Larusso Posted June 4, 2013 ID:687182 Share Posted June 4, 2013 but the idea of losing my PC scares meI am able to repair it and it wont be destroyed That worst case, that your OS becomes unbootable.Please move on with MBAR and FSS.exe Link to post Share on other sites More sharing options...
CPup888 Posted June 4, 2013 Author ID:687192 Share Posted June 4, 2013 So you are saying that worse case scenario is that the OS becomes unbootable, but you can repair it if that happens?If so, I'll do the MBAR and FSS.exe when I get home tonight. Link to post Share on other sites More sharing options...
CPup888 Posted June 4, 2013 Author ID:687193 Share Posted June 4, 2013 Before I run MBAR though, what is best way to backup my computer? See my question from a couple posts above. Thanks. Link to post Share on other sites More sharing options...
CPup888 Posted June 5, 2013 Author ID:687533 Share Posted June 5, 2013 I'm sorry for keep pestering you with questions, as I'm sure you are real busy, but I would appreciate you answering two of my questions that are still lingering from above:1) Please confirm - you are saying that worse case scenario after running MBAR is that my OS becomes unbootable, but you can repair it if that happens?2) What is the best way to backup my files? Do I need to backup just my files/docs/photos/vids, etc., or do I backup my OS somehow? I have never backed up and I'm clueless and I REALLY need your advice before I use MBAR.Thanks. Link to post Share on other sites More sharing options...
Larusso Posted June 5, 2013 ID:687575 Share Posted June 5, 2013 If your OS becomes unbootable, we will repair it and if really needed, we can backup your Data. MBAR is stable enough for now. +As longer as you wait to follow my instructions, as more time the malware get to work on your OS and you are not only wasting your time. Link to post Share on other sites More sharing options...
CPup888 Posted June 5, 2013 Author ID:687596 Share Posted June 5, 2013 I'm not trying to delay, but I'm not getting the answers I want before I'm willing to go forward with this. You recommended before that I backup my data before I ran MBAR. Now you say "if really needed, we can backup you Data." Does that mean we can back it up afterwards? That makes no sense to me. I'll gladly run MBAR tonight first thing when I get home and get the ball rolling to put an end to this, but I just want to know how to backup my data first. How do I do this? That is all I need to know and then we will get moving. Thanks. Link to post Share on other sites More sharing options...
CPup888 Posted June 6, 2013 Author ID:687926 Share Posted June 6, 2013 <p>Ok. I figured out how to backup on my own.</p><p> </p><p>I ran MBAR. Here is my first log which found 3-4 infections, including the Trojan Zero Access you mentioned:</p><p> </p><div>Malwarebytes Anti-Rootkit BETA 1.06.0.1003</div><div>www.malwarebytes.org</div><div> </div><div>Database version: v2013.06.06.02</div><div> </div><div>Windows 7 Service Pack 1 x64 NTFS</div><div>Internet Explorer 9.0.8112.16421</div><div>Chris :: LAPTOP [administrator]</div><div> </div><div>6/6/2013 6:58:03 AM</div><div>mbar-log-2013-06-06 (06-58-03).txt</div><div> </div><div>Scan type: Quick scan</div><div>Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P</div><div>Scan options disabled: Deep Anti-Rootkit Scan | PUP</div><div>Objects scanned: 298440</div><div>Time elapsed: 18 minute(s), 54 second(s)</div><div> </div><div>Memory Processes Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Memory Modules Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Keys Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Values Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Registry Data Items Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>Folders Detected: 2</div><div>c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L (Backdoor.0Access) -> Delete on reboot.</div><div>c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U (Backdoor.0Access) -> Delete on reboot.</div><div> </div><div>Files Detected: 2</div><div>c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ (Backdoor.0Access) -> Delete on reboot.</div><div>c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\201d3dde (Backdoor.0Access) -> Delete on reboot.</div><div> </div><div>Physical Sectors Detected: 0</div><div>(No malicious items detected)</div><div> </div><div>(end)</div><div> </div> Link to post Share on other sites More sharing options...
CPup888 Posted June 6, 2013 Author ID:687928 Share Posted June 6, 2013 Here is the log for my 2nd MBAR scan, which came back clean:Malwarebytes Anti-Rootkit BETA 1.06.0.1003www.malwarebytes.orgDatabase version: v2013.06.06.02Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Chris :: LAPTOP [administrator]6/6/2013 7:25:19 AMmbar-log-2013-06-06 (07-25-19).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: Deep Anti-Rootkit Scan | PUPObjects scanned: 298448Time elapsed: 17 minute(s), 6 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
CPup888 Posted June 6, 2013 Author ID:687929 Share Posted June 6, 2013 Here is the system-log.txt:---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.292000 GHzMemory total: 6352453632, free: 4717084672Downloaded database version: v2013.06.06.02Downloaded database version: v2013.05.22.01Initializing...------------ Kernel report ------------ 06/06/2013 06:57:59------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\nusb3xhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\Apfiltr.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\WDKMD.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\nusb3hub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\CtClsFlt.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\drivers\mfeapfk.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imm32.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007e9e060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800633a050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007d05b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800633a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 7F2837EPartition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 208782 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 208896 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30928896 Numsec = 1219332784 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 640135028736 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\00000004.@ --> [backdoor.0Access]Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L --> [backdoor.0Access]Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L\201d3dde --> [backdoor.0Access]Infected: c:\Windows\Installer\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U --> [backdoor.0Access]Scan finishedCreating System Restore point...Cleaning up...Executing an action fixdamage.exe...Success!Queuing an action fixdamage.exeRemoval successful. No system shutdown is required.=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_208896_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.06.0.1003© Malwarebytes Corporation 2011-2012OS version: 6.1.7601 Windows 7 Service Pack 1 x64Account is AdministrativeInternet Explorer version: 9.0.8112.16421Java version: 1.6.0_37File system is: NTFSDisk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXEDCPU speed: 2.292000 GHzMemory total: 6352453632, free: 4507885568Initializing...------------ Kernel report ------------ 06/06/2013 07:25:15------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\system32\drivers\mfehidk.sys\SystemRoot\System32\Drivers\PxHlpa64.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\mfewfpk.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\DRIVERS\disk.sys\SystemRoot\system32\DRIVERS\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\afd.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\drivers\termdd.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\drivers\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\drivers\wmiacpi.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\drivers\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\nusb3xhc.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\drivers\i8042prt.sys\SystemRoot\system32\drivers\kbdclass.sys\SystemRoot\system32\DRIVERS\Apfiltr.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\drivers\CompositeBus.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\drivers\swenum.sys\SystemRoot\system32\drivers\ks.sys\SystemRoot\system32\drivers\umbus.sys\SystemRoot\system32\DRIVERS\WDKMD.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\system32\DRIVERS\nusb3hub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\system32\drivers\mfeavfk.sys\SystemRoot\system32\drivers\mfefirek.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\CtClsFlt.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\DRIVERS\Sftvollh.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\DRIVERS\TurboB.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\system32\DRIVERS\Sftfslh.sys\SystemRoot\system32\DRIVERS\Sftplaylh.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\system32\DRIVERS\Sftredirlh.sys\SystemRoot\system32\drivers\cfwids.sys\SystemRoot\System32\Drivers\fastfat.SYS\??\C:\Windows\system32\drivers\mbamchameleon.sys\SystemRoot\system32\drivers\mfeapfk.sys\??\C:\Windows\system32\drivers\mbamswissarmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imm32.dll\Windows\System32\urlmon.dll\Windows\System32\ole32.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa8007e9e060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800633a050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Device number: 0, partition: 3Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007d05b90, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa8007e9e060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800633a050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\Windows\system32\drivers...<<<2>>>Device number: 0, partition: 3<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 7F2837EPartition information: Partition 0 type is Other (0xde) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 208782 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 208896 Numsec = 30720000 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 30928896 Numsec = 1219332784 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0Disk Size: 640135028736 bytesSector size: 512 bytesScanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...Done!Scan finished=======================================Removal queue found; removal startedRemoving c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_208896_i.mbam...Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...Removal finished Link to post Share on other sites More sharing options...
CPup888 Posted June 6, 2013 Author ID:687933 Share Posted June 6, 2013 FYI. Everything appears to be working fine after running MBAR.Here is the log for my Farbar Service Scanner scan:Farbar Service Scanner Version: 31-05-2013 01Ran by Chris (administrator) on 06-06-2013 at 08:13:08Running from "C:\Users\Chris\Downloads"Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy: ==================System Restore:============System Restore Disabled Policy: ========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy: ============================Windows Defender:==============Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\ipnathlp.dll => MD5 is legitC:\Windows\System32\iphlpsvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites More sharing options...
CPup888 Posted June 6, 2013 Author ID:687934 Share Posted June 6, 2013 Please advise what to do next, if anything. If I appear to be clean, let me know. Thanks. Link to post Share on other sites More sharing options...
Larusso Posted June 6, 2013 ID:688023 Share Posted June 6, 2013 Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as AdministratorNote: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts. Turn off the real time scanner of any existing antivirus program while performing the online scanTick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the activex control to installClick StartMake sure that the option Remove found threats is unticked and the Scan Archives option is ticked.Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.Click ScanWait for the scan to finishWhen the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..." Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.Close the ESET online scan, and let me know how things are now. Link to post Share on other sites More sharing options...
CPup888 Posted June 7, 2013 Author ID:688293 Share Posted June 7, 2013 I followed the above directions by running IE as an admin, turning off my McAfee real time scanner, and then running the online scanner from ESET with all of your specific configurations.However, it has now been running for the past 8.5 hours and is still only 48% complete! So far, it has found 66 total infected files.I have to go to work in about 1 hour and 15 minutes, if you read this before then, please let me know if I should continue with this scan or stop it so I can give you whatever logs it provides before I go to work. If not, I'll have to let it continue to run while I'm at work (instructing my wife not to stop it) and I won't be able to give you a log until tonight (if it is even done by then).Is it normal for it to take this long to scan??? Link to post Share on other sites More sharing options...
Larusso Posted June 7, 2013 ID:688366 Share Posted June 7, 2013 It depends on the size of your Harddrive. It can take a long time but is one of the best scanners we have to look for remaints.Please let it run until it is finish. Sorry, all such things can take time. Link to post Share on other sites More sharing options...
CPup888 Posted June 7, 2013 Author ID:688367 Share Posted June 7, 2013 Thanks. Hopefully its done when I get home. Link to post Share on other sites More sharing options...
CPup888 Posted June 7, 2013 Author ID:688559 Share Posted June 7, 2013 Here are the results of my ESET scan:C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A applicationC:\Program Files (x86)\Laplink\PCmover\ThirdParty\registrybooster.exe a variant of Win32/RegistryBooster applicationC:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A applicationC:\Program Files (x86)\Yontoo\YontooLayers.crx JS/Adware.Yontoo.A applicationC:\ProgramData\Ask\APN-Stub\AD5\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\All Users\Ask\APN-Stub\AD5\APNIC.dll a variant of Win32/Bundled.Toolbar.Ask applicationC:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B applicationC:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A applicationC:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A applicationC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\19ee7440-3579f38d Java/Exploit.CVE-2013-1493.BW trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\4b5453c1-19af002a multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\6f42b481-147de5ec multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\16601d8b-57465f82 a variant of Java/Exploit.Agent.NNO trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4bd38dcc-6af95390 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\663aeecd-2cf538cc multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3b6f9091-1571defc multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\3d09bd11-562831cf multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18\7e620e12-18004505 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\346f9b53-6599841d multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\43a4c753-3050323a multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\f2d8902-3205aefa a variant of Java/Exploit.Agent.NNO trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\47def655-7e7dbb26 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21\4a95bc15-3d18b07e a variant of Java/Exploit.Agent.NNO trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\6039d19c-3a8f89a2 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\19fd8761-4e4255cb multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\20b961e3-6b46e540 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37\4a171de5-28ee3147 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\3ff6c26a-3c8e8ea5 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\5987936d-5ee499fc multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46\5344892e-2dd6d32c multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\6f21772f-3e0ad38a a variant of Java/Exploit.CVE-2012-1723.CF trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\390aee05-333164cc multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\631a8e35-21795eed multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2ac015b6-704cc66a multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\5a8b9fb7-2c8f75bc a variant of Java/Exploit.CVE-2013-1493.CT trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\79444bb8-11945552 a variant of Java/Exploit.Agent.OFX trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\e44007b-4a7d3d9f multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\729ff446-1a59fbdf multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\e805506-18ff628d multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\38e9d3bd-227a68a2 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\5c4fcbfd-2c86f015 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6db31bfd-33a4b99e multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\6eeed6bd-4aaf5904 a variant of Java/Exploit.CVE-2013-0422.CF trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\43cfc33e-7de11d97 a variant of Java/Exploit.Agent.NEA trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\666ba8bf-7b1222e1 Java/Exploit.Agent.NQR trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7d7d71bf-79f22ef3 Java/Exploit.Agent.NUY trojanC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\5abcbf47-2d1015ca multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\7749ab48-270e1c09 multiple threatsC:\Users\Chris\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9\a46d9c9-1c27c119 multiple threatsC:\Users\Chris\AppData\Roaming\Java\Update\Download\Cache\check_update.bat BAT/CoinMiner.AX trojanC:\Users\Chris\AppData\Roaming\Java\Update\Download\Cache\csrss.exe a variant of Win32/BitCoinMiner.N applicationC:\Users\Chris\Downloads\als.zip.exe Win32/InstalleRex.J applicationC:\Users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exe Win32/Adware.1ClickDownload.AJ applicationC:\Users\Chris\Downloads\The_Ocean_-_Pelagial_[instrumental]_2013.zip.exe Win32/InstalleRex.I applicationC:\Users\Erica\AppData\Local\Downloaded Installations\{1975FDD5-4BDD-4257-8D27-D8A4DA128159}\PCmover Professional.msi multiple threatsC:\Users\Erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A applicationC:\Users\Erica\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A applicationC:\Users\Erica\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\16591df8-2cf2d657 multiple threatsC:\Users\Erica\Downloads\Mr_Eaves.exe Win32/Adware.1ClickDownload.G applicationC:\Users\Erica\Downloads\Mr_Eaves.rar Win32/Adware.1ClickDownload.G applicationC:\Users\Erica\Downloads\mr_eaves_font_free_download_downloader_386.exe a variant of Win32/YourFileDownloader applicationC:\Users\Erica\Pictures\Braves V Angels.exe Win32/Toolbar.SearchSuite applicationC:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\background.html JS/Adware.Yontoo.A applicationC:\Users\Matthew\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0\yl.js JS/Adware.Yontoo.A applicationC:\Windows\Installer\47caaa.msi multiple threats Link to post Share on other sites More sharing options...
Larusso Posted June 8, 2013 ID:688732 Share Posted June 8, 2013 A tiny explanation of all junk you are downloading.C:\Users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exeAs soon as a downloaded file has an .exe extension, bare in mind that this is an Executeable file.List of executable extensionsWhat are executable filesNever ever run such files when you are trying to download songs, pictures or compressed files like .zip, .rar, .7z ... or form suspect download resources. Doesn't matter if these are some kind of "1Click Downloaders"You will never know what they really do.C:\Users\Erica\Pictures\Braves V Angels.exe Win32/Toolbar.SearchSuite applicationC:\Users\Chris\Downloads\als.zip.exe Win32/InstalleRex.J applicationIf you dont follow this tiny thing, called brain.exe, we will see us soon again.Open notepad and copy/paste the text in the Code-box below into it:Folder::C:\Program Files (x86)\YontooC:\ProgramData\Tarma InstallerFile::C:\Users\Chris\Downloads\als.zip.exeC:\Users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exeC:\Users\Chris\Downloads\The_Ocean_-_Pelagial_[Instrumental]_2013.zip.exeC:\Users\Erica\Downloads\Mr_Eaves.exeC:\Users\Erica\Pictures\Braves V Angels.exeC:\Windows\Installer\47caaa.msiClearJavaCache:: Save this as CFScript.txt, in the same location as ComboFix.exe. Close any open browsers. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Refering to the picture above, drag CFScript into ComboFix.exeWhen finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.Download the latest version of Java Runtime Environment (JRE) 7 and Save it to your Desktop.Scroll down to where it says Java SE 7u21Click the Download button under JRE to the right.Read the License Agreement then select Accept License AgreementClick on the link to download Windows x86 Offline and save the file to your desktop.Close any programs you may have running - especially your web browser.Go to Start > Control Panel, double-click on Add or Remove Programs and remove all older versions of Java.Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name.Click the Remove or Change/Remove button.Repeat as many times as necessary to remove each Java versions.Reboot your computer once all Java components are removed.Then from your desktop double-click on jre-7u17-windows-i586.exe to install the newest version.After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)On the General tab, under Temporary Internet Files, click the Settings button.Next, click on the Delete Files buttonThere are three options in the window to clear the cache - Leave these two CheckedTrace and Log FilesCached Applications and AppletsClick OK on Delete Temporary Files WindowNote: This deletes ALL the Downloaded Applications and Applets from the CACHE.Click OK to leave the Temporary Files WindowClick OK to leave the Java Control Panel.Please re-run DDS and post the dds.txt and attach.txt Link to post Share on other sites More sharing options...
CPup888 Posted June 8, 2013 Author ID:688883 Share Posted June 8, 2013 ComboFix log: ComboFix 13-06-08.01 - Chris 06/08/2013 12:20:06.2.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4134 [GMT -4:00]Running from: c:\users\Chris\Desktop\ComboFix.exeCommand switches used :: c:\users\Chris\Desktop\CFScript.txtAV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.FILE ::"c:\users\Chris\Downloads\als.zip.exe""c:\users\Chris\Downloads\The_Chipmunks_and_The_Chipettes_-_Alvin_And_The_Chipmunks_Chipwrecked_(Soundtrack)_(2011)_320kbps.exe""c:\users\Chris\Downloads\The_Ocean_-_Pelagial_[instrumental]_2013.zip.exe""c:\users\Erica\Downloads\Mr_Eaves.exe""c:\users\Erica\Pictures\Braves V Angels.exe""c:\windows\Installer\47caaa.msi"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\Yontooc:\program files (x86)\Yontoo\OptChrome.exec:\program files (x86)\Yontoo\YontooIEClient.dllc:\program files (x86)\Yontoo\YontooLayers.crxc:\programdata\PCDr\6261\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dllc:\programdata\PCDr\6261\AddOnDownloaded\1e512ef2-01fb-49fb-b09b-71de0eac4612.dllc:\programdata\PCDr\6261\AddOnDownloaded\1ea63693-456f-437c-857f-522df77e7357.dllc:\programdata\PCDr\6261\AddOnDownloaded\27ada864-54d8-46c9-a6e3-8334fa39b525.dllc:\programdata\PCDr\6261\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dllc:\programdata\PCDr\6261\AddOnDownloaded\3e0b29b2-9809-4050-abfc-ef8aff73ceab.dllc:\programdata\PCDr\6261\AddOnDownloaded\5f2ce3e8-3c56-40bb-86d6-a1a41867000b.dllc:\programdata\PCDr\6261\AddOnDownloaded\7b6e388f-35d0-44f8-aa2c-20538273473f.dllc:\programdata\PCDr\6261\AddOnDownloaded\97cd9b9c-9747-469a-acfa-cfbf8aed528a.dllc:\programdata\PCDr\6261\AddOnDownloaded\b69d9551-76e9-4872-95f8-075916f82d74.dllc:\programdata\PCDr\6261\AddOnDownloaded\bea3f575-677a-4c92-89ca-7be8480c11a9.dllc:\programdata\Tarma Installerc:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dllc:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.datc:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exec:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.icoc:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dllc:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dllc:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.datc:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exec:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico..((((((((((((((((((((((((( Files Created from 2013-05-08 to 2013-06-08 )))))))))))))))))))))))))))))))..2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Matthew\AppData\Local\temp2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Erica\AppData\Local\temp2013-06-08 16:33 . 2013-06-08 16:33 -------- d-----w- c:\users\Default\AppData\Local\temp2013-06-08 16:26 . 2013-06-08 16:26 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF90C02-0041-4015-8B99-4C30805856D0}\offreg.dll2013-06-08 01:51 . 2013-05-14 05:48 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BF90C02-0041-4015-8B99-4C30805856D0}\mpengine.dll2013-06-07 02:09 . 2013-06-07 02:09 -------- d-----w- c:\program files (x86)\ESET2013-06-06 10:57 . 2013-06-06 12:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2013-06-06 00:35 . 2013-06-06 00:35 -------- dc----w- c:\users\Chris\AppData\Local\MigWiz2013-06-03 22:37 . 2013-06-08 12:55 -------- d-----r- c:\users\Erica\Dropbox2013-06-03 22:32 . 2013-06-08 12:55 -------- d-----w- c:\users\Erica\AppData\Roaming\Dropbox2013-06-03 11:49 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui2013-06-03 11:49 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys2013-06-03 11:49 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys2013-06-03 11:49 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll2013-06-03 04:30 . 2013-05-05 21:36 17818624 ----a-w- c:\windows\system32\mshtml.dll2013-06-03 04:30 . 2013-05-05 21:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb2013-06-03 04:30 . 2013-05-05 19:12 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-06-03 04:28 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll2013-06-03 04:28 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll2013-06-03 04:28 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll2013-06-03 04:28 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll2013-06-03 04:27 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys2013-06-03 04:27 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys2013-06-03 04:27 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe2013-06-03 04:27 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll2013-06-03 04:27 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll2013-06-03 04:27 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll2013-06-03 04:27 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll2013-06-03 04:24 . 2013-06-03 04:24 -------- d-----w- c:\program files (x86)\Common Files\Skype2013-06-02 21:56 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys2013-06-02 21:56 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys2013-06-02 21:56 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll2013-06-02 21:56 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll2013-06-02 21:56 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll2013-06-02 21:56 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll2013-06-02 21:56 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll2013-06-02 21:56 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll2013-06-02 21:56 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll2013-06-02 21:54 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll2013-06-02 21:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll2013-06-02 21:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll2013-06-02 21:52 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll2013-06-02 21:52 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll2013-06-02 21:52 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll2013-06-02 21:52 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll2013-06-02 21:52 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll2013-06-02 21:52 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe2013-06-02 21:52 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll2013-06-02 21:52 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll2013-06-02 21:52 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe2013-06-02 21:52 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe2013-06-02 21:49 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll2013-06-02 21:48 . 2012-07-06 20:07 552960 ----a-w- c:\windows\system32\drivers\bthport.sys2013-06-02 21:48 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll2013-06-02 21:48 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll2013-06-02 21:43 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-06-02 21:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll2013-06-02 21:43 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-06-02 21:43 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll2013-06-02 21:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-06-02 21:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-06-02 21:43 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe2013-06-02 13:02 . 2013-06-02 13:02 -------- d-sh--w- C:\$$PendingFiles2013-05-30 20:38 . 2013-05-30 20:38 -------- d-----w- c:\program files\Updater By SweetPacks2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\program files (x86)\SweetIM2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\jmdp2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\ARFC2013-05-30 20:37 . 2013-05-27 08:58 1447728 ----a-w- c:\windows\system32\dmwu.exe2013-05-30 20:37 . 2013-05-27 08:57 33792 ----a-w- c:\windows\system32\ImHttpComm.dll2013-05-30 20:37 . 2013-05-30 20:37 -------- d-----w- c:\windows\SysWow64\WNLT2013-05-30 20:36 . 2013-05-30 20:36 -------- d-----w- c:\program files (x86)\Gophoto.it2013-05-30 20:36 . 2013-05-30 20:36 -------- d-----w- c:\users\Erica\AppData\Local\PutLockerDownloader2013-05-30 20:35 . 2013-05-30 20:36 -------- d-----w- c:\program files (x86)\FTDownloader.com2013-05-29 22:33 . 2013-05-29 22:33 -------- d-----w- c:\users\Matthew\AppData\Roaming\Unity2013-05-29 22:24 . 2013-05-29 22:24 -------- d-----w- c:\users\Matthew\AppData\Local\Google2013-05-24 17:46 . 2013-05-24 17:46 -------- d-----w- c:\programdata\PC-Doctor for Windows2013-05-24 17:45 . 2013-05-24 17:46 -------- d-----w- c:\program files\My Dell2013-05-24 17:02 . 2013-05-24 17:02 -------- d-----w- C:\found.0012013-05-23 11:15 . 2013-05-23 11:15 17613192 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe2013-05-23 03:25 . 2013-05-23 03:25 -------- d-----w- c:\users\Chris\AppData\Local\ElevatedDiagnostics2013-05-23 02:48 . 2013-05-23 05:38 -------- d-----w- c:\users\Chris\AppData\Local\KB06810712013-05-10 07:57 . 2013-05-10 07:57 187456 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-05-23 11:16 . 2012-04-15 22:14 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-05-23 11:16 . 2011-07-10 05:22 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-05-23 11:04 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-05-03 20:15 . 2011-07-02 13:58 75016696 ----a-w- c:\windows\system32\MRT.exe2013-05-02 06:06 . 2012-03-12 13:05 278800 ------w- c:\windows\system32\MpSigStub.exe2013-04-13 05:49 . 2013-06-02 21:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll2013-04-13 05:49 . 2013-06-02 21:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll2013-04-13 05:49 . 2013-06-02 21:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll2013-04-13 05:49 . 2013-06-02 21:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll2013-04-13 04:45 . 2013-06-02 21:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll2013-04-13 04:45 . 2013-06-02 21:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll2013-04-04 18:50 . 2011-07-02 00:32 25928 ----a-w- c:\windows\system32\drivers\mbam.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]2013-05-16 15:11 169304 ----a-w- c:\program files\Updater By SweetPacks\Extension32.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]2010-02-08 21:40 1362320 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]2013-04-03 20:06 1310480 ----a-r- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-08 1362320]"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2013-04-03 1310480].[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1][HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}][HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd].[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1][HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}][HKEY_CLASSES_ROOT\SWEETIE.IEToolbar].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 130736 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]"Spotify Web Helper"="c:\users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-08 1105408].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-03-13 1532992]"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-07-01 560128]"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184].c:\users\Erica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288].c:\users\Matthew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288].c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-5-24 27776968]Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-3 255536].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"aux1"=wdmaud.drv.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]@="".R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [x]R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [x]S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 Updater By SweetPacks;Updater By SweetPacks;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe;c:\program files\Updater By SweetPacks\ExtensionUpdaterService.exe [x]S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]..--- Other Services/Drivers In Memory ---.*Deregistered* - mfeavfk01.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-06-06 19:34 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 11:16].2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:11].2013-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-17 22:11]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}]2013-05-16 15:11 211288 ----a-w- c:\program files\Updater By SweetPacks\Extension64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-05-25 00:36 164016 ----a-w- c:\users\Chris\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="GUI64.EXE -S" [X]"IntelWireless"="TEL WIRELESS TRAY" [X]"IgfxTray"="DOWS\SYSTEM32\IGFXTRAY.EXE" [bU]"HotKeysCmds"="DOWS\SYSTEM32\HKCMD.EXE" [bU]"Persistence"="DOWS\SYSTEM32\IGFXPERS.EXE" [bU]"Apoint"="T.EXE" [bU]"BTMTrayAgent"="TEL\BLUETOOTH\BTMSHELL.DLL" [bU]"IntelTBRunOnce"="CE.VBS" [bU]"AdobeAAMUpdater-1.0"="FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" [bU]"CanonMyPrinter"="TER\BJMYPRT.EXE" [bU]"Zune Launcher"="CHER.EXE" [bU]"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]"NCInstallQueue"="netman.dll" [2009-07-14 360448].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://www.yahoo.com/?ilc=1mStart Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1}mLocal Page = c:\windows\SysWOW64\blank.htmTCP: DhcpNameServer = 192.168.1.254.- - - - ORPHANS REMOVED - - - -.BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dllToolbar-Locked - (no file)Wow6432Node-HKLM-Run-<NO NAME> - (no file)...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2013-06-08 12:36:33ComboFix-quarantined-files.txt 2013-06-08 16:36ComboFix2.txt 2013-06-02 20:27.Pre-Run: 509,353,512,960 bytes freePost-Run: 509,518,036,992 bytes free.- - End Of File - - 95343C47AD2B8766AB9BCE74E65553C5 Link to post Share on other sites More sharing options...
CPup888 Posted June 8, 2013 Author ID:688891 Share Posted June 8, 2013 I did all he requested Java actions, uninstalling old versions, installing new version, and removing all downloaded apps and applets from cache.I have no idea what you mean by DDS though. I looked at all the posts in this topic, and I don't believe you asked me to run this before.Please advise. Thanks.Did you mean this?http://www.bleepingcomputer.com/download/dds/ Link to post Share on other sites More sharing options...
Larusso Posted June 8, 2013 ID:688892 Share Posted June 8, 2013 We never used DDS Double click on the OTL icon to run it. In the Extra Registry group check Use SafeList. Make sure all other windows are closed to let it run uninterrupted. Click on the Run Scan Button. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please post both in your next reply. Link to post Share on other sites More sharing options...
CPup888 Posted June 8, 2013 Author ID:688907 Share Posted June 8, 2013 OTL.txt - OTL logfile created on: 6/8/2013 2:00:36 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.16% Memory free11.83 Gb Paging File | 9.63 Gb Available in Paging File | 81.36% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 581.42 Gb Total Space | 474.15 Gb Free Space | 81.55% Space Free | Partition Type: NTFSComputer Name: LAPTOP | User Name: Chris | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/06/08 13:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exePRC - [2013/06/07 22:30:57 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exePRC - [2013/05/24 20:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exePRC - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exePRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exePRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exePRC - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exePRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exePRC - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exePRC - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exePRC - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exePRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exePRC - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exePRC - [2010/09/03 02:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exePRC - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exePRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXEPRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe========== Modules (No Company Name) ==========MOD - [2013/03/13 16:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\libcef.dllMOD - [2012/11/13 19:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dllMOD - [2012/02/01 11:50:04 | 001,850,224 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exeMOD - [2012/02/01 11:50:02 | 002,195,824 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exeMOD - [2012/02/01 11:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtGui4.dllMOD - [2012/02/01 11:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\QtCore4.dllMOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2011/01/13 14:39:32 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exeMOD - [2011/01/13 14:37:50 | 000,079,168 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dllMOD - [2011/01/13 14:37:26 | 000,075,072 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dllMOD - [2011/01/13 14:37:24 | 000,111,936 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dllMOD - [2011/01/13 14:37:20 | 000,121,152 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dllMOD - [2011/01/13 14:37:18 | 000,128,320 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dllMOD - [2011/01/13 14:37:14 | 000,234,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dllMOD - [2011/01/13 14:36:50 | 001,123,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dllMOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dllMOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exeMOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exeMOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.dll========== Services (SafeList) ==========SRV:64bit: - [2013/05/16 11:11:14 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe -- (Updater By SweetPacks)SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McOobeSv)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)SRV:64bit: - [2012/08/31 14:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)SRV:64bit: - [2011/08/05 13:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)SRV:64bit: - [2011/08/05 13:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)SRV:64bit: - [2011/08/05 13:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)SRV:64bit: - [2010/12/17 15:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/12/17 15:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2010/12/17 15:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/11/29 16:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2010/08/30 14:42:00 | 000,220,528 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\MSC\McAWFwk.exe -- (McAWFwk)SRV:64bit: - [2009/11/17 22:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/05/23 07:16:04 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/12/15 13:31:20 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)SRV - [2010/12/15 13:22:42 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)SRV - [2010/12/14 02:21:34 | 000,974,912 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)SRV - [2010/12/14 02:21:30 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)SRV - [2010/12/14 02:21:18 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)SRV - [2010/09/06 02:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)SRV - [2010/09/03 02:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/08/25 21:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)SRV - [2010/04/05 15:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)DRV:64bit: - [2012/04/20 17:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/03/31 23:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)DRV:64bit: - [2011/03/26 05:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/12/21 21:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/12/14 09:18:50 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)DRV:64bit: - [2010/12/14 09:10:10 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)DRV:64bit: - [2010/12/14 02:21:06 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2010/12/01 12:12:06 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010/12/01 06:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)DRV:64bit: - [2010/11/30 18:02:54 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2010/11/29 16:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/15 12:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/08/12 11:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)DRV:64bit: - [2010/02/27 03:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EBCDE632-E239-47CE-8C19-BF4B7919AA74}IE:64bit: - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1}IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {EBCDE632-E239-47CE-8C19-BF4B7919AA74}IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}IE - HKLM\..\SearchScopes\{4985F660-8367-261F-AD1C-438D68567497}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyB0DzytCzy0BtCyBtCyCzztN0D0Tzu0CtByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=2131868848IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={B71BA356-C968-11E2-8BD2-BC7737D919B1}IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1IE - HKCU\..\SearchScopes,DefaultScope = {4985F660-8367-261F-AD1C-438D68567497}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/05/30 16:38:04 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/05/23 01:40:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/05/23 01:40:35 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/05/30 16:38:04 | 000,000,000 | ---D | M]========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.yahoo.com/?ilc=1CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLLCHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLLCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Java Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Unity Player (Enabled) = C:\Users\Chris\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dllCHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLLCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: FTdownloader V4.0 = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bebnnlollpcjnfpkafhoclljaojgnfok\4.0_0\CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: SiteAdvisor = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\CHR - Extension: SweetPacks Chrome Extension = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.0_0\CHR - Extension: GoPhoto.it = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\CHR - Extension: OneClickDownload = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco\1.3_0\O1 HOSTS File: ([2013/06/08 12:33:59 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120627073731.dll (McAfee, Inc.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not foundO2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627073731.dll (McAfee, Inc.)O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not foundO3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] FILES\ADOBE\OOBE\PDAPP\UWA\UPDATERSTARTUPUTILITY.EXE" File not foundO4:64bit: - HKLM..\Run: [Apoint] T.EXE File not foundO4:64bit: - HKLM..\Run: [bTMTrayAgent] TEL\BLUETOOTH\BTMSHELL.DLL",TRAYAPP File not foundO4:64bit: - HKLM..\Run: [CanonMyPrinter] TER\BJMYPRT.EXE /LOGON File not foundO4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not foundO4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not foundO4:64bit: - HKLM..\Run: [intelTBRunOnce] CE.VBS" File not foundO4:64bit: - HKLM..\Run: [intelWireless] TEL WIRELESS TRAY File not foundO4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not foundO4:64bit: - HKLM..\Run: [RTHDVCPL] GUI64.EXE -S File not foundO4:64bit: - HKLM..\Run: [Zune Launcher] CHER.EXE" File not foundO4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)O4 - HKCU..\Run: [spotify Web Helper] C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Chris\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not foundO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/event/ieatgpc1.cab (GpcContainer Class)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B451D4FF-7E9C-4953-AC3D-0BF55E95B147}: DhcpNameServer = 13.35.0.1 13.35.0.2O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD9A187E-8374-4497-A2B9-E17C235DF403}: DhcpNameServer = 192.168.1.254O18:64bit: - Protocol\Handler\cozi - No CLSID value foundO18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/06/08 13:58:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe[2013/06/08 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee[2013/06/08 13:04:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java[2013/06/08 13:03:36 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/06/08 13:03:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/06/08 13:03:32 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/06/08 13:03:32 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/06/08 13:01:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/06/08 12:44:15 | 031,666,592 | ---- | C] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u21-windows-i586.exe[2013/06/08 12:36:34 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/06/06 22:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET[2013/06/06 06:57:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)[2013/06/06 06:55:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\mbar[2013/06/05 20:35:55 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MigWiz[2013/06/03 07:49:07 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys[2013/06/03 07:49:07 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll[2013/06/03 00:28:40 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll[2013/06/03 00:28:40 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll[2013/06/03 00:28:40 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll[2013/06/03 00:28:40 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll[2013/06/03 00:27:52 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll[2013/06/03 00:27:52 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe[2013/06/03 00:27:52 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll[2013/06/03 00:27:52 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll[2013/06/03 00:26:23 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll[2013/06/03 00:26:23 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll[2013/06/03 00:26:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/06/03 00:26:21 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/06/03 00:26:21 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll[2013/06/03 00:26:21 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll[2013/06/03 00:26:21 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe[2013/06/03 00:26:21 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe[2013/06/03 00:26:20 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/06/03 00:26:20 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl[2013/06/03 00:26:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl[2013/06/03 00:26:20 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/06/03 00:26:19 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/06/03 00:26:19 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/06/03 00:26:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll[2013/06/03 00:24:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype[2013/06/03 00:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype[2013/06/02 17:56:28 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/06/02 17:56:28 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll[2013/06/02 17:56:27 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/06/02 17:56:27 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/06/02 17:56:02 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll[2013/06/02 17:56:02 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll[2013/06/02 17:56:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll[2013/06/02 17:55:54 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/06/02 17:55:54 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/06/02 17:55:53 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/06/02 17:55:52 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/06/02 17:55:52 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/06/02 17:55:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/06/02 17:55:09 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/06/02 17:55:09 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll[2013/06/02 17:55:08 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/06/02 17:55:08 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2013/06/02 17:54:54 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/06/02 17:54:44 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys[2013/06/02 17:54:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys[2013/06/02 17:54:30 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll[2013/06/02 17:54:30 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll[2013/06/02 17:54:30 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll[2013/06/02 17:54:30 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll[2013/06/02 17:54:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll[2013/06/02 17:54:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll[2013/06/02 17:52:44 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll[2013/06/02 17:52:44 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll[2013/06/02 17:52:42 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/06/02 17:52:19 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll[2013/06/02 17:52:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2013/06/02 17:52:08 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/06/02 17:52:08 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/06/02 17:52:07 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/06/02 17:52:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/06/02 17:52:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/06/02 17:51:53 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe[2013/06/02 17:51:47 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll[2013/06/02 17:51:45 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys[2013/06/02 17:51:45 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2013/06/02 17:51:32 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs[2013/06/02 17:51:31 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs[2013/06/02 17:51:31 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs[2013/06/02 17:51:31 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs[2013/06/02 17:51:31 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs[2013/06/02 17:51:31 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs[2013/06/02 17:51:31 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs[2013/06/02 17:51:31 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs[2013/06/02 17:51:31 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs[2013/06/02 17:51:30 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs[2013/06/02 17:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs[2013/06/02 17:51:30 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs[2013/06/02 17:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs[2013/06/02 17:51:30 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs[2013/06/02 17:51:30 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs[2013/06/02 17:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs[2013/06/02 17:51:30 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs[2013/06/02 17:51:29 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll[2013/06/02 17:51:29 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll[2013/06/02 17:51:29 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs[2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs[2013/06/02 17:51:29 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs[2013/06/02 17:51:28 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2013/06/02 17:51:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs[2013/06/02 17:51:25 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs[2013/06/02 17:51:25 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs[2013/06/02 17:51:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs[2013/06/02 17:51:25 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs[2013/06/02 17:51:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs[2013/06/02 17:51:24 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs[2013/06/02 17:51:24 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs[2013/06/02 17:49:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2013/06/02 17:49:28 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2013/06/02 17:49:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2013/06/02 17:49:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2013/06/02 17:49:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2013/06/02 17:49:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2013/06/02 17:49:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2013/06/02 17:49:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2013/06/02 17:49:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2013/06/02 17:49:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/06/02 17:49:23 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2013/06/02 17:49:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2013/06/02 17:49:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2013/06/02 17:49:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2013/06/02 17:49:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2013/06/02 17:49:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2013/06/02 17:49:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/06/02 17:49:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2013/06/02 17:49:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2013/06/02 17:49:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2013/06/02 17:49:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2013/06/02 17:49:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2013/06/02 17:49:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2013/06/02 17:49:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2013/06/02 17:49:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2013/06/02 17:49:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2013/06/02 17:49:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2013/06/02 17:49:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2013/06/02 17:49:18 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2013/06/02 17:49:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2013/06/02 17:49:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2013/06/02 17:49:17 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2013/06/02 17:49:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2013/06/02 17:49:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2013/06/02 17:49:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2013/06/02 17:48:32 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll[2013/06/02 17:48:32 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll[2013/06/02 17:43:29 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/06/02 17:43:28 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll[2013/06/02 17:43:09 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2013/06/02 17:42:52 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll[2013/06/02 17:42:52 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll[2013/06/02 17:42:51 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll[2013/06/02 17:42:47 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll[2013/06/02 17:42:41 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll[2013/06/02 17:42:38 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/06/02 17:42:37 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/06/02 17:42:37 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/06/02 17:42:36 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe[2013/06/02 17:42:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll[2013/06/02 17:42:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll[2013/06/02 17:42:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe[2013/06/02 16:04:49 | 005,078,669 | R--- | C] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe[2013/06/02 16:04:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/06/02 16:04:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/06/02 16:04:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/06/02 16:04:15 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/06/02 16:04:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/06/02 09:02:14 | 000,000,000 | -HSD | C] -- C:\$$PendingFiles[2013/05/30 16:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Updater By SweetPacks[2013/05/30 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM[2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\jmdp[2013/05/30 16:37:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ARFC[2013/05/30 16:37:40 | 000,033,792 | ---- | C] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll[2013/05/30 16:37:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WNLT[2013/05/30 16:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gophoto.it[2013/05/30 16:35:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FTDownloader.com[2013/05/24 13:46:46 | 000,000,000 | ---D | C] -- C:\ProgramData\PC-Doctor for Windows[2013/05/24 13:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell[2013/05/24 13:02:06 | 000,000,000 | ---D | C] -- C:\found.001[2013/05/23 07:15:54 | 017,613,192 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe[2013/05/22 23:25:03 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\ElevatedDiagnostics[2013/05/22 22:48:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\KB0681071[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/06/08 13:58:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe[2013/06/08 13:58:04 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/06/08 13:51:36 | 000,727,224 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/06/08 13:51:36 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/06/08 13:51:36 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/06/08 13:50:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/06/08 13:50:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/06/08 13:09:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/06/08 13:09:46 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/06/08 13:03:27 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/06/08 13:03:25 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll[2013/06/08 13:03:25 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/06/08 13:03:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/06/08 13:03:25 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/06/08 13:00:39 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/06/08 13:00:15 | 469,372,927 | -HS- | M] () -- C:\hiberfil.sys[2013/06/08 12:47:33 | 031,666,592 | ---- | M] (Oracle Corporation) -- C:\Users\Chris\Desktop\jre-7u21-windows-i586.exe[2013/06/08 12:33:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/06/08 12:17:37 | 005,078,669 | R--- | M] (Swearware) -- C:\Users\Chris\Desktop\ComboFix.exe[2013/06/06 15:36:05 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/06/03 08:03:05 | 000,348,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/06/02 01:53:00 | 000,000,004 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\skype.ini[2013/05/30 20:46:37 | 000,001,051 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2013/05/30 20:46:09 | 000,001,019 | ---- | M] () -- C:\Users\Chris\Desktop\Dropbox.lnk[2013/05/27 04:58:02 | 001,447,728 | ---- | M] () -- C:\Windows\SysNative\dmwu.exe[2013/05/27 04:57:04 | 000,033,792 | ---- | M] (IncrediMail, Ltd.) -- C:\Windows\SysNative\ImHttpComm.dll[2013/05/23 07:16:04 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/05/23 07:16:04 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/05/23 07:15:54 | 017,613,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe[2013/05/23 07:14:48 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]========== Files Created - No Company Name ==========[2013/06/03 07:49:10 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf[2013/06/03 00:27:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf[2013/06/02 16:04:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/06/02 16:04:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/06/02 16:04:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/06/02 16:04:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/06/02 16:04:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/06/02 00:15:34 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.ini[2013/05/30 16:37:40 | 001,447,728 | ---- | C] () -- C:\Windows\SysNative\dmwu.exe[2013/03/16 22:24:16 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp[2013/03/16 22:24:01 | 000,302,806 | ---- | C] () -- C:\ProgramData\1.jpg[2013/01/17 18:38:47 | 000,000,036 | -H-- | C] () -- C:\Windows\SysWow64\f9t.dat[2012/08/12 21:04:17 | 000,003,584 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini[2012/05/10 21:58:52 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat[2011/12/24 22:06:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2011/07/01 20:40:00 | 000,744,030 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2011/06/23 23:15:36 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2011/06/23 23:15:34 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/06/23 23:15:32 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin[2011/06/23 21:05:51 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll========== ZeroAccess Check ==========[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Chris\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Erica\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\L[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Erica\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}\U[2013/05/24 13:37:15 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"ThreadingModel" = Both"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
CPup888 Posted June 8, 2013 Author ID:688909 Share Posted June 8, 2013 Extras.Txt -OTL Extras logfile created on: 6/8/2013 2:00:36 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy5.92 Gb Total Physical Memory | 4.51 Gb Available Physical Memory | 76.16% Memory free11.83 Gb Paging File | 9.63 Gb Available in Paging File | 81.36% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 581.42 Gb Total Space | 474.15 Gb Free Space | 81.55% Space Free | Partition Type: NTFSComputer Name: LAPTOP | User Name: Chris | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{01F95499-6304-45C0-9DAA-2DAC32BC23E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system | "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system | "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system | "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system | "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{4AA61A50-2233-4C93-A866-87FB5CCA107B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system | "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system | "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system | "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system | "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system | "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system | "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system | "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{304CFD7D-44F0-40A9-A9E0-D3C6F1F4F990}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{80BAE7DF-AA64-44CD-BE44-C898DDF2B670}" = protocol=17 | dir=in | app=c:\users\erica\appdata\roaming\dropbox\bin\dropbox.exe | "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{91C57526-747D-447B-B22A-0A02EBE278A1}" = protocol=6 | dir=in | app=c:\users\erica\appdata\roaming\dropbox\bin\dropbox.exe | "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system | "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "TCP Query User{F6C8D5A3-E078-4B90-88C6-25C8A6C2D9D7}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | "UDP Query User{BEEE21BE-60DA-41BE-B0EA-96212BE18586}C:\program files (x86)\dell\dell datasafe online\nobuclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dell\dell datasafe online\nobuclient.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series" = Canon MP280 series MP Drivers"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)"{5A80B0BA-79AF-4B11-B851-CCB9F7977AC0}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)"{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}_is1" = Updater By SweetPacks 2.0.0.586"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"PC-Doctor for Windows" = My Dell"ProInst" = Intel PROSet Wireless"Zune" = Zune[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{007F778D-F15C-4EAB-AE92-071D21FAF632}" = Adobe Photoshop Elements 9"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi"{30E411BE-C174-405F-9361-27F4CEDE0C19}" = PCmover Professional"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{420DFB63-8AE7-F7D6-E4B4-AB6D140221F4}" = FlipShare"{433EACD8-4747-4A6A-826A-FFA9F39B0D40}" = Elements 9 Organizer"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online"{7F1B3341-A94E-4F5C-B587-CA0EB964221E}" = Microsoft Money Shared Libraries"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C675C60B-0CB7-4108-B8CA-C3EC0706DEF0}" = Serif PagePlus Starter Edition"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8"{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage"{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}" = Internet Explorer Toolbar 4.8 by SweetPacks"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E2AE009D-37E5-4724-A6B8-0ED6A6BA4F68}" = Elements STI Installer"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger"{EC8282AB-48DD-91D2-7387-01CD6E100A5D}" = Adobe Photoshop.com Inspiration Browser"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F302F4F0-588D-6501-1ACF-BE3FDCC9135D}" = Adobe Community Help"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel® Wireless Display"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"1ClickDownload" = FTDownloader"ActiveTouchMeetingClient" = Cisco WebEx Meetings"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Photoshop Elements 9" = Adobe Photoshop Elements 9"Advanced Audio FX Engine" = Advanced Audio FX Engine"Canon MP280 series User Registration" = Canon MP280 series User Registration"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program"CanonMyPrinter" = Canon My Printer"CanonSolutionMenuEX" = Canon Solution Menu EX"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help"Clue Classic" = Clue Classic (remove only)"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader"Dell Webcam Central" = Dell Webcam Central"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX"Easy-WebPrint EX" = Canon Easy-WebPrint EX"ESET Online Scanner" = ESET Online Scanner v3"Game of LIFE" = Game of LIFE (remove only)"Google Chrome" = Google Chrome"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"McAfee Security Scan" = McAfee Security Scan Plus"Money2008b" = Microsoft Money Plus"Monopoly" = Monopoly (remove only)"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0"MSC" = McAfee AntiVirus Plus"Office14.Click2Run" = Microsoft Office Click-to-Run 2010"Operation Mania" = Operation Mania (remove only)"PhotoshopdotcomInspirationBrowser.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop.com Inspiration Browser"Pictureka! Museum Mayhem" = Pictureka! Museum Mayhem (remove only)"WinLiveSuite" = Windows Live Essentials"WinRAR archiver" = WinRAR 4.01 (32-bit)"WNLT" = SweetPacks Updater Service"Yahtzee" = Yahtzee (remove only)========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Dropbox" = Dropbox"Spotify" = Spotify"UnityWebPlayer" = Unity Web Player========== Last 20 Event Log Errors ==========[ Application Events ]Error - 6/8/2013 12:52:49 PM | Computer Name = Laptop | Source = SideBySide | ID = 16842832Description = Activation context generation failed for "C:\Program Files (x86)\Cozi Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.Error - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1107Error - 6/8/2013 1:12:17 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1107Error - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 2137Error - 6/8/2013 1:12:18 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 2137Error - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 3213Error - 6/8/2013 1:12:19 PM | Computer Name = Laptop | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 3213[ Dell Events ]Error - 1/14/2012 10:27:13 AM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 1/22/2012 9:28:38 AM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 1/22/2012 9:28:38 AM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 2/2/2012 12:34:56 AM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 2/2/2012 12:34:56 AM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 2/3/2012 6:31:44 PM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 2/3/2012 6:31:44 PM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 3/5/2012 1:27:29 PM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 3/5/2012 1:27:29 PM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.Error - 6/5/2013 11:44:26 PM | Computer Name = Laptop | Source = DataSafe | ID = 17Description = The process was interrupted before completion.[ System Events ]Error - 6/7/2013 8:13:13 AM | Computer Name = Laptop | Source = DCOM | ID = 10010Description = Error - 6/7/2013 10:13:04 PM | Computer Name = Laptop | Source = DCOM | ID = 10010Description = Error - 6/7/2013 10:18:02 PM | Computer Name = Laptop | Source = EventLog | ID = 6008Description = The previous system shutdown at 10:17:03 PM on ?6/?7/?2013 was unexpected.Error - 6/8/2013 10:07:52 AM | Computer Name = Laptop | Source = DCOM | ID = 10010Description = Error - 6/8/2013 12:17:57 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7034Description = The Bluetooth OBEX Service service terminated unexpectedly. It has done this 1 time(s).Error - 6/8/2013 12:20:39 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Bluetooth Device Monitor service.Error - 6/8/2013 12:29:38 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.Error - 6/8/2013 12:33:18 PM | Computer Name = Laptop | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 6/8/2013 12:33:18 PM | Computer Name = Laptop | Source = Application Popup | ID = 1060Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.Error - 6/8/2013 12:34:01 PM | Computer Name = Laptop | Source = Service Control Manager | ID = 7030Description = The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.< End of report > Link to post Share on other sites More sharing options...
CPup888 Posted June 8, 2013 Author ID:688912 Share Posted June 8, 2013 So don't download and run DDS? Link to post Share on other sites More sharing options...
Larusso Posted June 8, 2013 ID:688923 Share Posted June 8, 2013 NoDouble click on the OTL icon to run it.Copy/paste the entire contents of the codebox below into the Box::otlIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=2131868848IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {EBCDE632-E239-47CE-8C19-BF4B7919AA74}IE:64bit: - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmood...B&cr=2131868848IE - HKLM\..\SearchScopes\{EBCDE632-E239-47CE-8C19-BF4B7919AA74}: "URL" = http://start.funmood...B&cr=2131868848O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel® Turbo Boost Technology Monitor 2.0.lnk = File not found[2013/06/02 00:15:34 | 000,000,004 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\skype.ini[2011/11/17 02:41:18 | 000,000,000 | -HSD | M] -- C:\Users\Erica\AppData\Local\{792f4199-0b73-e2f4-7b46-706eb422a6b8}:commands[emptytemp] Please close all other programs now. Then click the Run Fix button at the top. OTL may ask to reboot the machine. Please do so if asked. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.I do not need to see this LogfileUnless you have any open issues, you are good to go. Please follow these last few stepsPlease press the + R Key and Copy/Paste the following single-line command into the Run box and click OKcombofix /uninstallThis will uninstall ComboFix and delete ComboFix's quarantine folder. It will also implement some cleanup procedures, remove old System Restore Points which contain previous infections, and create a fresh, clean System Restore Point.Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.Empty your Recycle Bin if it does not do so automatically.Please download delfix to your Desktop.Close all running programms.Doubleclick on the delfix.exe Make sure that all options are checked.Click Start.This tool will delete most of the tools we have used for the cleanup procedure. If something remaints, simply delete it.Now that you appear to be free from malware lets help you stay that way!It is vital that you keep your system up to datePlease enable Automatic Updates to keep your system up to date. Windows UpdatesWin XP: Start --> Control Panel and double- click on Automatic Updates.Vista / 7: Start --> Control Panel --> System and Security --> Windows Updates[*] Software UpdatesYour installed Software also can have vulnerabilities that malware can use to infect your system.To keep your installed Software up to date I recommend File Hippo.Anti Virus Software Make sure to have one Anti Virus programme installed and update it on a regular basis. It is useless with out of date definitions.Additional Protection Malwarebytes Anti MalwareThe freeware Version is an on demand scanner which will check your system for malware. Update it once a week and run a Quick Scan. You can also buy a licence which offers more features. WinPatrolWinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. Safer Browsing Web of Trust ( WOT )This software helps you to stay away from sites that have malicious purposes. SpywareBlasterThis software helps prevent the installation of ActiveX-based spyware.Use an alternate browserOther browsers tend to be more secure than IE as they do not make use of active x objects. Active x objects can be used by spyware as an infection point on your computer. Opera FirefoxNote: If you use Firefox you may want to have a look on this Add Ons. AdblockPlus ( Blocks advertisments ) NoScript ( Blocks Java, Flash and JavaScript )Computer MaintenanceClean out your temp files on a regular basis -I recommend TFC ( Temp File Cleaner ).Thinking while surfingThere is no software which will protect your system from yourself. I have included some security related articles that I advise you read through in your own time. These articles will give you tips and advice on preventing infection, and how to stay safe whilst browsing the internet. Staying Safe on the Internet ( by Glaswegian ) Making Internet Explorer Safer. Think Prevention!If you have any questions kindly ask. Please respond to this thread one more time so we can mark this thread as resolved. Link to post Share on other sites More sharing options...
CPup888 Posted June 9, 2013 Author ID:689160 Share Posted June 9, 2013 How would I know if I had "any open issues" after running OTL (which I just did and it rebooted and gave me a log)???Would you consider Google Chrome a more secure browser than IE? Regardless, would you still recommend Firefox over Chrome? Link to post Share on other sites More sharing options...
Recommended Posts