Search similar:
|
uniqs 2063 |
|
|
|
|
ez2cy
Member
2013-Mar-7 7:33 pm
Slow puter that also freezesPosted in wrong forum, sorry
My bro's computer.
Slow and freezes a lot on him. Did a Spybot S&D, had over 800 problems that we cleaned up. Did all scans. OTL notepad froze up so don't have a txt file to send for it. oops...lied froze but I found a txt, sorry
Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org
Database version: v2013.03.06.02
Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 Wayne :: JED [administrator]
Protection: Enabled
3/5/2013 9:11:25 PM mbam-log-2013-03-05 (21-11-25).txt
Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 244725 Time elapsed: 6 minute(s), 24 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 31 HKCR\MightyMagooText.Linker (PUP.MightyMagoo) -> No action taken. HKCR\MightyMagooText.Linker.1 (PUP.MightyMagoo) -> No action taken. HKCR\APPID\MightyMagooText.DLL (PUP.MightyMagoo) -> No action taken. HKCU\Software\AppDataLow\mmagootl (PUP.MightyMagoo) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. HKCR\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKCR\HBMain.CommBand (Adware.Zango) -> Quarantined and deleted successfully. HKCR\HBMain.CommBand.1 (Adware.Zango) -> Quarantined and deleted successfully. HKCR\hbr.HbMain (Adware.Zango) -> Quarantined and deleted successfully. HKCR\hbr.HbMain.1 (Adware.Zango) -> Quarantined and deleted successfully. HKCR\HostIE.Bho (Adware.Zango) -> Quarantined and deleted successfully. HKCR\HostIE.Bho.1 (Adware.Zango) -> Quarantined and deleted successfully. HKCR\InstIE.HbInstObj (Adware.Zango) -> Quarantined and deleted successfully. HKCR\InstIE.HbInstObj.1 (Adware.Zango) -> Quarantined and deleted successfully. HKCR\ShoppingReport.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCR\ShoppingReport.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKCU\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully. HKLM\SOFTWARE\ShoppingReport (Adware.ShopperReports) -> Quarantined and deleted successfully.
Registry Values Detected: 0 (No malicious items detected)
Registry Data Items Detected: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (»searchab.com/?aff=7&uid=e86a7758···4b03c20e) Good: (»www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 4 C:\Program Files (x86)\Mighty Magoo (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components (PUP.MightyMagoo) -> No action taken.
Files Detected: 8 C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. C:\Program Files (x86)\Mighty Magoo\ars.cfg (PUP.MightyMagoo) -> No action taken. C:\Program Files (x86)\Mighty Magoo\icon.ico (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome.manifest (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\install.rdf (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\chrome\mmtextlinks.jar (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.dll (PUP.MightyMagoo) -> No action taken. C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@mmagoo.com\components\mmagootlf.xpt (PUP.MightyMagoo) -> No action taken.
(end) | actions · 2013-Mar-7 7:33 pm · (locked) | ez2cy |
ez2cy
Member
2013-Mar-7 7:34 pm
OTL logfile created on: 3/7/2013 1:42:12 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wayne\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 56.42% Memory free 8.16 Gb Paging File | 6.24 Gb Available in Paging File | 76.41% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488.28 Gb Total Space | 268.49 Gb Free Space | 54.99% Space Free | Partition Type: NTFS Drive D: | 4.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 443.24 Gb Total Space | 428.12 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
Computer Name: JED | User Name: Wayne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found -- PRC - [2013/03/07 13:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe PRC - [2013/03/05 21:14:35 | 000,107,520 | ---- | M] () -- C:\Users\Wayne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe PRC - [2013/02/27 13:21:40 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe PRC - [2013/02/18 14:27:12 | 000,013,824 | ---- | M] (Smartbar) -- C:\Users\Wayne\AppData\Local\Smartbar\Application\QuickShare.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe PRC - [2008/08/26 12:06:11 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2008/03/18 18:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/10/09 00:00:00 | 000,016,168 | ---- | M] (Sage Software) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/03/05 21:15:49 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll MOD - [2013/03/05 21:15:48 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2013/02/18 14:27:10 | 001,594,880 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll MOD - [2013/02/18 14:27:10 | 000,037,888 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll MOD - [2013/02/18 14:27:10 | 000,023,040 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll MOD - [2013/02/18 14:27:08 | 000,007,680 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll MOD - [2013/02/18 14:27:04 | 000,092,440 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll MOD - [2013/02/18 14:27:02 | 000,135,960 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll MOD - [2013/02/18 14:25:28 | 000,650,752 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll MOD - [2013/02/18 14:25:24 | 000,051,200 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll MOD - [2013/02/18 14:25:24 | 000,044,032 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll MOD - [2013/02/18 14:25:24 | 000,040,960 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\MACTrackBarLib.dll MOD - [2013/02/18 14:25:22 | 000,071,168 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll MOD - [2013/02/18 14:25:22 | 000,006,144 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll MOD - [2013/02/18 14:25:20 | 000,062,976 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll MOD - [2013/02/18 14:25:20 | 000,018,944 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll MOD - [2013/02/18 14:25:20 | 000,013,312 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll MOD - [2013/02/18 14:25:20 | 000,013,312 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll MOD - [2013/02/18 14:25:18 | 000,074,752 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll MOD - [2013/02/18 14:25:18 | 000,012,288 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll MOD - [2013/02/18 14:25:18 | 000,009,728 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll MOD - [2013/02/18 14:25:18 | 000,007,168 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll MOD - [2013/02/18 14:25:18 | 000,007,168 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll MOD - [2013/02/13 03:37:01 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d186bf251ae14af93b3a943d472ee9f5\System.Web.Services.ni.dll MOD - [2013/02/13 03:36:59 | 011,820,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll MOD - [2013/02/13 03:32:37 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll MOD - [2013/01/10 03:42:13 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\be7e9d179601b68d944bca0774562154\CustomMarshalers.ni.dll MOD - [2013/01/10 03:37:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll MOD - [2013/01/10 03:32:42 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll MOD - [2013/01/10 03:32:19 | 001,593,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll MOD - [2013/01/10 03:31:29 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll MOD - [2013/01/10 03:31:23 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll MOD - [2009/11/03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll MOD - [2009/03/29 22:42:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2008/03/18 18:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll MOD - [2008/03/18 18:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll MOD - [2008/01/19 21:51:36 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2008/01/08 16:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2008/01/19 02:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 02:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/08/20 15:10:38 | 000,918,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV:64bit: - [2007/08/20 15:09:58 | 000,168,960 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2013/03/05 21:14:35 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Wayne\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate) SRV - [2013/02/27 13:21:41 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/11 01:42:26 | 000,572,928 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/08/26 12:06:11 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2008/01/19 02:03:51 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/10/09 00:00:00 | 000,016,168 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager) SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006/11/02 05:19:10 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006/10/13 08:37:06 | 000,164,352 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/09/29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010/09/29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2006/07/19 12:32:20 | 000,052,736 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidKE.Sys -- (LHidKe) DRV:64bit: - [2006/07/19 12:32:04 | 000,129,536 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2006/07/19 12:30:36 | 000,086,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidUsbK.Sys -- (LHidUsbK) DRV:64bit: - [2006/07/19 12:30:18 | 000,105,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2006/07/19 12:29:32 | 000,028,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/03/12 07:31:20 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv) DRV - [2006/10/13 08:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\URLSearchHook: {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - C:\Program Files (x86)\FreezbGames\prxtbFree.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E6980D44-388E-4E2B-A9F7-2592E3F5807E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=1&ocid=iehp&tc=12 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 F5 5C 70 D0 07 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found IE - HKCU\..\URLSearchHook: {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - C:\Program Files (x86)\FreezbGames\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{290C3CCB-7F71-47D8-9D50-CB00A18F2394}: "URL" = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e&q={searchTerms} IE - HKCU\..\SearchScopes\{E6980D44-388E-4E2B-A9F7-2592E3F5807E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\..\SearchScopes\{F56B1E14-ACBC-4448-B4B0-21CC4EC2238B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3202918&CUI=UN78750343111916179 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wayne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2011/03/06 13:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - No CLSID value found. O2 - BHO: (FreezbGames Toolbar) - {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - C:\Program Files (x86)\FreezbGames\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Wayne\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKLM\..\Toolbar: (FreezbGames Toolbar) - {55d7c7bc-12a7-4f9b-81c0-600d9a182395} - C:\Program Files (x86)\FreezbGames\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (FreezbGames Toolbar) - {55D7C7BC-12A7-4F9B-81C0-600D9A182395} - C:\Program Files (x86)\FreezbGames\prxtbFree.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\Wayne\AppData\Local\Smartbar\Application\QuickShare.exe (Smartbar) O4 - HKCU..\Run: [Facebook Update] "C:\Users\Wayne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET CLR 3.5.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://www.y8.com/games/Street_Sesh" File not found O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (UnityWebPlayer Control) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6EBFD35-7FFC-4141-9798-7AD27CDFF8B4}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\tbr - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tbr - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/26 13:55:18 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{75ed7c65-c7ce-11dc-bb36-00044b03c20e}\Shell\AutoRun\command - "" = "H:\Install FreeAgent Tools.exe" /run O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision) O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/03/07 13:33:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe [2013/03/06 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Games [2013/03/05 22:00:34 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\TFC.exe [2013/03/05 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\Smartbar [2013/03/05 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab [2013/03/05 21:14:32 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\DefaultTab [2013/03/05 21:14:26 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\SwvUpdater [2013/03/05 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Malwarebytes [2013/03/05 20:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 20:40:55 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 20:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/03/05 20:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/03/05 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Cleanup [2013/02/25 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2013/02/17 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\KRC Race Results [2013/02/13 03:02:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/02/13 03:02:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/02/13 03:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/02/13 03:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/02/13 03:02:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/02/13 03:02:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/02/13 03:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/02/13 03:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/02/13 03:02:07 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/02/13 03:02:07 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/02/13 03:02:07 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/02/13 03:02:06 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/02/13 03:02:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/02/13 03:02:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/02/13 03:02:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/02/12 14:50:02 | 001,570,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll [2013/02/12 14:50:02 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll [2013/02/12 14:50:01 | 004,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/03/07 13:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/07 13:40:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/07 13:40:19 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/07 13:40:19 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/07 13:40:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/07 13:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe [2013/03/07 13:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/07 11:31:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4211204601-234305177-459242933-1000UA.job [2013/03/05 22:00:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\TFC.exe [2013/03/05 21:16:51 | 000,000,110 | ---- | M] () -- C:\prefs.js [2013/03/05 21:14:40 | 000,000,884 | RHS- | M] () -- C:\Users\Wayne\ntuser.pol [2013/03/04 17:31:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4211204601-234305177-459242933-1000Core.job [2013/03/03 11:49:18 | 000,002,609 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Office Excel 2007.lnk [2013/02/27 23:52:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/02/27 13:21:41 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/27 13:21:41 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/25 18:07:35 | 000,000,312 | ---- | M] () -- C:\Users\Wayne\Desktop\Curse Client.appref-ms [2013/02/24 21:49:00 | 005,245,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/24 21:49:00 | 001,723,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/24 21:49:00 | 000,006,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/16 13:31:20 | 000,002,651 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Office Word 2007.lnk [2013/02/13 03:31:19 | 000,385,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/03/05 21:16:51 | 000,000,110 | ---- | C] () -- C:\prefs.js [2013/03/05 21:14:40 | 000,000,884 | RHS- | C] () -- C:\Users\Wayne\ntuser.pol [2012/05/02 22:24:45 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/11/20 16:53:36 | 000,060,304 | ---- | C] () -- C:\Users\Wayne\g2mdlhlpx.exe [2010/12/08 21:34:48 | 000,000,036 | ---- | C] () -- C:\Users\Wayne\AppData\Local\housecall.guid.cache [2010/03/16 08:08:20 | 000,000,680 | ---- | C] () -- C:\Users\Wayne\AppData\Local\d3d9caps.dat [2008/12/28 13:04:36 | 000,000,034 | ---- | C] () -- C:\Users\Wayne\jagex_runescape_preferences.dat [2008/02/19 08:06:00 | 000,006,144 | ---- | C] () -- C:\Users\Wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/20 21:26:41 | 000,000,093 | ---- | C] () -- C:\Users\Wayne\AppData\Local\fusioncache.dat [2008/01/20 20:08:08 | 000,026,311 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\UserTile.png [2008/01/20 17:09:15 | 000,061,480 | ---- | C] () -- C:\Users\Wayne\GoToAssistDownloadHelper.exe [2008/01/19 18:18:48 | 000,001,460 | ---- | C] () -- C:\Users\Wayne\AppData\Local\d3d9caps64.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006/11/02 09:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 02:04:26 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2009/12/23 12:59:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne\AppData\Roaming\.# [2012/02/21 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\..minecraft [2013/02/17 19:08:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\.minecraft [2008/12/19 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BarbieIP [2008/02/01 00:22:42 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Canon [2013/03/05 21:14:32 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\DefaultTab [2012/04/11 10:36:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Delcam [2009/06/29 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\DreamDale [2008/12/27 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Leadertech [2011/06/15 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient [2012/05/24 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient2 [2009/06/29 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\MagicBall4 [2009/07/08 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\My Games [2008/09/04 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\NewSoft [2012/05/14 22:59:07 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Opera [2008/01/20 20:08:08 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PeerNetworking [2012/05/10 10:12:15 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PowerSHAPE [2008/01/26 21:51:32 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\ScanSoft [2008/12/19 17:03:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Shrek [2009/04/18 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Sirius [2013/02/25 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TS3Client [2010/02/07 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Unity [2012/04/07 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\wargaming.net [2011/08/01 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Windows Live Writer
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3 | actions · 2013-Mar-7 7:34 pm · (locked) | ez2cy |
ez2cy
Member
2013-Mar-7 7:43 pm
Results of screen317's Security Check version 0.99.60 Windows Vista Service Pack 2 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.70.0.1100 Java(TM) 6 Update 22 Java(TM) 6 Update 2 Java(TM) 6 Update 5 Java(TM) 6 Update 7 [color=red]Java version out of Date![/color] Adobe Reader 8 [color=red]Adobe Reader out of Date![/color] Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.97 [u]````````Process Check: objlist.exe by Laurent````````[/u] Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 0 % [u]````````````````````End of Log``````````````````````[/u]
the est scan I think I screwed up. Came up with nothing but I clicked the "remove when closed". Went back in and can not find a .txt file.
Should I do the est again? | actions · 2013-Mar-7 7:43 pm · (locked) | |
1 recommendation |
to ez2cy
Please download AdwCleaner by Xplode onto your desktop. » general-changelog-team.f ··· wcleaner- Close all open programs and internet browsers. - Double click on AdwCleaner.exe to run the tool. - Click on Delete. - Follow the prompts to reboot the computer. A text file will open after the restart. - Please post the content of that logfile with your next answer. - You can find the logfile at C:\AdwCleaner[S1].txt as well. | actions · 2013-Mar-9 10:46 am · (locked) | |
ez2cy
Member
2013-Mar-10 2:52 pm
# AdwCleaner v2.114 - Logfile created 03/10/2013 at 12:46:30 # Updated 05/03/2013 by Xplode # Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits) # User : Wayne - JED # Boot Mode : Normal # Running from : C:\Users\Wayne\Desktop\adwcleaner.exe # Option [Delete] | actions · 2013-Mar-10 2:52 pm · (locked) |
1 recommendation |
to ez2cy
Was that the entire adwCleaner log?? Download and run Sophos AntiRootkit. Post the log in this thread, even if nothing is found. You find link(s) and instructions here: » Security Cleanup FAQ » Rootkit Detection Applications | actions · 2013-Mar-11 10:43 am · (locked) | |
ez2cy
Member
2013-Mar-12 12:53 pm
Sorry, screwed up
# AdwCleaner v2.114 - Logfile created 03/10/2013 at 12:46:30 # Updated 05/03/2013 by Xplode # Operating system : Windows (TM) Vista Ultimate Service Pack 2 (64 bits) # User : Wayne - JED # Boot Mode : Normal # Running from : C:\Users\Wayne\Desktop\adwcleaner.exe # Option [Delete]
***** [Services] *****
Stopped & Deleted : DefaultTabSearch Stopped & Deleted : DefaultTabUpdate
***** [Files / Folders] *****
Deleted on reboot : C:\Program Files (x86)\Conduit Deleted on reboot : C:\Program Files (x86)\DefaultTab Deleted on reboot : C:\Program Files (x86)\FreezbGames Deleted on reboot : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crawler Toolbar Deleted on reboot : C:\Users\Wayne\AppData\Local\Conduit Deleted on reboot : C:\Users\Wayne\AppData\Local\Smartbar Deleted on reboot : C:\Users\Wayne\AppData\Local\SwvUpdater Deleted on reboot : C:\Users\Wayne\AppData\Local\Temp\Smartbar Deleted on reboot : C:\Users\Wayne\AppData\LocalLow\Conduit Deleted on reboot : C:\Users\Wayne\AppData\LocalLow\FreezbGames Deleted on reboot : C:\Users\Wayne\AppData\LocalLow\PriceGong Deleted on reboot : C:\Users\Wayne\AppData\LocalLow\ShoppingReport Deleted on reboot : C:\Users\Wayne\AppData\LocalLow\Smartbar Deleted on reboot : C:\Users\Wayne\AppData\Roaming\DefaultTab
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab Key Deleted : HKCU\Software\AppDataLow\Software\FreezbGames Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\CToolbar Key Deleted : HKCU\Software\Default Tab Key Deleted : HKCU\Software\DefaultTab Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Crawler Search Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FreezbGames Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99208DAB-EE64-4DC9-8340-497DA472A062} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\SmartbarBackup Key Deleted : HKCU\Software\SmartbarLog Key Deleted : HKCU\Software\StartSearch Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2 Key Deleted : HKLM\SOFTWARE\Classes\ctbr.R404Pro Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Client Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Script Key Deleted : HKLM\SOFTWARE\Classes\CToolbar.TB4Server Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tbr Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3202918 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{506F578A-91E1-46CE-830F-E2F4268E9966} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E79BB61D-7F1A-41DF-8AD0-402795E3B566} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\CToolbar Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\DefaultTab Key Deleted : HKLM\Software\FreezbGames Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99208DAB-EE64-4DC9-8340-497DA472A062} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\Crawler Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99208DAB-EE64-4DC9-8340-497DA472A062} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45DD-9B68-D6A12C30E5D7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7459F1D0-9FB6-4D71-AA7B-9DECB34EB704} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB3D67AB-D95B-49E4-BC92-334E850B4A7D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48DD-9B6D-7A13A3E42127} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40FD-8DAE-FF14757F60C7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E38E61CA-2CE7-4647-B90B-63E0A83EAEE0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FBF1B8D2-9A06-4174-A8B5-E38606DDB92B} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55D7C7BC-12A7-4F9B-81C0-600D9A182395} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\FreezbGames Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41349826-5C7F-4BF0-8279-5DAF1DE6E9AE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{604EA016-1EDE-41E6-A23E-76CF8F2A4808} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AEBF09E2-0C15-43C8-99BF-928C645D98A0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3BA5582-79A9-464D-A7FA-711C5888C6E9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{55D7C7BC-12A7-4F9B-81C0-600D9A182395}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{55D7C7BC-12A7-4F9B-81C0-600D9A182395}] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Browser Infrastructure Helper] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{55D7C7BC-12A7-4F9B-81C0-600D9A182395}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{55D7C7BC-12A7-4F9B-81C0-600D9A182395}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16464
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80154 --> hxxp://www.google.com Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80154 --> hxxp://www.google.com
-\\ Google Chrome v25.0.1364.152
File : C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [12619 octets] - [10/03/2013 12:46:30]
########## EOF - C:\AdwCleaner[S1].txt - [12680 octets] ##########
Rootkit log, tried getting it at | actions · 2013-Mar-12 12:53 pm · (locked) | ez2cy |
ez2cy
Member
2013-Mar-12 12:58 pm
Bro thought I was done. Closed the txt for the Rootkit sophos?
I went to C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
to retrieve it and it would not load. | actions · 2013-Mar-12 12:58 pm · (locked) |
1 recommendation |
to ez2cy
No problem with the Sophos Log. We won't be needing the program anymore so go ahead and remove it via Add/Remove Programs.
AdwCleaner removed quite a lot of 'garbage'. Before I continue, can you give me a status update on the computer. What problems, if any, are still unresolved? | actions · 2013-Mar-13 10:06 am · (locked) | |
ez2cy
Member
2013-Mar-13 8:51 pm
loads alot faster and seems to run faster, thankyou | actions · 2013-Mar-13 8:51 pm · (locked) | ez2cy |
ez2cy
Member
2013-Mar-13 8:52 pm
all the garbage...any idea where from so I can tell him? | actions · 2013-Mar-13 8:52 pm · (locked) |
1 recommendation |
to ez2cy
There are so many sources of "freeware" garbage it's hard to pinpoint any one.
Many major 'free' programs (Adobe Reader comes to mind) offer additional software with the free product, with the box to install already checked.
Some website also offer toolbars, etc.
Now, back to work...
Please run OTL again, and post the new log in this thread. Note that there will not be a new Extras log.
This is a for a final check to see if there are any stragglers before we start cleanup. | actions · 2013-Mar-14 10:15 am · (locked) | |
ez2cy
Member
2013-Mar-15 3:00 pm
OTL logfile created on: 3/15/2013 12:50:33 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Wayne\Desktop 64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.52% Memory free 8.19 Gb Paging File | 6.29 Gb Available in Paging File | 76.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 488.28 Gb Total Space | 266.62 Gb Free Space | 54.60% Space Free | Partition Type: NTFS Drive D: | 4.96 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Drive E: | 443.24 Gb Total Space | 428.12 Gb Free Space | 96.59% Space Free | Partition Type: NTFS
Computer Name: JED | User Name: Wayne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - File not found -- PRC - [2013/03/07 13:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010/10/05 09:32:58 | 001,811,800 | ---- | M] (Logitech(c)) -- C:\Program Files (x86)\Logitech\G35\G35.exe PRC - [2008/08/26 12:06:11 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2008/03/18 18:31:20 | 004,742,184 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2007/10/09 00:00:00 | 000,016,168 | ---- | M] (Sage Software) -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2009/11/03 15:51:26 | 000,039,712 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll MOD - [2008/03/18 18:21:48 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\jsd.dll MOD - [2008/03/18 18:21:20 | 000,512,000 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\js32.dll MOD - [2008/01/08 16:50:10 | 000,349,147 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Widgets\sqlite3.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2008/01/19 02:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2008/01/19 02:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2007/08/20 15:10:38 | 000,918,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM) SRV:64bit: - [2007/08/20 15:09:58 | 000,168,960 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV - [2013/03/13 14:21:31 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/10/10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012/07/13 14:14:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/07/12 13:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService) SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/08/26 12:06:11 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2008/01/19 02:03:51 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2007/10/09 00:00:00 | 000,016,168 | ---- | M] (Sage Software) [Auto | Running] -- C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe -- (Simply Accounting Database Connection Manager) SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006/11/02 05:19:10 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2006/10/13 08:37:06 | 000,164,352 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2010/09/29 11:34:50 | 000,377,176 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfSBVMamd64.sys -- (LADF_SBVM) DRV:64bit: - [2010/09/29 11:34:48 | 000,062,168 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ladfDHP2amd64.sys -- (LADF_DHP2) DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/09/17 07:05:02 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Sentinel64.sys -- (Sentinel64) DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009/04/10 23:43:06 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2006/07/19 12:32:20 | 000,052,736 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidKE.Sys -- (LHidKe) DRV:64bit: - [2006/07/19 12:32:04 | 000,129,536 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouKE.Sys -- (LMouKE) DRV:64bit: - [2006/07/19 12:30:36 | 000,086,400 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LHidUsbK.Sys -- (LHidUsbK) DRV:64bit: - [2006/07/19 12:30:18 | 000,105,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042mou.Sys -- (L8042mou) DRV:64bit: - [2006/07/19 12:29:32 | 000,028,160 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\L8042Kbd.sys -- (L8042Kbd) DRV - [2009/03/12 07:31:20 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv) DRV - [2006/10/13 08:18:26 | 000,018,216 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {E6980D44-388E-4E2B-A9F7-2592E3F5807E} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{E6980D44-388E-4E2B-A9F7-2592E3F5807E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=1&ocid=iehp&tc=12 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 F5 5C 70 D0 07 CE 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{290C3CCB-7F71-47D8-9D50-CB00A18F2394}: "URL" = http://www.mysearchresults.com/search?c=4004&t=01&q={searchTerms} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e&q={searchTerms} IE - HKCU\..\SearchScopes\{E6980D44-388E-4E2B-A9F7-2592E3F5807E}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_en IE - HKCU\..\SearchScopes\{F56B1E14-ACBC-4448-B4B0-21CC4EC2238B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3202918&CUI=UN78750343111916179 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@unity3d.com/UnityPlayer: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files (x86)\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Wayne\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
[2011/03/06 13:54:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\Mozilla\Extensions
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: http://searchab.com/?aff=7&uid=e86a7758-860b-11e2-8eed-00044b03c20e CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8524_0\ CHR - Extension: No name found = C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [CanonSolutionMenu] "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon File not found O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c)) O4 - HKCU..\Run: [Facebook Update] "C:\Users\Wayne\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\SysWOW64\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; WOW64; Trident/5.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; .NET CLR 3.0.30729; .NET CLR 3.5.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" -"http://www.y8.com/games/Street_Sesh" File not found O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files (x86)\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\nvappfilter64.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\nvappfilter.dll (NVIDIA) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {444785F1-DE89-4295-863A-D46C3A781394} http://webplayer.unity3d.com/download_webplayer-2.x/UnityWebPlayer.cab (UnityWebPlayer Control) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6EBFD35-7FFC-4141-9798-7AD27CDFF8B4}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img31.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img31.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/26 13:55:18 | 000,000,140 | R--- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{75ed7c65-c7ce-11dc-bb36-00044b03c20e}\Shell\AutoRun\command - "" = "H:\Install FreeAgent Tools.exe" /run O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup\rsrc\AUTORUN.EXE -- [2007/08/15 19:55:00 | 000,051,048 | R--- | M] (Activision) O33 - MountPoints2\{de77c1ea-c6fc-11dc-bbbd-806e6f6e6963}\Shell\dinstall\command - "" = D:\DirectX\DXSETUP.exe -- [2008/05/30 16:34:50 | 000,528,392 | R--- | M] (Microsoft Corporation) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/03/13 18:56:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/03/13 18:56:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/03/13 18:56:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/03/13 18:56:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/03/13 18:56:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/03/13 18:56:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/03/13 18:56:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/03/13 18:56:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/03/13 18:56:36 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/03/13 18:56:36 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/03/13 18:56:36 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/03/13 18:56:36 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/03/13 18:56:34 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/03/13 18:56:34 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/03/13 18:56:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/03/12 11:01:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client [2013/03/12 11:01:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/03/11 12:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos [2013/03/11 12:11:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos [2013/03/11 12:11:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos [2013/03/11 12:08:45 | 085,525,104 | ---- | C] (Sophos Limited) -- C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.exe [2013/03/07 14:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2013/03/07 13:33:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe [2013/03/06 18:42:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Games [2013/03/05 22:00:34 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Wayne\Desktop\TFC.exe [2013/03/05 21:14:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab [2013/03/05 20:41:10 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Malwarebytes [2013/03/05 20:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/03/05 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/03/05 20:40:55 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/03/05 20:40:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/03/05 20:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013/03/05 20:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013/03/05 20:34:11 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Cleanup [2013/02/25 18:07:35 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse [2013/02/17 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\KRC Race Results
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/03/15 12:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/03/15 12:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/03/15 12:05:33 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 12:05:33 | 000,004,176 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/03/15 11:31:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4211204601-234305177-459242933-1000UA.job [2013/03/15 10:12:20 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/03/15 10:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/03/13 17:31:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4211204601-234305177-459242933-1000Core.job [2013/03/13 14:21:30 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/03/13 14:21:30 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/03/12 11:01:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif [2013/03/12 10:47:46 | 000,002,673 | ---- | M] () -- C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.lnk [2013/03/11 12:09:45 | 085,525,104 | ---- | M] (Sophos Limited) -- C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.exe [2013/03/10 12:46:52 | 000,000,845 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013/03/10 12:45:07 | 000,597,667 | ---- | M] () -- C:\Users\Wayne\Desktop\adwcleaner.exe [2013/03/07 18:28:53 | 000,881,950 | ---- | M] () -- C:\Users\Wayne\Desktop\SecurityCheck.exe [2013/03/07 13:33:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\OTL.exe [2013/03/05 22:00:35 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Desktop\TFC.exe [2013/03/05 21:16:51 | 000,000,110 | ---- | M] () -- C:\prefs.js [2013/03/05 21:14:40 | 000,000,884 | RHS- | M] () -- C:\Users\Wayne\ntuser.pol [2013/03/03 11:49:18 | 000,002,609 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Office Excel 2007.lnk [2013/02/25 18:07:35 | 000,000,312 | ---- | M] () -- C:\Users\Wayne\Desktop\Curse Client.appref-ms [2013/02/24 21:49:00 | 005,245,564 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/24 21:49:00 | 001,723,602 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/24 21:49:00 | 000,006,114 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/16 13:31:20 | 000,002,651 | ---- | M] () -- C:\Users\Wayne\Desktop\Microsoft Office Word 2007.lnk
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/03/12 11:01:10 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/03/11 12:11:41 | 000,002,673 | ---- | C] () -- C:\Users\Wayne\Desktop\Sophos Virus Removal Tool.lnk [2013/03/10 12:46:36 | 000,000,845 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013/03/10 12:45:07 | 000,597,667 | ---- | C] () -- C:\Users\Wayne\Desktop\adwcleaner.exe [2013/03/07 18:28:53 | 000,881,950 | ---- | C] () -- C:\Users\Wayne\Desktop\SecurityCheck.exe [2013/03/05 21:16:51 | 000,000,110 | ---- | C] () -- C:\prefs.js [2013/03/05 21:14:40 | 000,000,884 | RHS- | C] () -- C:\Users\Wayne\ntuser.pol [2012/05/02 22:24:45 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2011/11/20 16:53:36 | 000,060,304 | ---- | C] () -- C:\Users\Wayne\g2mdlhlpx.exe [2010/12/08 21:34:48 | 000,000,036 | ---- | C] () -- C:\Users\Wayne\AppData\Local\housecall.guid.cache [2010/03/16 08:08:20 | 000,000,680 | ---- | C] () -- C:\Users\Wayne\AppData\Local\d3d9caps.dat [2008/12/28 13:04:36 | 000,000,034 | ---- | C] () -- C:\Users\Wayne\jagex_runescape_preferences.dat [2008/02/19 08:06:00 | 000,006,144 | ---- | C] () -- C:\Users\Wayne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/01/20 21:26:41 | 000,000,093 | ---- | C] () -- C:\Users\Wayne\AppData\Local\fusioncache.dat [2008/01/20 20:08:08 | 000,026,311 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\UserTile.png [2008/01/20 17:09:15 | 000,061,480 | ---- | C] () -- C:\Users\Wayne\GoToAssistDownloadHelper.exe [2008/01/19 18:18:48 | 000,001,460 | ---- | C] () -- C:\Users\Wayne\AppData\Local\d3d9caps64.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2006/11/02 09:29:43 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/19 02:04:26 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2009/12/23 12:59:47 | 000,000,000 | -HSD | M] -- C:\Users\Wayne\AppData\Roaming\.# [2012/02/21 01:27:00 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\..minecraft [2013/02/17 19:08:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\.minecraft [2008/12/19 17:02:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BarbieIP [2008/02/01 00:22:42 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Canon [2012/04/11 10:36:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Delcam [2009/06/29 18:45:01 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\DreamDale [2008/12/27 19:50:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Leadertech [2011/06/15 21:25:44 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient [2012/05/24 17:55:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient2 [2009/06/29 18:26:10 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\MagicBall4 [2009/07/08 17:08:25 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\My Games [2008/09/04 17:58:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\NewSoft [2012/05/14 22:59:07 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Opera [2008/01/20 20:08:08 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PeerNetworking [2012/05/10 10:12:15 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\PowerSHAPE [2008/01/26 21:51:32 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\ScanSoft [2008/12/19 17:03:39 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Shrek [2009/04/18 11:16:02 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Sirius [2013/02/25 18:11:54 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TS3Client [2010/02/07 11:20:02 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Unity [2012/04/07 01:12:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\wargaming.net [2011/08/01 05:15:49 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Windows Live Writer
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:695CE4C3 | actions · 2013-Mar-15 3:00 pm · (locked) |
1 recommendation |
to ez2cy
You're good to go. Time to cleanup and we're finished. Cleaning Up:Delete TFC: - Delete the TFC icon on your Desktop
Delete OTL: - Double click the OTL icon on your Desktop
- Press the 'Cleanup' button
Delete Security Check: - Delete the SecurityCheck icon on your Desktop
Delete Malware Bytes: - We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.
Delete Sophos AntiRootkit- If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.
Other Programs: - If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.
To remove adwCleaner, double click on the adwcleaner.exe file and select 'Uninstall'. | actions · 2013-Mar-15 3:47 pm · (locked) | |
ez2cy
Member
2013-Mar-16 12:15 pm
Ok...thanks so much for your help. He's a happy camper now! | actions · 2013-Mar-16 12:15 pm · (locked) |
|