login · register	food site

	All Forums		Hot Topics		Gallery

Forums →

Broadband Tech → Security → Security Cleanup > [Malware] Help Please.

uniqs
1180

« Tower infected • How to bring back my old homepage? »

brandieewine join:2013-07-27	brandieewine [Malware] Help Please. Purchased a new computer last week. I already have a computer which I think may be infected. Checked my router firewall and multiple attempts were made to enter after changing my password. Eventually they successfully accessed my router. Installed Malwarebytes and it returned no problems. I installed ZoneAlarm and it reported multiple attempts to send outbound information had been blocked. It was being sent to a blacklisted ISP in California. After running the required programs for assistance Norton gave a virus warning. I will include the log as well. Thanks for any help you can provide. Norton Full Path: c:\oem\preload\autorun\drv\amd chipset generic driver\packages\drivers\sbdrv\hseries\raid\w864a\ahcix64s.sys Threat: Trojan.Gen ____________________________ ____________________________ On computers as of Not Available Last Used 7/27/2013 at 6:48:16 PM Startup Item No Launched No ____________________________ ____________________________ Unknown Number of users in the Norton Community that have used this file: Unknown ____________________________ Unknown This file release is currently not known. ____________________________ High This file risk is high. ____________________________ Threat Details Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium. ____________________________ file origin tree ____________________________ File Actions Avg. Resource Usage: Unknown Avg. CPU Usage: Unknown Avg. Memory Usage: Unknown ____________________________ File Thumbprint - SHA: 3bf414bd12c005d2c464297f64cd35bc013998db65a00d39812c288b6ad41e01 ____________________________ File Thumbprint - MD5: 075bb9d1b6a3d27602f87bc2f18423ee ________________________ Thread was too big will reply with required programs
	actions · 2013-Jul-27 8:58 pm · (locked)
brandieewine join:2013-07-27	brandieewine Malwarebytes Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2013.07.27.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16384 Proverbs 31 :: BEE [administrator] Protection: Enabled 7/27/2013 6:44:31 PM mbam-log-2013-07-27 (18-44-31).txt Scan type: Full scan (C:\\|F:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 307476 Time elapsed: 46 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
	actions · 2013-Jul-27 9:04 pm · (locked)
brandieewine join:2013-07-27	brandieewine reply to brandieewine # AdwCleaner v2.306 - Logfile created 07/27/2013 at 18:22:13 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Proverbs 31 - BEE # Boot Mode : Normal # Running from : C:\Users\Proverbs 31\Desktop\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * Deleted on reboot : C:\ProgramData\boost_interprocess File Deleted : C:\Users\Public\Desktop\eBay.lnk * [Registry] * Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1 Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B} * [Internet Browsers] * -\\ Internet Explorer v10.0.9200.16384 [OK] Registry is clean. *********************** AdwCleaner[S1].txt - [2444 octets] - [27/07/2013 18:22:13] ########## EOF - C:\AdwCleaner[S1].txt - [2504 octets] ##########
	actions · 2013-Jul-27 9:06 pm · (locked)

brandieewine join:2013-07-27	brandieewine OTL logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe PRC - [2013/06/19 23:13:16 \| 002,445,304 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe PRC - [2013/06/19 22:41:38 \| 000,073,832 \| ---- \| M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe PRC - [2013/06/18 03:34:34 \| 000,054,160 \| ---- \| M] (Check Point Software Technologies, Ltd.) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe PRC - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 \| 000,532,040 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012/07/05 18:50:26 \| 000,553,616 \| ---- \| M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe PRC - [2012/07/04 10:57:44 \| 000,990,320 \| ---- \| M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2012/06/22 11:00:59 \| 000,744,184 \| ---- \| M] (Symantec Corporation) -- C:\Program Files (x86)\SymSilent\SymSilentBootstrap.exe PRC - [2012/06/14 13:46:42 \| 000,143,928 \| R--- \| M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe PRC - [2011/11/25 16:32:36 \| 000,687,400 \| ---- \| M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2009/01/26 15:31:10 \| 001,153,368 \| ---- \| M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012/05/29 23:51:08 \| 000,699,280 \| R--- \| M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\wincfi39.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:64bit: - [2012/08/22 21:02:36 \| 000,658,576 \| ---- \| M] (Acer Incorporated) [On_Demand \| Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc) SRV:64bit: - [2012/07/25 21:46:56 \| 002,366,984 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012/07/25 20:30:05 \| 002,675,200 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012/07/25 20:17:59 \| 000,015,440 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2012/07/25 20:08:04 \| 001,968,128 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2012/07/25 20:07:47 \| 000,065,536 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012/07/25 20:07:42 \| 000,263,680 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012/07/25 20:07:40 \| 000,283,648 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012/07/25 20:07:30 \| 000,169,984 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012/07/25 20:07:27 \| 000,178,176 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012/07/25 20:07:25 \| 000,012,800 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012/07/25 20:06:36 \| 000,463,872 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2012/07/25 20:06:34 \| 000,743,936 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012/07/25 20:06:33 \| 000,161,792 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012/07/25 20:06:33 \| 000,073,728 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012/07/25 20:06:00 \| 000,438,272 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012/07/25 20:05:55 \| 000,059,904 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012/07/25 20:05:38 \| 000,116,736 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012/07/25 20:05:34 \| 000,037,376 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012/07/25 20:05:28 \| 000,207,872 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012/07/25 20:05:24 \| 000,342,016 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012/07/25 20:05:11 \| 000,174,080 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012/07/25 20:05:08 \| 000,169,472 \| ---- \| M] (Microsoft Corporation) [Auto \| Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012/07/25 20:05:08 \| 000,122,368 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012/07/25 17:24:02 \| 000,336,384 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2012/07/19 23:01:32 \| 000,361,984 \| ---- \| M] (Advanced Micro Devices, Inc.) [Auto \| Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/07/19 07:14:42 \| 000,239,616 \| ---- \| M] (AMD) [Auto \| Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013/06/19 23:13:16 \| 002,445,304 \| ---- \| M] (Check Point Software Technologies LTD) [Auto \| Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon) SRV - [2013/06/18 03:34:34 \| 000,054,160 \| ---- \| M] (Check Point Software Technologies, Ltd.) [Auto \| Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe -- (ZAPrivacyService) SRV - [2013/04/04 14:50:32 \| 000,701,512 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 \| 000,418,376 \| ---- \| M] (Malwarebytes Corporation) [Auto \| Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012/08/15 12:44:50 \| 003,943,104 \| ---- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2012/07/25 20:30:05 \| 002,675,200 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012/07/25 20:20:04 \| 000,018,432 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2012/07/13 02:02:16 \| 002,451,456 \| ---- \| M] (Realsil Microelectronics Inc.) [Auto \| Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R) SRV - [2012/06/14 13:46:42 \| 000,143,928 \| R--- \| M] (Symantec Corporation) [Auto \| Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe -- (NIS) SRV - [2011/11/25 16:32:36 \| 000,687,400 \| ---- \| M] (Nero AG) [Auto \| Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010/10/12 10:59:12 \| 000,206,072 \| ---- \| M] (WildTangent, Inc.) [On_Demand \| Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2013/06/13 16:34:16 \| 000,451,096 \| ---- \| M] (Check Point Software Technologies LTD) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2013/04/04 14:50:32 \| 000,025,928 \| ---- \| M] (Malwarebytes Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/08/28 05:08:34 \| 000,177,312 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2012/07/25 22:26:46 \| 000,025,328 \| ---- \| M] (Microsoft Corporation) [Recognizer \| Boot \| Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012/07/25 22:26:45 \| 000,033,792 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012/07/25 22:00:58 \| 000,445,168 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2012/07/25 22:00:58 \| 000,337,136 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012/07/25 22:00:58 \| 000,322,800 \| ---- \| M] (VIA Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012/07/25 22:00:58 \| 000,212,208 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012/07/25 22:00:58 \| 000,106,224 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012/07/25 22:00:58 \| 000,097,008 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012/07/25 22:00:57 \| 000,077,040 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012/07/25 22:00:55 \| 000,283,888 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012/07/25 22:00:55 \| 000,120,048 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012/07/25 22:00:55 \| 000,077,552 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012/07/25 22:00:55 \| 000,064,240 \| ---- \| M] (Marvell Semiconductor, Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012/07/25 22:00:55 \| 000,030,960 \| ---- \| M] (Promise Technology, Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012/07/25 22:00:55 \| 000,028,400 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2012/07/25 22:00:54 \| 000,056,560 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012/07/25 22:00:52 \| 003,295,984 \| ---- \| M] (Broadcom Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012/07/25 22:00:52 \| 000,092,400 \| ---- \| M] (LSI Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012/07/25 22:00:52 \| 000,081,136 \| ---- \| M] (LSI Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012/07/25 22:00:52 \| 000,064,752 \| ---- \| M] (Hewlett-Packard Company) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012/07/25 22:00:51 \| 000,113,904 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012/07/25 22:00:51 \| 000,081,136 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012/07/25 22:00:49 \| 000,539,376 \| ---- \| M] (Broadcom Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012/07/25 22:00:49 \| 000,258,288 \| ---- \| M] (AMD Technologies Inc.) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012/07/25 22:00:49 \| 000,106,736 \| ---- \| M] (LSI) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012/07/25 22:00:49 \| 000,076,016 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012/07/25 22:00:48 \| 000,026,352 \| ---- \| M] (Advanced Micro Devices) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012/07/25 21:59:35 \| 000,193,264 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012/07/25 21:59:35 \| 000,148,720 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012/07/25 21:59:32 \| 000,055,024 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012/07/25 21:58:00 \| 000,068,848 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2012/07/25 21:57:54 \| 000,361,200 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012/07/25 21:54:34 \| 000,096,496 \| ---- \| M] (Microsoft Corporation) [Kernel \| Boot \| Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012/07/25 21:53:16 \| 000,067,824 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012/07/25 21:44:30 \| 000,258,288 \| ---- \| M] (Microsoft Corporation) [File_System \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2012/07/25 21:36:15 \| 000,034,216 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2012/07/25 20:17:38 \| 000,036,592 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012/07/25 20:17:38 \| 000,027,888 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/07/25 19:29:14 \| 000,010,752 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012/07/25 19:29:08 \| 000,048,640 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012/07/25 19:29:03 \| 000,024,576 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012/07/25 19:28:52 \| 000,029,696 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012/07/25 19:28:27 \| 000,031,104 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2012/07/25 19:27:58 \| 000,022,528 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012/07/25 19:27:58 \| 000,012,288 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012/07/25 19:27:41 \| 000,018,432 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012/07/25 19:27:37 \| 000,010,752 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012/07/25 19:27:33 \| 000,023,552 \| ---- \| M] (Microsoft Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012/07/25 19:27:31 \| 000,029,952 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012/07/25 19:27:29 \| 000,019,968 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012/07/25 19:27:16 \| 000,010,240 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012/07/25 19:27:01 \| 000,011,776 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012/07/25 19:26:46 \| 000,062,976 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012/07/25 19:26:43 \| 000,059,392 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012/07/25 19:26:34 \| 000,030,208 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012/07/25 19:26:13 \| 000,051,200 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012/07/25 19:25:57 \| 000,033,280 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012/07/25 19:25:56 \| 000,057,344 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012/07/25 19:25:54 \| 000,038,400 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012/07/25 19:25:13 \| 000,045,056 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012/07/25 19:25:01 \| 000,126,464 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012/07/25 19:23:53 \| 000,068,608 \| ---- \| M] (Microsoft Corporation) [Kernel \| On_Demand \| Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012/07/25 19:23:42 \| 000,097,792 \| ---- \| M] (Microsoft Corporation) [Kernel \| Auto \| Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012/07/19 08:19:02 \| 010,279,424 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/07/19 06:13:32 \| 000,368,640 \| ---- \| M] (Advanced Micro Devices, Inc.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/07/16 17:59:12 \| 000,098,472 \| ---- \| M] (Advanced Micro Devices) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\AtihdW86.sys -- (AtiHDAudioService) DRV:64bit: - [2012/07/04 20:18:06 \| 000,252,048 \| ---- \| M] (Realtek Semiconductor Corp.) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2012/06/20 22:12:20 \| 000,683,664 \| ---- \| M] (Realtek ) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012/06/20 14:27:30 \| 000,023,448 \| R--- \| M] (Symantec Corporation) [Kernel \| Boot \| Stopped] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymELAM.sys -- (SymELAM) DRV:64bit: - [2012/05/25 17:56:14 \| 000,168,608 \| R--- \| M] (Symantec Corporation) [Kernel \| System \| Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA) DRV:64bit: - [2012/05/25 08:56:14 \| 000,168,608 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\ccSetx64.sys -- (ccSet_NIS) DRV:64bit: - [2012/05/24 17:23:10 \| 000,485,024 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymDS64.sys -- (SymDS) DRV:64bit: - [2012/05/24 17:01:16 \| 000,222,368 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\Ironx64.sys -- (SymIRON) DRV:64bit: - [2012/05/24 16:54:58 \| 000,753,312 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtsp64.sys -- (SRTSP) DRV:64bit: - [2012/05/21 10:25:20 \| 001,129,120 \| R--- \| M] (Symantec Corporation) [File_System \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\SymEFA64.sys -- (SymEFA) DRV:64bit: - [2012/05/09 11:04:26 \| 000,431,224 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\symnets.sys -- (SymNetS) DRV:64bit: - [2012/01/11 11:11:54 \| 000,037,496 \| R--- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Windows\SysNative\Drivers\NISx64\1400000.088\srtspx64.sys -- (SRTSPX) DRV - [2013/07/27 08:43:48 \| 002,098,776 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130727.004\ex64.sys -- (NAVEX15) DRV - [2013/07/27 08:43:48 \| 000,484,512 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2013/07/27 08:43:48 \| 000,138,912 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2013/07/27 08:43:48 \| 000,126,040 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20130727.004\eng64.sys -- (NAVENG) DRV - [2013/07/26 15:27:36 \| 000,513,184 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20130726.001\IDSviA64.sys -- (IDSVia64) DRV - [2013/07/15 22:58:54 \| 001,393,240 \| ---- \| M] (Symantec Corporation) [Kernel \| On_Demand \| Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20130715.001\BHDrvx64.sys -- (BHDrvx64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2BDBA4CA-E2FE-4E85-B335-A1C3E5919D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2BDBA4CA-E2FE-4E85-B335-A1C3E5919D8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.zonealarm.com/?src=hp&tbid=goughDev3&Lan=en&gu=3713999a2d6a469192b66eef88516283&tu=10G9y009F2B0CO0&sku=&tstsId=&ver=& IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\..\SearchScopes,DefaultScope = {7DFAD943-8A56-44F2-9C84-C9D8161AB697} IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\..\SearchScopes\{7DFAD943-8A56-44F2-9C84-C9D8161AB697}: "URL" = http://search.zonealarm.com/search?src=sp&tbid=goughDev3&Lan=en&q={searchTerms}&gu=3713999a2d6a469192b66eef88516283&tu=10G9y009F2B0CO0&sku=&tstsId=&ver=&&r=182 IE - HKU\S-1-5-21-249487183-3276952955-2055839612-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\ [2013/07/27 08:22:02 \| 000,000,000 \| ---D \| M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2013/07/27 18:26:05 \| 000,000,000 \| ---D \| M] [2013/07/27 08:33:42 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions O1 HOSTS File: ([2012/07/25 22:26:49 \| 000,000,824 \| ---- \| M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\bh\zonealarm.dll (Check Point Software Technologies LTD) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\IPS\IPSBHO.dll (Symantec Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.21.15\zonealarmTlbr.dll (Check Point Software Technologies LTD) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\CoIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F774F5B7-6F43-4CB5-8B05-D13304E9A2E2}: DhcpNameServer = 75.75.75.75 75.75.76.76 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk ) O35:64bit:* - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe [2013/07/27 18:10:22 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\TFC.exe [2013/07/27 14:48:55 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2013/07/27 14:48:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2013/07/27 14:48:47 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2013/07/27 14:35:59 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Malwarebytes [2013/07/27 14:35:48 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/07/27 14:35:47 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2013/07/27 14:35:45 \| 000,025,928 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/07/27 14:35:45 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/07/27 14:35:33 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Programs [2013/07/27 08:53:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2013/07/27 08:39:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Macromedia [2013/07/27 08:35:32 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point [2013/07/27 08:33:46 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Check Point Software Technologies LTD [2013/07/27 08:33:42 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\Mozilla Firefox [2013/07/27 08:33:36 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\CheckPoint [2013/07/27 08:33:09 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\CheckPoint [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Searches [2013/07/27 08:23:30 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013/07/27 08:23:29 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Contacts [2013/07/27 08:23:29 \| 000,000,000 \| -H-D \| C] -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned [2013/07/27 08:23:26 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Identities [2013/07/27 08:22:17 \| 000,000,000 \| ---D \| C] -- C:\Program Files (x86)\OEM [2013/07/27 08:22:11 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Accessory Store [2013/07/27 08:22:04 \| 000,000,000 \| ---D \| C] -- C:\ProgramData\OEM_E471269A730D [2013/07/27 08:22:00 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Adobe [2013/07/27 08:21:52 \| 000,000,000 \| -H-D \| C] -- C:\Program Files (x86)\Uninstall Information [2013/07/27 08:20:42 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\VirtualStore [2013/07/27 08:20:29 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Packages [2013/07/27 08:20:22 \| 000,000,000 \| --SD \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Videos [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Saved Games [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Pictures [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Music [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Links [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Favorites [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Downloads [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Documents [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\Desktop [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013/07/27 08:20:22 \| 000,000,000 \| R--D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\Temporary Internet Files [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Templates [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Start Menu [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\SendTo [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Recent [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\PrintHood [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\NetHood [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Videos [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Pictures [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Documents\My Music [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\My Documents [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Local Settings [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\History [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Cookies [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\Application Data [2013/07/27 08:20:22 \| 000,000,000 \| -HSD \| C] -- C:\Users\Proverbs 31\AppData\Local\Application Data [2013/07/27 08:20:22 \| 000,000,000 \| -H-D \| C] -- C:\Users\Proverbs 31\AppData [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Temp [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Local\Microsoft [2013/07/27 08:20:22 \| 000,000,000 \| ---D \| C] -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013/07/27 06:08:52 \| 000,000,000 \| -HSD \| C] -- C:\System Volume Information [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/07/27 18:28:11 \| 000,848,230 \| ---- \| M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/27 18:28:11 \| 000,718,176 \| ---- \| M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/27 18:28:11 \| 000,132,542 \| ---- \| M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/27 18:26:19 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\OTL.exe [2013/07/27 18:25:45 \| 000,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2013/07/27 18:23:36 \| 268,435,456 \| -HS- \| M] () -- C:\swapfile.sys [2013/07/27 18:23:34 \| 3187,687,424 \| -HS- \| M] () -- C:\hiberfil.sys [2013/07/27 18:22:41 \| 000,000,101 \| ---- \| M] () -- C:\Windows\DeleteOnReboot.bat [2013/07/27 18:21:04 \| 000,666,633 \| ---- \| M] () -- C:\Users\Proverbs 31\Desktop\adwcleaner.exe [2013/07/27 18:10:22 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Users\Proverbs 31\Desktop\TFC.exe [2013/07/27 14:48:55 \| 000,001,289 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/07/27 14:48:55 \| 000,001,265 \| ---- \| M] () -- C:\Users\Proverbs 31\Desktop\Spybot - Search & Destroy.lnk [2013/07/27 14:35:48 \| 000,001,140 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/07/27 14:35:48 \| 000,001,116 \| ---- \| M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/27 08:38:41 \| 000,417,513 \| ---- \| M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013/07/27 08:35:34 \| 000,000,762 \| ---- \| M] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/07/27 08:26:46 \| 000,001,431 \| ---- \| M] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/07/27 08:22:11 \| 000,001,738 \| ---- \| M] () -- C:\Users\Public\Desktop\Buy Online.lnk [2013/07/27 08:22:05 \| 000,001,967 \| ---- \| M] () -- C:\Users\Public\Desktop\Netflix.lnk [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/07/27 18:22:22 \| 000,000,101 \| ---- \| C] () -- C:\Windows\DeleteOnReboot.bat [2013/07/27 18:21:04 \| 000,666,633 \| ---- \| C] () -- C:\Users\Proverbs 31\Desktop\adwcleaner.exe [2013/07/27 14:48:55 \| 000,001,289 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk [2013/07/27 14:48:55 \| 000,001,265 \| ---- \| C] () -- C:\Users\Proverbs 31\Desktop\Spybot - Search & Destroy.lnk [2013/07/27 14:35:48 \| 000,001,140 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk [2013/07/27 14:35:48 \| 000,001,116 \| ---- \| C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/07/27 08:36:01 \| 000,417,513 \| ---- \| C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2013/07/27 08:35:34 \| 000,000,762 \| ---- \| C] () -- C:\Users\Public\Desktop\ZoneAlarm Security.lnk [2013/07/27 08:26:46 \| 000,001,431 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk [2013/07/27 08:22:21 \| 000,000,000 \| ---- \| C] () -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013/07/27 08:22:11 \| 000,001,738 \| ---- \| C] () -- C:\Users\Public\Desktop\Buy Online.lnk [2013/07/27 08:22:05 \| 000,001,967 \| ---- \| C] () -- C:\Users\Public\Desktop\Netflix.lnk [2013/07/27 08:21:59 \| 000,001,437 \| ---- \| C] () -- C:\Users\Proverbs 31\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013/07/27 08:20:22 \| 000,000,352 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk [2013/07/27 08:20:22 \| 000,000,334 \| ---- \| C] () -- C:\Users\Proverbs 31\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk [2013/07/27 06:08:52 \| 268,435,456 \| -HS- \| C] () -- C:\swapfile.sys [2013/07/27 06:08:51 \| 3187,687,424 \| -HS- \| C] () -- C:\hiberfil.sys [2013/01/30 00:12:24 \| 000,000,000 \| ---- \| C] () -- C:\Windows\ativpsrm.bin [2012/08/28 05:47:39 \| 000,204,952 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/08/28 05:47:39 \| 000,157,144 \| ---- \| C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/08/28 05:47:39 \| 000,003,917 \| ---- \| C] () -- C:\Windows\SysWow64\atipblag.dat [2012/07/26 01:13:10 \| 000,215,943 \| ---- \| C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 \| 000,000,741 \| ---- \| C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 \| 000,067,584 \| --S- \| C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 \| 000,043,520 \| ---- \| C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 17:48:53 \| 000,083,968 \| ---- \| C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/07/25 13:37:29 \| 000,043,131 \| ---- \| C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 \| 000,364,544 \| ---- \| C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 07:31:19 \| 000,673,088 \| ---- \| C] () -- C:\Windows\SysWow64\mlang.dat [2012/05/10 17:35:16 \| 000,029,184 \| ---- \| C] () -- C:\Windows\SysWow64\kdbsdk32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 20:07:16 \| 019,779,584 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 20:19:59 \| 017,559,552 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 \| 001,004,544 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 \| 000,784,896 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 \| 000,455,680 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [color=#E56717]========== Purity Check ==========[/color]
	actions · 2013-Jul-27 9:07 pm · (locked)
brandieewine join:2013-07-27 2 edits	brandieewine reply to brandieewine OTL Extras logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09022E88-9636-4EEC-91F8-570A765B3073}" = dir=out \| name=skitch \| "{0D984F66-A26D-4F0B-A438-9DFDD8CBC4AD}" = dir=out \| name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} \| "{0F0E901F-2723-417E-9DFD-8669CC246CC3}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{141EBFD8-8CB3-4938-A66E-5904719EA875}" = dir=out \| name=amazon for windows \| "{16AA54DA-178E-440A-98AC-9E60FEACDEF6}" = dir=out \| name=ebay \| "{18A66121-343D-41A9-97FF-869072ECBE8A}" = dir=in \| name=skype \| "{1F134917-C17E-49DB-972D-7073D814F88B}" = dir=in \| name=kindle \| "{2DDC7A8C-2357-4484-A0F5-BDA9A5223A9B}" = dir=out \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{2FE322E6-4840-424A-B670-58ACA41339CB}" = dir=in \| name=evernote \| "{32555A4E-733F-4914-AEA3-E19B3B5ED352}" = dir=out \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{362A8DC0-463D-43DA-8D51-68F5DB01252A}" = dir=in \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{3C0B2656-9EC0-4338-81C9-396E238DB8D6}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{40B6DA9D-D212-45DD-A7AF-66CF3A7A602A}" = dir=out \| name=windows_ie_ac_001 \| "{45926539-7B26-471D-801A-15183993A3A1}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{45A71FED-B841-4B99-80A0-9B9DC84FCFF7}" = dir=out \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{470A25EA-6D3C-4C32-AE36-7ED12CEAFF03}" = dir=out \| name=hulu plus \| "{5135B953-216E-471E-8899-35D0075EB3EC}" = dir=out \| name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} \| "{58346FE5-05D1-410B-8862-C8ABF16FFBAE}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe \| "{5C0C8EE2-751E-4BA4-8D5C-E9CC58B593D9}" = dir=in \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{649AF061-0F76-4E14-85B5-1A91F8DB759F}" = dir=out \| name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} \| "{6695A926-0701-48A9-B133-148DBEA74339}" = dir=out \| name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} \| "{752754C8-F71A-45D2-8A78-00229CFD0910}" = dir=out \| name=evernote \| "{75D00DB3-3DEE-4D82-8ECD-636C23BDEEF0}" = dir=out \| name=chacha \| "{76DDF855-2B61-4E80-A0CF-5E1674878CEE}" = dir=out \| name=stumbleupon \| "{775304FA-C250-4D41-8A71-3BFE878E53BF}" = dir=out \| name=gateway explorer \| "{7952A7BC-57CC-474F-A491-D07BFC672B63}" = dir=in \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{7A1C3F7A-5BDC-4A1B-A2C4-576C6C6198AA}" = dir=out \| name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} \| "{7CF2A1B0-5023-432D-8165-3BFF79D0E0AD}" = dir=out \| name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} \| "{7FAD793C-6432-441D-8646-ADC7CE6BE207}" = dir=out \| name=kindle \| "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{818B042C-9FBA-4C04-AABF-EA613D482354}" = dir=out \| name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} \| "{837974C1-11DE-4F50-8867-0A977E5224DD}" = dir=out \| name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} \| "{89442599-1E66-49F7-9477-38B701A6454A}" = dir=out \| name=merriam-webster dictionary \| "{8D92BCA1-41AC-45EF-9B69-8195892B5764}" = dir=out \| name=cut the rope \| "{9C43AD11-2C0F-4B97-9508-A145B0711C1E}" = dir=out \| name=newsxpresso metro \| "{9DB36C08-2DBE-4A45-BD69-0B39B8ACB2C9}" = dir=in \| name=ebay \| "{BA2165EB-8463-42EF-83C5-8060F93B6332}" = dir=out \| name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} \| "{BF314784-A03A-4405-84F8-009ADD66AC56}" = dir=in \| name=amazon for windows \| "{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}" = dir=in \| app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe \| "{C2FF5B03-4021-48AA-B17F-C232CCEA881E}" = dir=out \| name=7digital music store \| "{C4629CD6-BF86-4C78-927F-111C2143A859}" = dir=out \| name=encyclopaedia britannica \| "{C821A7F4-520A-40A8-8F26-41D7147871EC}" = dir=in \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| "{CB62180A-30EC-40B0-A097-5A4639A8ADDB}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{D340FF44-856D-41BE-AED5-8401BD034084}" = dir=out \| name=netflix \| "{D5350C34-15F6-405A-B74D-3D6F15472A5C}" = dir=out \| name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} \| "{D889D786-B504-46DC-995F-5AA4B80F2834}" = dir=out \| name=icookbook se \| "{DEC15BDB-C648-4DB5-A01C-BDA3F77538FA}" = dir=out \| name=tunein radio \| "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{EF067289-9683-4EDE-BE05-6BA30F5D1B9B}" = dir=out \| name=skype \| "{F1E3C19A-A7D6-4CAB-80B2-29A16031299B}" = dir=out \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Gateway Recovery Management "{19CB64EB-ACFE-681D-B571-A8A3398F1943}" = AMD Catalyst Install Manager "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5073FD73-33B5-5056-D2F1-3CECCEE76E37}" = AMD AVIVO64 Codecs "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Gateway Power Management "{DB80E09D-CADA-E15F-F26A-25199559FC28}" = AMD Fuel "{E429154B-6C65-2BE9-AC80-60DF73CB9774}" = AMD Accelerated Video Transcoding "{FC5E805E-3215-51A0-B658-86CDFA440C47}" = ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{099776E0-A602-8FE6-F0A9-2E9F377EF5BD}" = CCC Help Greek "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{17B097DD-CF9B-A21F-53CB-B8B21193D96C}" = CCC Help Dutch "{182728B1-8727-4AB3-A1AE-F1ED2C8B1BAC}" = Catalyst Control Center - Branding "{192971BE-6FCE-6A65-3921-7C21DAEE0B5D}" = CCC Help Czech "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2128FF2D-7134-3E13-4E80-F6D71AF59BA9}" = Catalyst Control Center Localization All "{216308F1-6AC9-5F6F-987D-7B4CE983A392}" = CCC Help Finnish "{21E7D71D-3F2A-3E62-7372-E2215DCBDF35}" = CCC Help Polish "{296CEBB6-C5EF-0706-62F4-AF621E4CFCEA}" = CCC Help English "{2E2598F9-5B42-4199-9DA6-249117FC2414}" = CCC Help Thai "{2F8E3D85-1773-560E-50AB-87DFE61A62A2}" = CCC Help Spanish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{404E5AC6-39FC-0C8B-3E68-87AA7F066982}" = CCC Help Japanese "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{43B3565F-D8A0-2019-EBC4-BF3E2C8FD51B}" = CCC Help Russian "{5B81F6D8-AFA6-BBD4-0B74-342EE195C4FF}" = Catalyst Control Center InstallProxy "{5B97339C-5A3D-3563-CAF9-0F7081F06D94}" = CCC Help Chinese Traditional "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{763163B5-8092-DC95-37AF-8436E7B3D00F}" = CCC Help Chinese Standard "{7EC5403A-3BE9-0504-4F38-F0E36129D984}" = CCC Help French "{7FC9C5DC-7742-F1F1-7D77-EADCEB110AC1}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01 "{9F9D286C-C66A-A6D9-3801-9310718E4072}" = CCC Help Swedish "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide "{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility "{A96AFD67-7556-FD6F-BE81-DB694E78C387}" = CCC Help Italian "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ADB86C61-74E4-8ED8-35DF-2CA7E33226FC}" = CCC Help Turkish "{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}" = Nero BackItUp 12 Essentials OEM.a01 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E8FA87-32E3-4CAB-5C62-1D5E4D400579}" = CCC Help Portuguese "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C5E1DE30-1B3A-9006-87E7-7847C0F4F121}" = CCC Help Hungarian "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{CA34560F-5827-B40F-3EF3-4D2F1D8379E5}" = CCC Help Norwegian "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{E70B2F2C-94D1-4287-B5B0-CBBE618E2652}" = Nero BackItUp "{E860214B-76D7-B131-BB7B-57A7BC130C18}" = AMD VISION Engine Control Center "{EA2FFDFA-0228-9D5D-D451-7E0706184350}" = CCC Help Danish "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A3CD4A-CAF5-A7D0-B870-49D6941D6C1D}" = CCC Help Korean "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "NARA" = Norton Online Backup ARA "NIS" = Norton Internet Security "Spotify" = Spotify "WildTangent wildgames Master Uninstall" = WildTangent Games "WTA-2625c0b6-2237-4309-9a1e-8063cb1658cd" = Peggle Nights "WTA-2ba32642-6c34-4fe5-8ea4-8cb3885594ae" = Aloha TriPeaks "WTA-327e37dc-8a0e-42f8-9087-d89dee3fd7cb" = Polar Golfer "WTA-3a597353-79e9-4ff6-b23f-da2cb41cc45f" = Jewel Match 3 "WTA-5bd7e1c0-1ecf-494d-9b15-beaad339f313" = Tales of Lagoona "WTA-77f013e3-3e11-4d4b-a94a-f563feff1b4b" = Penguins! "WTA-7ade21c0-b25d-4eb8-b01b-3e5cebbb07db" = Plants vs. Zombies - Game of the Year "WTA-7f2bf24b-855f-4dbd-a500-f0bcc1568773" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-9594d1e0-6f3b-4cb0-afd4-60fa99f89ea2" = Delicious: Emily's True Love Premium Edition "WTA-97980c0b-7975-49e5-a8d7-b613f2500e26" = Cradle Of Egypt Collector's Edition "WTA-a4504516-89d3-49ac-847f-22d0db490738" = Zuma's Revenge "WTA-ba009eeb-9c21-4248-8b39-c28dd51d465e" = Polar Bowler "WTA-bf2463ff-1da5-487a-a396-433cf3b661cf" = Bejeweled 3 "WTA-c15245fa-d28c-4be1-a1b1-43eed965a9cf" = Agatha Christie - Death on the Nile "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/27/2013 9:17:50 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0x99c Faulting application start time: 0x01ce8b3045bce78c Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 84636433-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:09 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:17 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xdac Faulting application start time: 0x01ce8b3056f588cc Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 94fa26d7-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:37 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:41 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xc48 Faulting application start time: 0x01ce8b3064ed04f1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: a2f665bf-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:19:01 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. [ System Events ] Error - 7/27/2013 5:25:23 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:27:34 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = The ESET ran for an hour and a half and then once complete would not allow me to obtain a log file. I tried everything. Results of screen317's Security Check version 0.99.71 x64 (UAC is enabled) Internet Explorer 10 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Disabled! Windows Defender Norton Internet Security [size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size] [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Spybot - Search & Destroy Malwarebytes Anti-Malware version 1.75.0.1300 [u]````````Process Check: objlist.exe by Laurent````````[/u] Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe [color=red]Spybot Teatimer.exe is disabled![/color] Malwarebytes' Anti-Malware mbamscheduler.exe Symantec Norton Online Backup NOBuAgent.exe CheckPoint ZoneAlarm vsmon.exe CheckPoint ZoneAlarm ZAPrivacyService.exe CheckPoint ZoneAlarm zatray.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: % [u]````````````````````End of Log``````````````````````[/u]
	actions · 2013-Jul-27 9:09 pm · (locked)
your moderator at work hidden :
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast	lilhurricane Mod Re: [Malware] Help Please. Temp File Cleaner Temp File Cleaner OTL Extras logfile created on: 7/27/2013 6:29:17 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Proverbs 31\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16384) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 3.71 Gb Total Physical Memory \| 2.77 Gb Available Physical Memory \| 74.70% Memory free 7.09 Gb Paging File \| 6.10 Gb Available in Paging File \| 86.14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files (x86) Drive C: \| 441.95 Gb Total Space \| 417.72 Gb Free Space \| 94.52% Space Free \| Partition Type: NTFS Computer Name: BEE \| User Name: Proverbs 31 \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: All users \| Include 64bit Scans Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{09022E88-9636-4EEC-91F8-570A765B3073}" = dir=out \| name=skitch \| "{0D984F66-A26D-4F0B-A438-9DFDD8CBC4AD}" = dir=out \| name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} \| "{0F0E901F-2723-417E-9DFD-8669CC246CC3}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{141EBFD8-8CB3-4938-A66E-5904719EA875}" = dir=out \| name=amazon for windows \| "{16AA54DA-178E-440A-98AC-9E60FEACDEF6}" = dir=out \| name=ebay \| "{18A66121-343D-41A9-97FF-869072ECBE8A}" = dir=in \| name=skype \| "{1F134917-C17E-49DB-972D-7073D814F88B}" = dir=in \| name=kindle \| "{2DDC7A8C-2357-4484-A0F5-BDA9A5223A9B}" = dir=out \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{2FE322E6-4840-424A-B670-58ACA41339CB}" = dir=in \| name=evernote \| "{32555A4E-733F-4914-AEA3-E19B3B5ED352}" = dir=out \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{362A8DC0-463D-43DA-8D51-68F5DB01252A}" = dir=in \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{3C0B2656-9EC0-4338-81C9-396E238DB8D6}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\data\spotifywebhelper.exe \| "{40B6DA9D-D212-45DD-A7AF-66CF3A7A602A}" = dir=out \| name=windows_ie_ac_001 \| "{45926539-7B26-471D-801A-15183993A3A1}" = protocol=6 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{45A71FED-B841-4B99-80A0-9B9DC84FCFF7}" = dir=out \| name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} \| "{470A25EA-6D3C-4C32-AE36-7ED12CEAFF03}" = dir=out \| name=hulu plus \| "{5135B953-216E-471E-8899-35D0075EB3EC}" = dir=out \| name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} \| "{58346FE5-05D1-410B-8862-C8ABF16FFBAE}" = dir=in \| app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe \| "{5C0C8EE2-751E-4BA4-8D5C-E9CC58B593D9}" = dir=in \| name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} \| "{649AF061-0F76-4E14-85B5-1A91F8DB759F}" = dir=out \| name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} \| "{6695A926-0701-48A9-B133-148DBEA74339}" = dir=out \| name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} \| "{752754C8-F71A-45D2-8A78-00229CFD0910}" = dir=out \| name=evernote \| "{75D00DB3-3DEE-4D82-8ECD-636C23BDEEF0}" = dir=out \| name=chacha \| "{76DDF855-2B61-4E80-A0CF-5E1674878CEE}" = dir=out \| name=stumbleupon \| "{775304FA-C250-4D41-8A71-3BFE878E53BF}" = dir=out \| name=gateway explorer \| "{7952A7BC-57CC-474F-A491-D07BFC672B63}" = dir=in \| name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} \| "{7A1C3F7A-5BDC-4A1B-A2C4-576C6C6198AA}" = dir=out \| name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} \| "{7CF2A1B0-5023-432D-8165-3BFF79D0E0AD}" = dir=out \| name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} \| "{7FAD793C-6432-441D-8646-ADC7CE6BE207}" = dir=out \| name=kindle \| "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{818B042C-9FBA-4C04-AABF-EA613D482354}" = dir=out \| name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} \| "{837974C1-11DE-4F50-8867-0A977E5224DD}" = dir=out \| name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} \| "{89442599-1E66-49F7-9477-38B701A6454A}" = dir=out \| name=merriam-webster dictionary \| "{8D92BCA1-41AC-45EF-9B69-8195892B5764}" = dir=out \| name=cut the rope \| "{9C43AD11-2C0F-4B97-9508-A145B0711C1E}" = dir=out \| name=newsxpresso metro \| "{9DB36C08-2DBE-4A45-BD69-0B39B8ACB2C9}" = dir=in \| name=ebay \| "{BA2165EB-8463-42EF-83C5-8060F93B6332}" = dir=out \| name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} \| "{BF314784-A03A-4405-84F8-009ADD66AC56}" = dir=in \| name=amazon for windows \| "{BFE7A909-9F92-4024-BBB1-6E580E58B6F7}" = dir=in \| app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe \| "{C2FF5B03-4021-48AA-B17F-C232CCEA881E}" = dir=out \| name=7digital music store \| "{C4629CD6-BF86-4C78-927F-111C2143A859}" = dir=out \| name=encyclopaedia britannica \| "{C821A7F4-520A-40A8-8F26-41D7147871EC}" = dir=in \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| "{CB62180A-30EC-40B0-A097-5A4639A8ADDB}" = protocol=17 \| dir=in \| app=c:\program files (x86)\spotify\spotify.exe \| "{D340FF44-856D-41BE-AED5-8401BD034084}" = dir=out \| name=netflix \| "{D5350C34-15F6-405A-B74D-3D6F15472A5C}" = dir=out \| name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} \| "{D889D786-B504-46DC-995F-5AA4B80F2834}" = dir=out \| name=icookbook se \| "{DEC15BDB-C648-4DB5-A01C-BDA3F77538FA}" = dir=out \| name=tunein radio \| "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in \| name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} \| "{EF067289-9683-4EDE-BE05-6BA30F5D1B9B}" = dir=out \| name=skype \| "{F1E3C19A-A7D6-4CAB-80B2-29A16031299B}" = dir=out \| name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} \| [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Gateway Recovery Management "{19CB64EB-ACFE-681D-B571-A8A3398F1943}" = AMD Catalyst Install Manager "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{5073FD73-33B5-5056-D2F1-3CECCEE76E37}" = AMD AVIVO64 Codecs "{91F52DE4-B789-42B0-9311-A349F10E5479}" = Gateway Power Management "{DB80E09D-CADA-E15F-F26A-25199559FC28}" = AMD Fuel "{E429154B-6C65-2BE9-AC80-60DF73CB9774}" = AMD Accelerated Video Transcoding "{FC5E805E-3215-51A0-B658-86CDFA440C47}" = ccc-utility64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM) "{099776E0-A602-8FE6-F0A9-2E9F377EF5BD}" = CCC Help Greek "{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM) "{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher "{17B097DD-CF9B-A21F-53CB-B8B21193D96C}" = CCC Help Dutch "{182728B1-8727-4AB3-A1AE-F1ED2C8B1BAC}" = Catalyst Control Center - Branding "{192971BE-6FCE-6A65-3921-7C21DAEE0B5D}" = CCC Help Czech "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2128FF2D-7134-3E13-4E80-F6D71AF59BA9}" = Catalyst Control Center Localization All "{216308F1-6AC9-5F6F-987D-7B4CE983A392}" = CCC Help Finnish "{21E7D71D-3F2A-3E62-7372-E2215DCBDF35}" = CCC Help Polish "{296CEBB6-C5EF-0706-62F4-AF621E4CFCEA}" = CCC Help English "{2E2598F9-5B42-4199-9DA6-249117FC2414}" = CCC Help Thai "{2F8E3D85-1773-560E-50AB-87DFE61A62A2}" = CCC Help Spanish "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer "{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card "{3E3A2325-7712-454A-AC84-7816C3F69C3D}" = ZoneAlarm Firewall "{404E5AC6-39FC-0C8B-3E68-87AA7F066982}" = CCC Help Japanese "{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup "{43B3565F-D8A0-2019-EBC4-BF3E2C8FD51B}" = CCC Help Russian "{5B81F6D8-AFA6-BBD4-0B74-342EE195C4FF}" = Catalyst Control Center InstallProxy "{5B97339C-5A3D-3563-CAF9-0F7081F06D94}" = CCC Help Chinese Traditional "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{763163B5-8092-DC95-37AF-8436E7B3D00F}" = CCC Help Chinese Standard "{7EC5403A-3BE9-0504-4F38-F0E36129D984}" = CCC Help French "{7FC9C5DC-7742-F1F1-7D77-EADCEB110AC1}" = CCC Help German "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01 "{9F9D286C-C66A-A6D9-3801-9310718E4072}" = CCC Help Swedish "{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent "{A694AF57-9891-4D62-824C-7E55A1361A14}" = eBay Worldwide "{A6DC88AD-501A-44BC-884D-57435F972E2C}" = Hotkey Utility "{A96AFD67-7556-FD6F-BE81-DB694E78C387}" = CCC Help Italian "{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter "{ADB86C61-74E4-8ED8-35DF-2CA7E33226FC}" = CCC Help Turkish "{B2B0EC73-AD4A-4716-A3DE-CEA8440B309B}" = Nero BackItUp 12 Essentials OEM.a01 "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B4E8FA87-32E3-4CAB-5C62-1D5E4D400579}" = CCC Help Portuguese "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components "{C5E1DE30-1B3A-9006-87E7-7847C0F4F121}" = CCC Help Hungarian "{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM) "{CA34560F-5827-B40F-3EF3-4D2F1D8379E5}" = CCC Help Norwegian "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "{E63014A6-9E7B-46A5-B9FE-6E4B76072D1F}" = ZoneAlarm Security "{E70B2F2C-94D1-4287-B5B0-CBBE618E2652}" = Nero BackItUp "{E860214B-76D7-B131-BB7B-57A7BC130C18}" = AMD VISION Engine Control Center "{EA2FFDFA-0228-9D5D-D451-7E0706184350}" = CCC Help Danish "{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater "{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM) "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4A3CD4A-CAF5-A7D0-B870-49D6941D6C1D}" = CCC Help Korean "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10 "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300 "NARA" = Norton Online Backup ARA "NIS" = Norton Internet Security "Spotify" = Spotify "WildTangent wildgames Master Uninstall" = WildTangent Games "WTA-2625c0b6-2237-4309-9a1e-8063cb1658cd" = Peggle Nights "WTA-2ba32642-6c34-4fe5-8ea4-8cb3885594ae" = Aloha TriPeaks "WTA-327e37dc-8a0e-42f8-9087-d89dee3fd7cb" = Polar Golfer "WTA-3a597353-79e9-4ff6-b23f-da2cb41cc45f" = Jewel Match 3 "WTA-5bd7e1c0-1ecf-494d-9b15-beaad339f313" = Tales of Lagoona "WTA-77f013e3-3e11-4d4b-a94a-f563feff1b4b" = Penguins! "WTA-7ade21c0-b25d-4eb8-b01b-3e5cebbb07db" = Plants vs. Zombies - Game of the Year "WTA-7f2bf24b-855f-4dbd-a500-f0bcc1568773" = Mystery P.I. - Curious Case of Counterfeit Cove "WTA-9594d1e0-6f3b-4cb0-afd4-60fa99f89ea2" = Delicious: Emily's True Love Premium Edition "WTA-97980c0b-7975-49e5-a8d7-b613f2500e26" = Cradle Of Egypt Collector's Edition "WTA-a4504516-89d3-49ac-847f-22d0db490738" = Zuma's Revenge "WTA-ba009eeb-9c21-4248-8b39-c28dd51d465e" = Polar Bowler "WTA-bf2463ff-1da5-487a-a396-433cf3b661cf" = Bejeweled 3 "WTA-c15245fa-d28c-4be1-a1b1-43eed965a9cf" = Agatha Christie - Death on the Nile "ZoneAlarm Free Firewall" = ZoneAlarm Free Firewall "ZoneAlarm Security Toolbar" = ZoneAlarm Security Toolbar [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 7/27/2013 9:17:50 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0x99c Faulting application start time: 0x01ce8b3045bce78c Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 84636433-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:09 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:17 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xdac Faulting application start time: 0x01ce8b3056f588cc Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: 94fa26d7-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:18:37 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. Error - 7/27/2013 9:18:41 PM \| Computer Name = Bee \| Source = Application Error \| ID = 1000 Description = Faulting application name: iexplore.exe, version: 10.0.9200.16384, time stamp: 0x50107ebe Faulting module name: iertutil.dll, version: 10.0.9200.16390, time stamp: 0x501b55b2 Exception code: 0xc0000005 Fault offset: 0x0000000000172efb Faulting process id: 0xc48 Faulting application start time: 0x01ce8b3064ed04f1 Faulting application path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\system32\iertutil.dll Report Id: a2f665bf-f723-11e2-be6e-7427ea277a48 Faulting package full name: Faulting package-relative application ID: Error - 7/27/2013 9:19:01 PM \| Computer Name = Bee \| Source = Microsoft-Windows-Immersive-Shell \| ID = 2486 Description = App DefaultBrowser_NOPUBLISHERID!Microsoft.InternetExplorer.Default did not launch within its allotted time. [ System Events ] Error - 7/27/2013 5:25:23 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:27:34 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 5:31:57 PM \| Computer Name = Bee \| Source = Schannel \| ID = 36888 Description = A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 51. The Windows SChannel error state is 900. Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = Error - 7/27/2013 9:24:00 PM \| Computer Name = Bee \| Source = DCOM \| ID = 10016 Description = -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	actions · 2013-Jul-27 9:12 pm · (locked)
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast	lilhurricane Mod reply to brandieewine Hi Brandie... Can you run the ESET Online scan as found in our forum FAQ - and post the results as well Please use the "post reply vs "new topic" button to ensure all logs and posts are within the same thread for easier analysis. Thanks. -- ~Safe Hex~ Team Discovery ~ Project Hope ~ Like A Hurricane~
	actions · 2013-Jul-27 9:14 pm · (locked)
your moderator at work hidden :
brandieewine join:2013-07-27	brandieewine reply to lilhurricane Re: [Malware] Help Please. Bit Defender QuickScan 32-bit v0.9.9.118 --------------------------- Scan date: Sat Jul 27 21:13:03 2013 Machine ID: 28D77F24 No infection found. ------------------- Processes --------- (unsigned) MediaEspresso DeviceDetector 1576 C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (verified) Hotkey Utility 3052 C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (verified) Malwarebytes Anti-Malware 2616 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (verified) Malwarebytes Anti-Malware 1736 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (verified) Malwarebytes Anti-Malware 1784 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (verified) NeroUpdate 3916 C:\Program Files (x86)\Nero\Update\NASvc.exe (verified) Spybot - Search & Destroy 2024 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (verified) Symantec Security Technologies 2660 C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe (verified) Symantec Security Technologies 3156 C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\ccSvcHst.exe (verified) Symantec Shared Component 3508 C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\symerr.exe (verified) TrueVector Service 1184 C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (verified) WindowsÂ® Internet Explorer 964 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) WindowsÂ® Internet Explorer 3360 C:\Program Files (x86)\Internet Explorer\iexplore.exe (verified) ZAPrivacyService 1904 C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (verified) ZoneAlarm 960 C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe Network activity ---------------- Process iexplore.exe (964) connected on port 80 (HTTP) --> 173.194.37.45 Process iexplore.exe (964) connected on port 80 (HTTP) --> 66.235.142.2 Process iexplore.exe (964) connected on port 80 (HTTP) --> 66.235.142.2 Process ccSvcHst.exe (3156) listens on ports: 49232 Autoruns and critical files --------------------------- (verified) CatalystÂ® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\system32\userinit.exe (verified) Norton Online Backup C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (verified) Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (verified) ZoneAlarm C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe Browser plugins --------------- (verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\system32\mswsock.dll (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\system32\napinsp.dll (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\system32\NLAapi.dll (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\system32\pnrpnsp.dll (verified) MicrosoftÂ® WindowsÂ® Operating System C:\Windows\System32\winrnr.dll (verified) Norton Confidential c:\program files (x86)\norton internet security\engine\20.0.0.136\coieplg.dll (verified) NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll (verified) SDHelper.dll C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (verified) Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\20.0.0.136\ips\ipsbho.dll (verified) WindowsÂ® Internet Explorer c:\windows\syswow64\ieframe.dll (verified) Zonealarm Toolbar c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\bh\zonealarm.dll (verified) Zonealarm Toolbar c:\program files (x86)\check point software technologies ltd\zonealarm\1.8.21.15\zonealarmtlbr.dll Scan ---- MD5: 7ae4d6c70c2d7912ab2b4651df595575 C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe MD5: 55ee846ed0b8f1fd3b6aa4b24fa0bd56 C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\WPDDM.dll MD5: abefa4bd23329fd9bd47496bf2e58774 C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe MD5: 925dff5207fa63eda39929ff6f157d16 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe MD5: dc0c37c901b154c3e5739da019fd49b0 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\452f06494f05cb9d89325460550d1d62\mscorlib.ni.dll MD5: a5eed7b8cbece422bc7af38a7d996143 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\bf379bd95b8bdfa0460b3a10ec5f7bf1\System.Core.ni.dll MD5: 43a689aacba8671130cbef223fcd469c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a801272bc1990741b7b2f5dde3a57420\System.Xml.ni.dll MD5: b53cd342e2991ca92b9475181c558269 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\6124280f8365d6683e54dd99742100f6\System.ni.dll MD5: 07ea926dc98356ed9434b5853fa9d84a C:\Windows\System32\UIAnimation.dll MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL No file uploaded. Scan finished - communication took 1 sec Total traffic - 0.00 MB sent, 0.04 KB recvd Scanned 683 files and modules - 6 seconds ============================================================================== The ESET ran for almost two hours and then wouldn't allow me to obtain a log file. I tried everything it wouldn't work.
	actions · 2013-Jul-27 9:19 pm · (locked)
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56	lilhurricane Mod reply to brandieewine Ok..I think I have you all in the right order now New user post are sometimes held for approval...so please be patient. We'll get you looked over as soon as possible.
	actions · 2013-Jul-27 9:20 pm · (locked)
brandieewine join:2013-07-27	brandieewine ok. I thought I was doing something wrong lol.
	actions · 2013-Jul-27 9:21 pm · (locked)
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56 Reviews: ·Comcast	lilhurricane Mod said by brandieewine: ok. I thought I was doing something wrong lol. No..you're ok ..(and you did good)
	actions · 2013-Jul-27 9:41 pm · (locked)
LoPhatPhuud Premium,VIP,MVM join:2002-01-06 Albuquerque, NM kudos:26 Reviews: ·Comcast 1 recommendation	LoPhatPhuud VIP,MVM reply to brandieewine First: I suspect that the Norton detect is a false positive. Let's check and be sure... Please go to »www.virustotal.com/ Press the 'Browse' button to the right of the yellow box. Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box. Please go to »www.virustotal.com/ Press the 'Browse' button to the right of the yellow box. Navigate to the file(s) listed below, one at a time (if more than one file). Press the 'Open' button in the file dialog box or double click on the file name. The file name and path should appear in the yellow box. c:\oem\preload\autorun\drv\amd chipset generic driver\packages\drivers\sbdrv\hseries\raid\w864a\ahcix64s.sys Click on the Send File button Note: If you can't find the file, let me know in your next post. Once the Scan is completed, a Web page will open with the scan results. Copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. Note that you can also copy and paste the contents of the webpage if you find that easier. If the file has been previously scanned, the results webpage will show: "File has already been submitted:" Press the "View Last Report" button then copy and paste the address of that webpage from the address bar of your browser into your next post in this thread. If there is more than one file listed for scanning, press the Another File button at the bottom of the page. Repeat this procedure until all files listed have been scanned. Second: Norton Internet Security contains a firewall. Installing Zone Alarm was dangerous, at best, and your lucky you have not suffered any consequences. Never run more than one firewall on yur computer at any one time. Use Program Features (Add/Remove Programs) to uninstall ZoneAlarm. Reboot after removal if ZoneAlarm does not do it. Then download and run the ZoneAlarm Removal Tool: »www.majorgeeks.com/files/details···all.html Reboot after running the Removal Tool. Third: Finally, run OTL again, and post the new log in this thread. Note that there will not be a new Extras log this time. -- When angry count four; when very angry, swear. Microsoft MVP/Consumer Security 2005-2013
	actions · 2013-Jul-28 10:21 am · (locked)
lilhurricane Crunchin' For Cures Premium,Mod join:2003-01-11 Purple Zone kudos:56	lilhurricane Mod reply to brandieewine Brandie...hopefully you're still there. Can you post back w/ what LPP suggested?
	actions · 2013-Jul-30 9:46 am · (locked)
your moderator at work hidden : Other reason

Forums → Broadband Tech → Security → Security Cleanup	« Tower infected • How to bring back my old homepage? »

Broadband Tech → Security → Security Cleanup > [Malware] Help Please.

[Malware] Help Please.

Re: [Malware] Help Please.

Re: [Malware] Help Please.