02 00:33 -------- d-----w- C:\JRT

2013-06-01 02:50 . 2013-06-01 02:50 -------- d-----w- c:\program files (x86)\ESET

2013-05-31 13:16 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80CE10C0-168B-4D69-9B06-E5E6805D1A63}\mpengine.dll

2013-05-30 17:00 . 2013-05-30 17:00 921 ----a-w- c:\windows\QSFVExit.bat

2013-05-30 16:26 . 2013-05-30 16:26 -------- d-----w- c:\programdata\StarApp

2013-05-30 14:44 . 2013-06-01 22:09 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-22 13:07 . 2013-05-22 13:07 -------- d-----w- c:\programdata\PC-Doctor for Windows

2013-05-22 13:07 . 2013-05-22 13:07 -------- d-----w- c:\program files\My Dell

2013-05-16 14:00 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-16 14:00 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 14:00 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-15 23:19 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\SysWow64\wbem\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\SysWow64\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\system32\wbem\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\system32\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\ga-IE

2013-05-09 02:23 . 2013-05-15 14:37 -------- d-----w- c:\users\Erik\AppData\Roaming\Skype

2013-05-09 02:23 . 2013-05-15 14:37 -------- d-----w- c:\programdata\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 14:07 . 2011-01-28 03:53 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-15 03:35 . 2012-07-20 23:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 03:35 . 2011-12-17 03:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-09 03:59 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 06:06 . 2011-04-05 14:41 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 23:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 23:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 23:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 23:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 23:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 23:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 13:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 18:50 . 2011-01-26 16:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 23:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 23:16 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 23:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 23:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 23:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 23:16 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-15 03:04 . 2013-03-15 03:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-15 03:04 . 2012-09-03 15:08 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-15 03:04 . 2010-11-18 22:17 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-11-03 220744]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-25 296056]

"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"292C0D6C-BC4F-47DE-8C7E-8C5528E735A7"="start" [X]

"170CB0DA-103E-47B9-B6C7-9EF2A9F395A0"="start" [X]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 kvmfvdti;kvmfvdti;c:\windows\system32\drivers\kvmfvdti.sys [x]

R1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]

R1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]

R1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]

R1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]

R1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]

R1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]

R1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]

R1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]

R1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]

R1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]

R1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]

R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-28 606720]

R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

R2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-06 331608]

R2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]

R2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]

R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

R2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]

R2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]

R2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]

R2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]

R2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]

R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-28 911872]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-09-20 71168]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-09-20 175104]

R3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-09-20 81920]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-06 77520]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]

R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]

R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-09 279616]

S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-06-01 7689216]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 03:35]

.

2013-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 20:18]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 20:18]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001Core.job

- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 22:12]

.

2013-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001UA.job

- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 22:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-10-03 1449984]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736}: NameServer = 0.0.0.0

FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-12421458.sys

SafeBoot-22332316.sys

SafeBoot-39997656.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{8C5878D0-6106-423B-AAA8-144C143DBF44} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-6-kJ7W - c:\windows\system32\6-kJ7W.exe

AddRemove-{58206080-3E1F-4418-8117-D190FC71BF58} - c:\program files (x86)\MusicLab\RealStrat\Uninstall.exe

AddRemove-{7156892F-9E95-2258-91BD-7FF07BA9CDEC} - c:\progra~3\INSTAL~1\{7E46E~1\Setup.exe

AddRemove-{C480794A-A73F-931D-2A13-62BA94E820AB} - c:\progra~3\INSTAL~1\{F6223~1\Setup.exe

AddRemove-48e4cff94f039634 - c:\programdata\Best Buy pc app\ClickOnceUninstaller.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-06-01 21:40:46

ComboFix-quarantined-files.txt 2013-06-02 01:40

.

Pre-Run: 226,421,493,760 bytes free

Post-Run: 226,010,578,944 bytes free

.

- - End Of File - - 180EFD463A6F1FC38B15F9E68D7FC911

You have my thanks, Gringo.

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Driver::
kvmfvdti

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  1. report from Combofix
  2. let me know of any problems you may have had
  3. How is the computer doing now after running the script?

Gringo

Link to post
Share on other sites

Here is the log:

ComboFix 13-06-01.01 - Erik 06/01/2013 22:31:42.2.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5941.5048 [GMT -4:00]

Running from: c:\users\Erik\Desktop\ComboFix.exe

Command switches used :: c:\users\Erik\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_kvmfvdti

.

.

((((((((((((((((((((((((( Files Created from 2013-05-02 to 2013-06-02 )))))))))))))))))))))))))))))))

.

.

2013-06-02 02:39 . 2013-06-02 02:39 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-06-02 00:34 . 2013-06-02 00:34 -------- d-----w- c:\windows\ERUNT

2013-06-02 00:01 . 2013-06-02 00:33 -------- d-----w- C:\JRT

2013-06-01 02:50 . 2013-06-01 02:50 -------- d-----w- c:\program files (x86)\ESET

2013-05-31 13:16 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80CE10C0-168B-4D69-9B06-E5E6805D1A63}\mpengine.dll

2013-05-30 17:00 . 2013-05-30 17:00 921 ----a-w- c:\windows\QSFVExit.bat

2013-05-30 16:26 . 2013-05-30 16:26 -------- d-----w- c:\programdata\StarApp

2013-05-30 14:44 . 2013-06-01 22:09 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-22 13:07 . 2013-05-22 13:07 -------- d-----w- c:\programdata\PC-Doctor for Windows

2013-05-22 13:07 . 2013-05-22 13:07 -------- d-----w- c:\program files\My Dell

2013-05-16 14:00 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll

2013-05-16 14:00 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-16 14:00 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2013-05-15 23:19 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\SysWow64\wbem\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\SysWow64\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\system32\wbem\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\system32\ga-IE

2013-05-14 16:35 . 2013-05-14 16:35 -------- d-----w- c:\windows\ga-IE

2013-05-09 02:23 . 2013-05-15 14:37 -------- d-----w- c:\users\Erik\AppData\Roaming\Skype

2013-05-09 02:23 . 2013-05-15 14:37 -------- d-----w- c:\programdata\Skype

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 14:07 . 2011-01-28 03:53 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-15 03:35 . 2012-07-20 23:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 03:35 . 2011-12-17 03:43 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-09 03:59 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 06:06 . 2011-04-05 14:41 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 23:19 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 23:19 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 23:19 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 23:19 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 23:19 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 23:19 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 13:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 18:50 . 2011-01-26 16:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 23:16 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 23:16 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 23:16 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 23:16 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 23:16 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 23:16 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-15 03:04 . 2013-03-15 03:04 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-15 03:04 . 2012-09-03 15:08 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-03-15 03:04 . 2010-11-18 22:17 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 233288 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-08-23 3926528]

"Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-11-03 220744]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2012-04-25 296056]

"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-04 559616]

.

c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

c:\users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]

R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088]

R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360]

R3 ExpatTrayService;Expat Shield Tray Service;c:\program files (x86)\Expat Shield\bin\ExpatTrayService.EXE [2012-01-06 77520]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-05-07 245792]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-18 1255736]

R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-09 279616]

S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]

S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]

S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]

S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]

S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]

S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]

S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]

S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]

S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]

S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]

S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-28 606720]

S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]

S2 ExpatShieldService;Expat Shield Service;c:\program files (x86)\Expat Shield\bin\openvpnas.exe [2012-01-06 331608]

S2 ExpatSrv;Expat Shield Routing Service;c:\program files (x86)\Expat Shield\HssWPR\hsssrv.exe [2012-01-04 363336]

S2 ExpatWd;Expat Shield Monitoring Service;c:\program files (x86)\Expat Shield\bin\hsswd.exe [2012-01-04 329544]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]

S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-28 911872]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [2010-09-20 71168]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2010-09-20 175104]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [2010-09-20 81920]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-12-22 74280]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-06-01 7689216]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-06-18 39832]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 03:35]

.

2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 20:18]

.

2013-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 20:18]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001Core.job

- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 22:12]

.

2013-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001UA.job

- c:\users\Erik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-16 22:12]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]

2012-01-04 23:02 287048 ----a-w- c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 415256]

"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-10-03 1449984]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736}: NameServer = 0.0.0.0

FF - ProfilePath - c:\users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\tfbhskc5.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

WebBrowser-{8C5878D0-6106-423B-AAA8-144C143DBF44} - (no file)

AddRemove-6-kJ7W - c:\windows\system32\6-kJ7W.exe

AddRemove-{58206080-3E1F-4418-8117-D190FC71BF58} - c:\program files (x86)\MusicLab\RealStrat\Uninstall.exe

AddRemove-{7156892F-9E95-2258-91BD-7FF07BA9CDEC} - c:\progra~3\INSTAL~1\{7E46E~1\Setup.exe

AddRemove-{C480794A-A73F-931D-2A13-62BA94E820AB} - c:\progra~3\INSTAL~1\{F6223~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-06-01 22:45:51 - machine was rebooted

ComboFix-quarantined-files.txt 2013-06-02 02:45

ComboFix2.txt 2013-06-02 01:40

.

Pre-Run: 226,128,809,984 bytes free

Post-Run: 225,783,242,752 bytes free

.

- - End Of File - - EB6EEFCB0CD9810EE5016A5F500DDC46

I think things are mostly good. I had an odd experience however: After reading your last message in my e-mail (on my phone), I refreshed this page on my laptop (the computer with the problem). It told me that Panda Cloud Antivirus had marked it as a malicious site and wouldn't grant me access. It also said something about Yahoo. Then I tried Google to see other sites worked, and Google did work. Then I went to the Malwarebytes home page and tried to navigate thence to the forums. It worked until I clicked on the forums page (http://forums*malwarebytes*org/). It read 'No site configured at this address'. I have this problem now as well, and did in safe mode. All this works grand on my old Mac. Through Google I found your profile and clicked on your post to this thread, which loaded as normal. As I check now, it works on this computer if I use Chrome instead of Firefox.

An odd thing is that my Panda Cloud is not even functional just now, but it's a long time I'm having that problem. I never bothered repairing it because it was useless. I'd like to uninstall it actually, but I see no option for that. It leads me to wondering how Panda Cloud could block any sites at-all.

Should you need it, I'll clarify that by 'not even functional', I mean that any task I attempt to give it yields an error message which reads something of trouble with its side-by-side configuration, and the icon in the SysTray has a tiny red circle (with a white X I'm thinking) over it.

I know I forgot to mention this, but my computer goes to sleep instantly when I press the power button, which is what I'm accustomed to, but when I noticed the other troubles, it was taking at least thirty seconds to go to sleep. Another good sign I suppose.

Thanks again my friend.

Link to post
Share on other sites

  • Staff

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur

Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld

These logs are looking allot better. But we still have some work to do.

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

  • Programs to remove

    • Adobe Reader X (10.1.7)
      BitLord 1.2
      Java 7 Update 17
      Java™ 6 Update 21 (64-bit)
      Java™ 6 Update 35
      Mignet Assistant Service

  • Please download and install
Revo Uninstaller FreeDouble click Revo Uninstaller to run it.
From the list of programs double click on The Program to remove
When prompted if you want to uninstall click Yes.
Be sure the Moderate option is selected then click Next.
The program will run, If prompted again click Yes
when the built-in uninstaller is finished click on Next.
Once the program has searched for leftovers click Next.
Check/tick the bolded items only on the list then click Delete
when prompted click on Yes and then on next.
put a check on any folders that are found and select delete
when prompted select yes then on next
Once done click Finish.

.

Update Adobe reader

  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.
    You can download it from
http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
  • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from
here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic

"information and logs"

  • In your next post I need the following
  1. Log From MBAM
  2. report from Hijackthis
  3. let me know of any problems you may have had
  4. How is the computer doing now?

Gringo

Link to post
Share on other sites

Here is the Malwarebytes log:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.06.01.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Erik :: ENDLOSER_WINTER [administrator]

6/2/2013 12:50:46 AM

mbam-log-2013-06-02 (00-50-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 246275

Time elapsed: 3 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:53:56 AM, on 6/2/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16483)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe

C:\Program Files (x86)\PDF24\pdf24.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Users\Erik\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe"

O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot

O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray

O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI068C~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{4B5A6CB4-7F49-4B39-BB04-C27E15468736}: NameServer = 0.0.0.0

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: Expat Shield Service (ExpatShieldService) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe

O23 - Service: Expat Shield Routing Service (ExpatSrv) - AnchorFree Inc. - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe

O23 - Service: Expat Shield Tray Service (ExpatTrayService) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE

O23 - Service: Expat Shield Monitoring Service (ExpatWd) - Unknown owner - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 11343 bytes

Everything seems to be functioning as normal, maybe even better with all that cleaning we're after doing. Whatever did not want FIrefox going to this site is no longer preventing it. I've not done P2P in years by-the-bye. I thought I'd unistalled BitLord long ago.

Link to post
Share on other sites

  • Staff

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
      O4 - HKLM\..\Run: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
      O4 - HKLM\..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
      O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[*] Close all open windows and browsers/email, etc...

[*] Click on the "Fix Checked" button

[*] When completed, close the application.

  • NOTE**You can research each of those lines
>here< and see if you want to keep them or not
just copy the name between the brackets and paste into the search space
O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start

    [*]When asked, allow the add/on to be installed

    • Click Start

    [*]Make sure that the option Remove found threats is unticked

    [*]Click on Advanced Settings, ensure the options

    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

    [*]Click Scan

    [*]wait for the virus definitions to be downloaded

    [*]Wait for the scan to finish

When the scan is complete

  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found

  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here

Gringo

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

There are some minor things in your online scan that should be removed.

delete files

  • Copy all text in the code box (below)...to Notepad.
    @echo off
    del /f /s /q "C:\Users\Erik\Downloads\FoxitReader603.0524_enu_Setup.exe"
    del %0


  • Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
    It should look like this: batfileicon.gif<--XPvista_bat_icon.png<--vista
  • Double click on delfile.bat to execute it.
    A black CMD window will flash, then disappear...this is normal.
  • The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

The rest of the Online scan is only reporting backups created during the course of this fix C:\Qoobox\Quarantine\, and/or items located in System Restore's cache C:\System Volume Information\, Whatever is in these folders can't harm you unless you choose to perform a manual restore. the following steps will remove these backups.

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:

  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.
    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

:DeFogger:

Note** Defogger only needs to be run if it was run when we first started. If you have not already run it then skip this.

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK.

Your Emulation drivers are now re-enabled.

:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • CF-Uninstall.png

:Remove the rest of our tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

About Java

  • During the cleaning process if I found that Java was installed I asked for it to be uninstalled, Many home users will not miss it. If you use OpenOffice, play online games or use business applications which require Java, Then you need to install the latest version and make sure to disable it in your web browsers.
    If an application or website requires it, you should receive a notification indicating that when you attempt to launch that application or access that website.
    Link to download latest version. -
install Java
How to disable java in your web browsers - Disable Java

:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.

Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls
CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner
Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security programs:

One of the questions I am asked all the time is "What programs do you use" I have at this time 4 computers in my home and I have this setup on all 4 of them.

  • Microsoft Security Essentials - provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often. (I have upgraded to the paid version of MBAM and I am glad I did)
    Note** If you decide to install MSE you will need to uninstall your present Antivirus

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

Strong passwords: How to create and use them Then consider a password keeper, to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internet

internetsafety
Internet Safety for Kids

Here is some more reading for you from some of my colleges

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

quoted from Tech Support Forum

Conclusion

There is no such thing as 'perfect security'. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo

Link to post
Share on other sites

I've done the above, excepting that I can-not seem to disable Java or uninstall it. I uninstalled the Java versions you requested, and see no others in RevoUninstaller, but the Java Control Panel comes up anyway (which leads me to believe I have it still installed, though I could be wrong).

I have something that Google tells me is a trojan, named aaa. I thought it was Java, but it seems not. RevoUninstaller claims it's uninstalled it, but I see it still. I've tried twice using that method. When I closed RevoUninstaller, a message appeared stating that RevoUninstaller had not installed correctly. I clicked the X to close it.

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Put a checkmark beside loaded modules.
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
  • Click the Start Scan button.
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
  • If malicious objects are found, they will show in the Scan results
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • more than one report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". The one that I need is the larger one. Please copy and paste the contents of that file here.
    Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
    If the forum still complains about it being to long send me everything that is at the end of the report after where it says
    ==================
    Scan finished
    ==================

and I will see if I want to see the whole report

--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from TDSSKiller and Roguekiller and also let me know how the computer is doing at this time.

Gringo

Link to post
Share on other sites

<div>21:38:26.0402 7256  Detected object count: 5</div>

<div>21:38:26.0402 7256  Actual detected object count: 5</div>

<div>21:38:50.0847 7256  Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user</div>

<div>21:38:50.0847 7256  Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip </div>

<div>21:38:50.0847 7256  DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user</div>

<div>21:38:50.0847 7256  DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip </div>

<div>21:38:50.0847 7256  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user</div>

<div>21:38:50.0847 7256  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip </div>

<div>21:38:50.0847 7256  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user</div>

<div>21:38:50.0847 7256  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip </div>

<div>21:38:50.0847 725ff6  WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user</div>

<div>21:38:50.0847 7256  WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip </div>

<div>21:40:19.0019 5072  Deinitialize success</div>

<div> </div>

<div> </div>

<div>

<div>RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy</div>

<div>mail : tigzyRK<at>gmail<dot>com</div>

<div>Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/</div>

<div>Website : http://tigzy.geekstogo.com/roguekiller.php</div>

<div>Blog : http://tigzyrk.blogspot.com/</div>

<div> </div>

<div>Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version</div>

<div>Started in : Normal mode</div>

<div>User : Erik [Admin rights]</div>

<div>Mode : Remove -- Date : 06/02/2013 21:45:51</div>

<div>| ARK || FAK || MBR |</div>

<div> </div>

<div>¤¤¤ Bad processes : 0 ¤¤¤</div>

<div> </div>

<div>¤¤¤ Registry Entries : 10 ¤¤¤</div>

<div>[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX</div>

<div>[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736} : NameServer (0.0.0.0) -> NOT REMOVED, USE DNSFIX</div>

<div>[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> DELETED</div>

<div>[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED</div>

<div>[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)</div>

<div>[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</div>

<div> </div>

<div>¤¤¤ Particular Files / Folders: ¤¤¤</div>

<div> </div>

<div>¤¤¤ Driver : [NOT LOADED] ¤¤¤</div>

<div> </div>

<div>¤¤¤ HOSTS File: ¤¤¤</div>

<div>--> C:\Windows\system32\drivers\etc\hosts</div>

<div> </div>

<div>127.0.0.1       localhost</div>

<div> </div>

<div> </div>

<div>¤¤¤ MBR Check: ¤¤¤</div>

<div> </div>

<div>+++++ PhysicalDrive0: ST9640320AS +++++</div>

<div>--- User ---</div>

<div>[MBR] 979705b77092b10a27a5231dd6d6d32e</div>

<div>[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code</div>

<div>Partition table:</div>

<div>0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo</div>

<div>1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208845 | Size: 15000 Mo</div>

<div>2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928845 | Size: 595377 Mo</div>

<div>User = LL1 ... OK!</div>

<div>User = LL2 ... OK!</div>

<div> </div>

<div>Finished : << RKreport[2]_D_06022013_02d2145.txt >></div>

<div>RKreport[1]_S_06022013_02d2144.txt ; RKreport[2]_D_06022013_02d2145.txt</div>

<div> </div>

<div> </div>

<div>The computer is running grand,  but aaa is there still,  and Revo Uninstaller said it had deleted it when I tried,  but it did not.  When closing Revo Uninstaller,  the same message appeared,  stating that it mayn't be installed right.</div>

</div>

<p> </p>

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later

    [*]Please post the contents of OTL.txt in your next reply.

Gringo

Link to post
Share on other sites

OTL logfile created on: 6/2/2013 10:51:46 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Erik\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.62 Gb Available Physical Memory | 62.44% Memory free

11.60 Gb Paging File | 9.27 Gb Available in Paging File | 79.95% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 581.42 Gb Total Space | 224.00 Gb Free Space | 38.53% Space Free | Partition Type: NTFS

Computer Name: ENDLOSER_WINTER | User Name: Erik | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Erik\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)

PRC - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)

PRC - C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)

PRC - C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe ()

PRC - C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe ()

PRC - C:\Program Files (x86)\Expat Shield\bin\hsswd.exe ()

PRC - C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE (SoftThinks - Dell)

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()

PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Sibelius Software\Sibelius 6\Sibelius.exe (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)

PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()

MOD - C:\Program Files (x86)\Expat Shield\bin\openvpntray.exe ()

MOD - C:\Program Files (x86)\Expat Shield\bin\lang\gui-eng.dll ()

MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE ()

MOD - C:\Program Files (x86)\Sibelius Software\Sibelius 6\Resources\Resources.dll ()

MOD - C:\Program Files (x86)\Sibelius Software\Sibelius 6\IdeasOrganiser_Win.dll ()

MOD - C:\Program Files (x86)\Sibelius Software\Sibelius 6\ExtendedUI.dll ()

MOD - C:\Program Files (x86)\Sibelius Software\Sibelius 6\portaudio_x86.dll ()

========== Services (SafeList) ==========

SRV:64bit: - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)

SRV:64bit: - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)

SRV:64bit: - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)

SRV:64bit: - (WiMAXAppSrv) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe (Intel® Corporation)

SRV:64bit: - (DMAgent) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.)

SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)

SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()

SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)

SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (NIHardwareService) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Native Instruments GmbH)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (PSUAService) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe (Panda Security, S.L.)

SRV - (NanoServiceMain) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe (Panda Security, S.L.)

SRV - (ExpatTrayService) -- C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE ()

SRV - (ExpatShieldService) -- C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe ()

SRV - (ExpatWd) -- C:\Program Files (x86)\Expat Shield\bin\hsswd.exe ()

SRV - (ExpatSrv) -- C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)

SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)

SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)

SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)

DRV:64bit: - (PSINProt) -- C:\Windows\SysNative\drivers\PSINProt.sys (Panda Security, S.L.)

DRV:64bit: - (PSINKNC) -- C:\Windows\SysNative\drivers\PSINKNC.sys (Panda Security, S.L.)

DRV:64bit: - (PSINProc) -- C:\Windows\SysNative\drivers\PSINProc.sys (Panda Security, S.L.)

DRV:64bit: - (PSINAflt) -- C:\Windows\SysNative\drivers\PSINAflt.sys (Panda Security, S.L.)

DRV:64bit: - (PSINFile) -- C:\Windows\SysNative\drivers\PSINFile.sys (Panda Security, S.L.)

DRV:64bit: - (NNSSTRM) -- C:\Windows\SysNative\drivers\NNSStrm.sys (Panda Security, S.L.)

DRV:64bit: - (NNSTLSC) -- C:\Windows\SysNative\drivers\NNStlsc.sys (Panda Security, S.L.)

DRV:64bit: - (NNSSMTP) -- C:\Windows\SysNative\drivers\NNSSmtp.sys (Panda Security, S.L.)

DRV:64bit: - (NNSPRV) -- C:\Windows\SysNative\drivers\NNSPrv.sys (Panda Security, S.L.)

DRV:64bit: - (NNSPROT) -- C:\Windows\SysNative\drivers\NNSProt.sys (Panda Security, S.L.)

DRV:64bit: - (NNSPOP3) -- C:\Windows\SysNative\drivers\NNSPop3.sys (Panda Security, S.L.)

DRV:64bit: - (NNSPIHSW) -- C:\Windows\SysNative\drivers\NNSPihsw.sys (Panda Security, S.L.)

DRV:64bit: - (NNSPICC) -- C:\Windows\SysNative\drivers\NNSpicc.sys (Panda Security, S.L.)

DRV:64bit: - (NNSNAHSL) -- C:\Windows\SysNative\drivers\NNSNAHSL.sys (Panda Security, S.L.)

DRV:64bit: - (NNSIDS) -- C:\Windows\SysNative\drivers\NNSIds.sys (Panda Security, S.L.)

DRV:64bit: - (NNSHTTP) -- C:\Windows\SysNative\drivers\NNSHttp.sys (Panda Security, S.L.)

DRV:64bit: - (NNSALPC) -- C:\Windows\SysNative\drivers\NNSAlpc.sys (Panda Security, S.L.)

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)

DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)

DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)

DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)

DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)

DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)

DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)

DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)

DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)

DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)

DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)

DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)

DRV:64bit: - (bpmp) -- C:\Windows\SysNative\drivers\bpmp.sys (Intel Corporation)

DRV:64bit: - (bpusb) -- C:\Windows\SysNative\drivers\bpusb.sys (Intel Corporation)

DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)

DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation)

DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()

DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)

DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSIb.sys (Brother Industries Ltd.)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{453D3A6C-6542-4836-8395-52B1066295D9}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{5193B8AB-B331-4B22-9998-BF7C016A8F34}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\..\SearchScopes,DefaultScope = {AD955090-5D59-47D1-B5D6-429B3C29CA0A}

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\..\SearchScopes\{76E9350E-0392-9C19-F83A-99BC015260AF}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z039&form=ZGAIDF

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\..\SearchScopes\{AD955090-5D59-47D1-B5D6-429B3C29CA0A}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2

FF - prefs.js..extensions.enabledItems: {d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}:4.6.7.9

FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll File not found

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Erik\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/04/24 23:34:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 00:33:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/01 23:48:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/22 00:33:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/01 23:48:26 | 000,000,000 | ---D | M]

[2011/02/17 02:51:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions

[2013/06/01 20:36:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\tfbhskc5.default\extensions

[2013/06/02 00:08:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013/05/22 00:32:53 | 000,000,000 | ---D | M] (Mignet Assistant Service) -- C:\Program Files (x86)\mozilla firefox\extensions\{d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}

[2013/05/22 00:33:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions

[2013/05/22 00:33:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: EasyLife (Enabled)

CHR - default_search_provider: search_url = http://search.easylifeapp.com/?q={searchTerms}&pid=388&src=ch2&r=2013/05/30&hid=1288959593&lg=EN&cc=US

CHR - default_search_provider: suggest_url = http://localhost

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Erik\AppData\Local\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/06/01 22:40:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.

O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\..\Toolbar\WebBrowser: (no name) - {8C5878D0-6106-423B-AAA8-144C143DBF44} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)

O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)

O4 - HKU\S-1-5-21-95435350-4265177964-2103988519-1001..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found

O4 - Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-95435350-4265177964-2103988519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI068C~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)

O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B5A6CB4-7F49-4B39-BB04-C27E15468736}: NameServer = 0.0.0.0

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5EC4E283-142B-4B1E-BFB7-BF74FBF84B79}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65AB2A8E-0C7E-4984-9412-8F9B1B396EE7}: DhcpNameServer = 192.168.42.129

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/02 22:49:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Erik\Desktop\OTL.exe

[2013/06/02 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\RK_Quarantine

[2013/06/02 21:34:29 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Erik\Desktop\tdsskiller.exe

[2013/06/02 13:56:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/06/02 02:30:28 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\backups

[2013/06/02 00:51:36 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Erik\Desktop\HijackThis.exe

[2013/06/02 00:20:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2013/06/02 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2013/06/01 23:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2013/06/01 23:58:33 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Foxit Software

[2013/06/01 23:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software

[2013/06/01 23:45:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group

[2013/06/01 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller

[2013/06/01 22:45:53 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013/06/01 21:29:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/06/01 20:34:21 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/06/01 20:01:37 | 000,000,000 | ---D | C] -- C:\JRT

[2013/06/01 18:30:23 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Erik\Desktop\JRT.exe

[2013/05/31 22:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2013/05/31 22:50:23 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Erik\Desktop\esetsmartinstaller_enu.exe

[2013/05/31 22:21:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Erik\Desktop\TFC.exe

[2013/05/30 12:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\StarApp

[2013/05/30 10:44:41 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2013/05/22 09:07:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows

[2013/05/22 09:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell

[2013/05/22 00:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/05/16 09:59:49 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2013/05/16 09:59:49 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2013/05/16 09:59:47 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/05/16 09:59:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/05/16 09:59:47 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe

[2013/05/16 09:59:47 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe

[2013/05/16 09:59:46 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/05/16 09:59:46 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2013/05/16 09:59:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2013/05/16 09:59:46 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/05/16 09:59:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2013/05/16 09:59:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2013/05/16 09:59:45 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/05/16 09:59:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/05/16 09:59:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2013/05/15 19:19:42 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/05/15 19:19:42 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

[2013/05/15 19:19:31 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/05/15 19:19:31 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/05/15 19:19:31 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/05/15 19:19:31 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/05/15 19:19:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/05/14 12:35:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ga-IE

[2013/05/14 12:35:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ga-IE

[2013/05/14 12:35:20 | 000,000,000 | ---D | C] -- C:\Windows\ga-IE

[2013/05/08 22:23:20 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Skype

[2013/05/08 22:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

========== Files - Modified Within 30 Days ==========

[2013/06/02 22:49:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\OTL.exe

[2013/06/02 22:35:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/02 22:19:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001UA.job

[2013/06/02 22:04:13 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/02 21:43:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/02 21:43:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/02 21:42:11 | 000,791,040 | ---- | M] () -- C:\Users\Erik\Desktop\RogueKillerX64.exe

[2013/06/02 21:41:16 | 000,727,398 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/06/02 21:41:16 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/06/02 21:41:16 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/06/02 21:36:40 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/02 21:36:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/06/02 21:35:56 | 376,848,383 | -HS- | M] () -- C:\hiberfil.sys

[2013/06/02 21:34:30 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Erik\Desktop\tdsskiller.exe

[2013/06/02 00:51:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Erik\Desktop\HijackThis.exe

[2013/06/01 22:40:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/06/01 18:30:22 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Erik\Desktop\JRT.exe

[2013/06/01 18:29:46 | 000,632,031 | ---- | M] () -- C:\Users\Erik\Desktop\AdwCleaner(1).exe

[2013/05/31 22:50:21 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Erik\Desktop\esetsmartinstaller_enu.exe

[2013/05/31 22:21:09 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\TFC.exe

[2013/05/31 19:07:44 | 000,165,376 | ---- | M] () -- C:\Users\Erik\Desktop\SystemLook_x64.exe

[2013/05/30 13:00:47 | 000,000,921 | ---- | M] () -- C:\Windows\QSFVExit.bat

[2013/05/29 23:12:52 | 825,304,642 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/05/29 20:49:51 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-95435350-4265177964-2103988519-1001Core.job

[2013/05/26 13:58:35 | 000,445,037 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130529-233050.backup

[2013/05/26 13:58:21 | 000,445,037 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130526-135835.backup

[2013/05/25 17:30:34 | 000,002,046 | ---- | M] () -- C:\Users\Erik\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2013/05/16 14:35:03 | 000,804,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/14 23:35:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/05/14 23:35:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/05/10 13:55:52 | 000,934,409 | ---- | M] () -- C:\Users\Erik\Documents\Slán 2.wma

[2013/05/10 13:54:11 | 000,934,409 | ---- | M] () -- C:\Users\Erik\Documents\Slán.wma

[2013/05/08 23:58:41 | 000,001,439 | ---- | M] () -- C:\Users\Erik\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/06/02 21:42:11 | 000,791,040 | ---- | C] () -- C:\Users\Erik\Desktop\RogueKillerX64.exe

[2013/06/01 18:29:49 | 000,632,031 | ---- | C] () -- C:\Users\Erik\Desktop\AdwCleaner(1).exe

[2013/05/31 19:07:50 | 000,165,376 | ---- | C] () -- C:\Users\Erik\Desktop\SystemLook_x64.exe

[2013/05/30 13:00:47 | 000,000,921 | ---- | C] () -- C:\Windows\QSFVExit.bat

[2013/05/10 13:55:52 | 000,934,409 | ---- | C] () -- C:\Users\Erik\Documents\Slán 2.wma

[2013/05/10 13:54:11 | 000,934,409 | ---- | C] () -- C:\Users\Erik\Documents\Slán.wma

[2013/05/08 23:58:41 | 000,001,411 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk

[2013/05/05 01:43:26 | 000,016,216 | ---- | C] () -- C:\Users\Erik\Celtic.ttf

[2013/05/05 01:43:26 | 000,013,208 | ---- | C] () -- C:\Users\Erik\Celtic.sit

[2013/04/12 12:17:36 | 000,000,106 | ---- | C] () -- C:\Users\Erik\jobq.dat

[2012/11/13 17:54:10 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2012/11/13 17:54:10 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD7840W.DAT

[2012/05/09 20:49:39 | 000,000,218 | ---- | C] () -- C:\Users\Erik\.recently-used.xbel

[2011/11/18 00:52:14 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011/11/18 00:52:14 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2011/06/15 02:59:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat

[2011/01/24 16:12:20 | 000,007,598 | ---- | C] () -- C:\Users\Erik\AppData\Local\Resmon.ResmonCfg

[2011/01/17 15:53:54 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:30FD0CBD

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:C8B8CEBD

< End of report >

Link to post
Share on other sites

  • Staff

Hello EPDGaffney

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTL
    FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2
    FF - prefs.js..extensions.enabledItems: {d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}:4.6.7.9
    [2013/05/22 00:32:53 | 000,000,000 | ---D | M] (Mignet Assistant Service) -- C:\Program Files (x86)\mozilla firefox\extensions\{d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}

    :Files
    ipconfig /flushdns /c
    C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles
    It will be named - mmddyyyy_hhmmss.log
    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites

========== OTL ==========

Prefs.js: searchtoolbar@zugo.com:1.2 removed from extensions.enabledItems

Prefs.js: {d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}:4.6.7.9 removed from extensions.enabledItems

C:\Program Files (x86)\mozilla firefox\extensions\{d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}\components folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6}\chrome folder moved successfully.

C:\Program Files (x86)\mozilla firefox\extensions\{d6dddc1b-b6b8-a402-35b8-3c92acb9f6c6} folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Erik\Desktop\cmd.bat deleted successfully.

C:\Users\Erik\Desktop\cmd.txt deleted successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Sync Data folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.sixflags.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.musicnotes.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#www.hulu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#videos.bodybuilding.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#swf.docstoc.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.sockshare.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.putlocker.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#static.discoverymedia.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#skype.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#shop.accesso.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#pub.widgetbox.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#player.hulu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#pdl.warnerbros.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#p1.soundcloud.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#media.nationalgeographic.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#login.yahoo.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#i0.poll.fm folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#feedjit.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#entitlement.auth.adobe.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#edge.liveleak.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#d1.scribdassets.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#chase.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cfiles.5min.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cdn.widgetserver.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#cdn.sparkchess.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#admin.brightcove.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\##\images-na.ssl-images-amazon.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\## folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.veoh.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.traileraddict.com\player.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.traileraddict.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.sixflags.com\global\assets\swf\sixflags_parklevel.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.sixflags.com\global\assets\swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.sixflags.com\global\assets folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.sixflags.com\global folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.sixflags.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.presstv.ir folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.paypalobjects.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.manta.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.hulu.com\cram.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.hulu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.herdaily.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.collegehumor.com\moogaloop\moogaloop.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.collegehumor.com\moogaloop folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.collegehumor.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.bbc.co.uk\emp folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\www.bbc.co.uk folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\videopremium.tv folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\videopremium.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\video.google.com\googleplayer.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\video.google.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\vidbull.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\va1en.sftcdn.net\shared\flash\rs\storage.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\va1en.sftcdn.net\shared\flash\rs folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\va1en.sftcdn.net\shared\flash folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\va1en.sftcdn.net\shared folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\va1en.sftcdn.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\tag.userreport.com\FlashCookieProxy.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\tag.userreport.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\swf.docstoc.com\swf\FlexViewer.169.www.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\swf.docstoc.com\swf\DSViewer.2.4.53.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\swf.docstoc.com\swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\swf.docstoc.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\statics.sodahead.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static1.dmcdn.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.wix.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.sockshare.com\video_player.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.sockshare.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.putlocker.com\video_player.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.putlocker.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.issuu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\static.discoverymedia.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\spfiles.5min.com\5minSessionTra# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\spfiles.5min.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\sodahead.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\skype.com\#user folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\skype.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\shop.accesso.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\sharesix.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\sharerepo.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secureinclude.ebaystatic.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com\static\js\vendor\flash-cookies\storage.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com\static\js\vendor\flash-cookies folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com\static\js\vendor folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com\static\js folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com\static folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure.onsugar.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure-us.imrworldwide.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\secure-uk.imrworldwide.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\savingsslider-a.akamaihd.net\items\e6a00\storage.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\savingsslider-a.akamaihd.net\items\e6a00 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\savingsslider-a.akamaihd.net\items folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\savingsslider-a.akamaihd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\s.ytimg.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\pub.widgetbox.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\player.ooyala.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\player.hulu.com\##577BB99C8D208489 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\player.hulu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\pdl.warnerbros.com\##952EC0105D897030 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\pdl.warnerbros.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\p1.soundcloud.com\player.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\p1.soundcloud.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\oystatic.ignimgs.com\src\core\swf\IGNPlayer.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\oystatic.ignimgs.com\src\core\swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\oystatic.ignimgs.com\src\core folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\oystatic.ignimgs.com\src folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\oystatic.ignimgs.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components\Video\_Player\swfs\evorm\evorm_20120706.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components\Video\_Player\swfs\evorm folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components\Video\_Player\swfs folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components\Video\_Player folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components\Video folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC\Components folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i\MSNBC folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\i folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com\##DFE1E000AE9107B4 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\msnbcmedia.msn.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\mpsnare.iesnare.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media3.onsugar.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.nationalgeographic.com\##FDCB82C3A8D20D56 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.nationalgeographic.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\player\prime\mediaplayerprime.2.3.6.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\player\prime\mediaplayerprime.1.11.3.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\player\prime folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\player folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\com.m# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\##77B662DA9E2A191F folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com\##68FE42B39BD0E241 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\media.mtvnservices.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\mail.google.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.vidxden.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.veoh.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.traileraddict.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.toadhopnetwork.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.presstv.ir folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.paypalobjects.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.news12.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.merriam-webster.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.manta.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.kickstarter.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.journyman1.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.imdb.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.hulu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.howcast.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.flickr.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.englishteastore.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.elegantascot.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.collegehumor.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.cesc.ie folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.bbc.co.uk folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#www.askmefast.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#videopremium.tv folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#videopremium.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#video.google.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#vidbull.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#va1en.sftcdn.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#tag.userreport.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#swf.docstoc.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#statics.sodahead.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static1.spilcdn.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static1.dmcdn.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static.wix.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static.sockshare.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static.issuu.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#static.gearslutz.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#spfiles.5min.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#sodahead.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#skypeassets.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#skype.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#sharesix.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#sharerepo.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#secureinclude.ebaystatic.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#secure.onsugar.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#secure-uk.imrworldwide.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#savingsslider-a.akamaihd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#player.ooyala.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#p1.soundcloud.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#oystatic.ignimgs.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#opf.ooyala.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#ntdtv.org folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#msnbcmedia.msn.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#media.mtvnservices.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#mail.google.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#knowlera.vo.llnwd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#js.tudouui.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#irs01.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#img.ibtimes.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#ia.media-imdb.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#i0.poll.fm folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#g-ecx.images-amazon.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#flash.quantserve.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#filenuke.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#feedjit.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#extras.ooyala.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#emp.bbci.co.uk folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#elitedaily.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#effectivemeasure.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#d1.scribdassets.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#d.yimg.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#clicktoview.org folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#cfiles.5min.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#cdncache-a.akamaihd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#cdn.zopim.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#cdn.static.viddler.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#bankofamerica.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#assets.newsinc.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#admin.brightcove.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys\#a.vimeocdn.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer\sys folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support\flashplayer folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\support folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\##DBB5F6AF634DC566 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com\##6476CA41EDE40FA2 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\macromedia.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\login.yahoo.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\knowlera.vo.llnwd.net\o18\data\play\KPShare.swf.3.9.2 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\knowlera.vo.llnwd.net\o18\data\play folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\knowlera.vo.llnwd.net\o18\data folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\knowlera.vo.llnwd.net\o18 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\knowlera.vo.llnwd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\js.tudouui.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\irs01.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\images.gorillavid.in folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\images-na.ssl-images-amazon.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\ia.media-imdb.com folder moved successfully.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\##29A3C202B82CEFB5 folder moved successfully.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\flash.quantserve.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\filenuke.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\entitlement.auth.adobe.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\emp.bbci.co.uk\##9286A41B08356F28 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\emp.bbci.co.uk folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\effectivemeasure.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\edge.liveleak.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\d1.scribdassets.com\ScribdViewer.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\d1.scribdassets.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\d.yimg.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\clicktoview.org folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\chase.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cfiles.5min.com\5minSessionTra# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cfiles.5min.com\5minSession# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cfiles.5min.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdncache-a.akamaihd.net\items\e6a00\storage.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdncache-a.akamaihd.net\items\e6a00 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdncache-a.akamaihd.net\items folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdncache-a.akamaihd.net folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com\swf\ZClientController2.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com\swf\ZClientController.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com\swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com\kyfidoqafPLvmf3u# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com\kyfidoqafPLvmf3# folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.zopim.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.widgetserver.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\cdn.sparkchess.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com\pa\global-assets\1.0\swf\caapmfso.swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com\pa\global-assets\1.0\swf folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com\pa\global-assets\1.0 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com\pa\global-assets folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com\pa folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\bankofamerica.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\assets.newsinc.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\admin.brightcove.com\##C06509FF679F0D6A folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\admin.brightcove.com\##4FAE9625ED535D40 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\admin.brightcove.com folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\a.vimeocdn.com folder moved successfully.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\289J3WQT folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\Origins folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\Paths folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\006\t folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\006 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\005\t\Paths folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\005\t folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System\005 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\File System folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extension State folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Extension Rules folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.google.com_0 folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache folder moved successfully.

C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Application Cache folder moved successfully.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default scheduled to be moved on reboot.

========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Erik

->Java cache emptied: 0 bytes

User: Guest

User: Public

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: All Users

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Erik

->Flash cache emptied: 3778 bytes

User: Guest

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06022013_232203

Files\Folders moved on Reboot...

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_#\Localized_Prod._V228929840_.swf scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs\AlbumSampler_# scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music\swfs scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital\music scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01\digital scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G\01 scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images\G scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com\images scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW\g-ecx.images-amazon.com scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\P3NS4NQW scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.

Folder move failed. C:\Users\Erik\AppData\Local\Google\Chrome\User Data\Default scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

The computer is running fine. aaa is there still. No pandadomainadvisor redirects at-all. The internet connection is sometimes much weaker than it is on my Mac, which is right next to it and both use wi-fi to connect to the same source. I'd just call it a minor inconvenience so long as it's not an indication of something worse.

Link to post
Share on other sites

I get a message reads 'unable to completely uninstall application'. It's a big red octagon with a white exclamation mark in it as part of the window with the message. The taskbar shows a java-like symbol corresponding to the message. I am not familiar with such an image style for that sort of message.

Link to post
Share on other sites

I've tried it a few times with Revo, and I'm after doing it again. It always claims aaa is uninstalled but aaa is always there anyway.

My desktop looks different now as well. It's my user folder, recycle bin, and my computer all there, which were assuredly not put there by me. Is that a result of something else we did? The icons are also arranged differently to how I saw them last.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.