Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus/Malware?Trojan? [Solved]

Started by darlinbassmaster , Jan 28 2013 05:23 PM

  • This topic is locked This topic is locked

#31
emeraldnzl
Posted 31 January 2013 - 08:24 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I do not see a report it also did not report anything back to me, So I am assuming it is clean.


Yes I would say it is clean. To check click on the green MSE castle icon, open, then click the History tab. If anything was found it will be showing in Quarantined Items.

When I took the iobit out I had to download a tool to remove it because my uninstall programs in my computer did not want to remove it. I am hoping it is all out now. I looked for a tool specially to remove it, but did not find one.


Hmm... ask me if you need help with anything. Sometimes tools you download come with other stuff you don't want.

Here is a tool to remove IOBit:

Download and run the IObit removal tool

After you have run the removal tool do this

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.

  • 0

Advertisements

#32
darlinbassmaster
Posted 01 February 2013 - 05:42 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OTL logfile created on: 2/1/2013 5:13:54 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darlene\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16438)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.92% Memory free
5.73 Gb Paging File | 4.62 Gb Available in Paging File | 80.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.79 Gb Total Space | 174.79 Gb Free Space | 79.17% Space Free | Partition Type: NTFS

Computer Name: DARLENE-PC | User Name: Darlene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/01/29 18:52:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darlene\Downloads\OTL.exe
PRC - [2013/01/28 13:08:55 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
PRC - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/07/27 15:51:38 | 000,823,224 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/04/02 09:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009/08/07 07:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/11/20 08:25:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\snmp.exe -- (SNMP)
SRV:64bit: - [2009/08/05 23:30:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2007/02/12 03:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe -- (AdvancedSystemCareService6)
SRV - [2013/01/08 18:24:37 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe -- (NCO)
SRV - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2012/07/27 12:51:28 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 07:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 07:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 07:17:42 | 000,047,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\snmp.exe -- (SNMP)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/11/29 21:57:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/11/13 15:13:04 | 000,238,328 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/07 07:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/07/13 20:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 08:04:50 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 18:01:23 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/11/14 18:01:22 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/03/27 09:48:00 | 000,398,112 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2012/03/21 06:43:02 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 05:48:23 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/15 14:29:02 | 000,533,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_HDAL_amd64.sys -- (SRS_HDAL_Service)
DRV:64bit: - [2010/02/04 15:20:26 | 000,015,360 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HP8207_8307.sys -- (HP8207_8307)
DRV:64bit: - [2009/11/29 22:14:21 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/08/07 07:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/14 21:47:26 | 000,668,672 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/25 15:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/07 01:29:16 | 000,049,696 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
DRV:64bit: - [2009/05/07 01:20:08 | 000,063,264 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/03/28 10:25:30 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\OEM\factory\int15.sys -- (int15.sys)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/08/16 07:59:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/25 10:39:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/01/24 22:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darlene\AppData\Roaming\Mozilla\Extensions
[2013/01/25 10:39:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/16 15:11:06 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/16 15:10:30 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/16 15:10:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo....p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yah...d={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: A Youtube Downloader Free NPAPI (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\difjeglapnfioclmlgbfkepgjnmhjnnb\3.0.0.0_0\A Youtube Downloader Free-np.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Darlene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob\2013.2.1.33_0\npcoplgn.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: MeadCo's Neptune (Enabled) = C:\PROGRA~2\MEADCO~1\npmeadax.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U37 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Java Deployment Toolkit 6.0.370.6 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

O1 HOSTS File: ([2013/01/30 21:17:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} http://www.addonchat.com/404.html (Web Browser Applet Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (Reg Error: Value error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Reg Error: Value error.)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcp...opAntiVirus.dll (Reg Error: Value error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} http://utilities.pcp...DiskMD3Ctrl.dll (diskhealth Class)
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} http://zone.msn.com/...tz.cab99160.cab (MSN Games – Hearts)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4B6E206-29AC-483C-9139-F700421DDDAB}: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\mhtml - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 15:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/02/01 15:03:33 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Desktop\Uninstaller
[2013/02/01 15:00:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZSoft
[2013/02/01 15:00:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZSoft
[2013/01/31 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/01/31 15:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/01/31 15:23:33 | 000,000,000 | ---D | C] -- C:\Rbackup
[2013/01/31 13:38:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect Uninstaller
[2013/01/31 13:38:56 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2013/01/30 21:16:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/30 16:20:50 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FrostWire 5
[2013/01/30 13:13:14 | 000,000,000 | ---D | C] -- C:\Users\Darlene\FrostWire
[2013/01/30 13:13:10 | 000,000,000 | ---D | C] -- C:\Users\Darlene\.frostwire5
[2013/01/30 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire 5
[2013/01/29 21:00:31 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Apps
[2013/01/28 18:20:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\comp.info
[2013/01/28 13:09:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/28 11:01:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/28 10:55:18 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/28 10:22:24 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Malwarebytes
[2013/01/28 10:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/28 10:22:05 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/28 10:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/28 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Programs
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/26 14:42:17 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\WinISO Computing
[2013/01/26 14:42:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinISO Computing
[2013/01/25 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1402010.016
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\Mozilla
[2013/01/24 22:38:44 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\Mozilla
[2013/01/24 22:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/24 22:38:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/24 18:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2013/01/24 18:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013/01/24 17:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/24 17:52:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/01/24 17:37:01 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64
[2013/01/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
[2013/01/24 14:22:45 | 000,000,000 | ---D | C] -- C:\_945401_
[2013/01/24 14:20:43 | 000,000,000 | ---D | C] -- C:\_823657_
[2013/01/24 13:54:21 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2013/01/24 13:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2013/01/24 13:36:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/24 13:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ClickIT
[2013/01/23 22:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/01/23 20:03:36 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/01/23 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Darlene\Documents\Visual Studio 2005
[2013/01/23 19:59:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2013/01/23 19:54:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2013/01/23 19:30:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2013/01/23 19:22:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/01/23 15:13:36 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers
[2013/01/23 15:06:59 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/23 14:00:29 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2013/01/23 13:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton PC Checkup 3.0
[2013/01/23 13:31:15 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2013/01/21 19:40:55 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\VS Revo Group
[2013/01/17 19:04:27 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2013/01/17 17:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RegInOut
[2013/01/14 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/12 18:31:04 | 000,000,000 | ---D | C] -- C:\ProgramData\RegAce
[2013/01/12 17:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart Driver Updater
[2013/01/12 17:02:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/01/12 17:01:47 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/12 16:52:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/01/09 22:03:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/05 19:54:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2013/01/05 08:14:50 | 000,000,000 | ---D | C] -- C:\Users\Darlene\AppData\Local\NPE
[2010/12/03 05:48:23 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Darlene\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/02/01 17:16:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 17:16:55 | 000,009,920 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 17:11:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 17:11:12 | 2309,689,344 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 16:23:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/31 15:30:08 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/31 13:39:05 | 000,000,042 | ---- | M] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/01/30 21:17:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/25 12:17:38 | 000,874,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/25 12:17:38 | 000,729,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/25 12:17:38 | 000,145,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/25 10:18:20 | 001,649,712 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 15:44:45 | 000,429,768 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/15 18:49:06 | 000,026,432 | ---- | M] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/01/14 21:10:44 | 000,000,036 | ---- | M] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 18:28:43 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:42 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/04 12:16:16 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini

========== Files Created - No Company Name ==========

[2013/01/31 15:30:02 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/01/31 13:39:05 | 000,000,042 | ---- | C] () -- C:\Windows\SysWow64\AK083E209605E394C.lie
[2013/01/25 10:17:48 | 001,649,712 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/25 10:17:48 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/24 17:34:06 | 000,000,853 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.inf
[2013/01/24 17:34:01 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccsetx64.cat
[2013/01/24 17:34:01 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\isolate.ini
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBRC.dat
[2013/01/24 14:00:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SBFC.dat
[2013/01/23 22:46:00 | 015,937,536 | ---- | C] () -- C:\Users\Darlene\SYSTEM
[2013/01/23 22:45:18 | 070,270,976 | ---- | C] () -- C:\Users\Darlene\SOFTWARE
[2013/01/23 14:46:25 | 000,299,544 | ---- | C] () -- C:\Windows\RegGenieOnUninstall.exe
[2013/01/23 12:17:56 | 000,429,768 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/14 21:10:44 | 000,000,036 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\mbam.context.scan
[2013/01/14 21:07:47 | 000,001,424 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/14 18:28:43 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/14 18:28:42 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/11/07 19:30:39 | 000,000,125 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2012/10/17 09:29:17 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-DARLENE-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/10/15 16:40:46 | 000,000,218 | ---- | C] () -- C:\Windows\iepreview.ini
[2012/10/08 17:43:34 | 000,000,000 | ---- | C] () -- C:\Users\Darlene\AppData\Local\Preferences
[2012/02/23 12:32:34 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2011/05/12 14:23:51 | 000,001,940 | ---- | C] () -- C:\Users\Darlene\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/04/27 17:53:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/03/10 13:38:13 | 000,000,880 | ---- | C] () -- C:\Users\Darlene\.recently-used.xbel
[2010/12/03 05:48:23 | 000,007,859 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.cat
[2010/12/03 05:48:23 | 000,001,167 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\pcouffin.inf
[2010/07/07 15:33:26 | 000,009,728 | ---- | C] () -- C:\Users\Darlene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/04 17:33:28 | 000,002,464 | ---- | C] () -- C:\Users\Darlene\AppData\Roaming\wklnhst.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/01/18 13:21:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canneverbe Limited
[2012/10/27 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Canon
[2011/07/13 17:57:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\ChemTable Software
[2013/01/14 21:32:30 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\DriverCure
[2013/01/17 19:04:27 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\GlarySoft
[2011/03/10 13:38:13 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\gtk-2.0
[2013/01/23 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\IObit
[2011/07/15 20:22:46 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\NCH Swift Sound
[2013/01/23 13:31:15 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\PCCUStubInstaller
[2011/07/15 19:33:41 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Pmcc
[2012/02/20 12:34:35 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Product_RM
[2013/01/23 15:06:59 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\RegGenie
[2013/01/24 13:54:21 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\SpeedyPC Software
[2010/02/04 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Template
[2011/09/21 15:12:11 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\Tific
[2011/06/05 14:53:42 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\TomTom
[2013/01/27 18:08:20 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\uTorrent
[2009/11/29 07:16:08 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WildTangent
[2013/01/26 14:42:17 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WinISO Computing
[2013/01/23 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Darlene\AppData\Roaming\WiseDrivers

========== Purity Check ==========



< End of report >
  • 0

#33
darlinbassmaster
Posted 01 February 2013 - 05:44 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am going to try and remove the rest of the iobit I believe most of it is gone now. If you can tell by this scan please let me know.. Thank you..
  • 0

#34
emeraldnzl
Posted 01 February 2013 - 05:53 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Give me a minute or two and I will write a script to remove those left overs.
  • 0

#35
emeraldnzl
Posted 01 February 2013 - 06:07 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Firstly go to Control Panel > Programs and uninstall

Norton PC Checkup
Norton Identity Safe

if they are there.

After that

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - [2013/01/15 18:47:28 | 000,703,808 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
PRC - [2013/01/15 18:47:12 | 000,491,840 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
PRC - [2013/01/15 18:47:10 | 000,465,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
PRC - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
PRC - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
MOD - [2013/01/15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madexcept_.bpl
MOD - [2013/01/15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\maddisAsm_.bpl
MOD - [2013/01/15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\madbasic_.bpl
MOD - [2013/01/15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare 6\webres.dll
SRV - [2012/12/04 21:40:04 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe -- (NCO)
SRV - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC 
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe

:Files
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it then a copy of the OTL log is saved in a text file at

When you return please post
  • OTL fix txt
  • OTL scan txt
  • and tell me how your machine is
  • 0

#36
darlinbassmaster
Posted 01 February 2013 - 06:36 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Firstly go to Control Panel > Programs and uninstall

Norton PC Checkup
Norton Identity Safe

I am having a problem running my control panel. When I try to run my add an remove programs especially it tells me the programs have been removed, and if I want to remove it I say yes, but it is still there. So I am unsure what to do. I notice that I also do not have programs that install permanently as well,I have to always re install from my download file. I will wait to run the fix until I hear from you. I am sure that should be done after I fix this issue.. I hope it is not a bigger issue. My Bios is at default. I have not touched it. BAAAAD THING LOL :no:
  • 0

#37
emeraldnzl
Posted 01 February 2013 - 06:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay, run the fix and the scan and we will see how it comes out.

After that tell me about the issues you have with your computer and we will find some solutions. :)
  • 0

#38
darlinbassmaster
Posted 01 February 2013 - 07:38 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
okie dokie... I appreciate all of this your really helping me thank you. :blush:
  • 0

#39
emeraldnzl
Posted 01 February 2013 - 07:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
:thumbsup:
  • 0

#40
darlinbassmaster
Posted 01 February 2013 - 08:17 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I am having a problem tonight with OTC responding I get about this far I think and it say not responding: should I keep running it?

SRV - [2012/08/22 13:44:30 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC
DRV:64bit: - [2012/08/20 15:50:10 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD02010.021\ccSetx64.sys -- (ccSet_NST)
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe
[2013/01/24 17:33:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe
  • 0

Advertisements

#41
emeraldnzl
Posted 01 February 2013 - 08:28 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Try this:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Monitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.1.33\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe

:Commands
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply. The log is saved in the same location as OTL.
Tell me how you get on. We have other options. :)
  • 0

#42
darlinbassmaster
Posted 02 February 2013 - 03:54 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I ran the OTC with the above program as you wanted and did not receive a log back on the reboot. I did however see the going down matey message and I ran the ad ware as a precaution I hope I did not do anything wrong.
  • 0

#43
emeraldnzl
Posted 02 February 2013 - 04:11 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

I did however see the going down matey message


Hmm... please do this:

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#44
darlinbassmaster
Posted 02 February 2013 - 07:58 PM

darlinbassmaster

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
ComboFix 13-02-02.05 - Darlene 02/02/2013 20:47:13.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2937.1671 [GMT -5:00]
Running from: c:\users\Darlene\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-01-03 to 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-01 22:25 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{7DC7B710-6A46-4F93-8161-90957F5A660D}\mpengine.dll
2013-02-01 20:00 . 2013-02-01 20:00 -------- d-----w- c:\program files (x86)\ZSoft
2013-01-31 20:30 . 2013-01-31 20:30 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6DAAF024-3AA8-4D76-BC99-1FF2E72CCF41}\gapaengine.dll
2013-01-31 20:30 . 2013-01-08 02:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-31 20:29 . 2013-01-31 20:29 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-01-31 20:29 . 2013-01-31 20:30 -------- d-----w- c:\program files\Microsoft Security Client
2013-01-31 20:23 . 2013-01-31 20:23 -------- d-----w- C:\Rbackup
2013-01-31 18:38 . 2013-01-31 20:23 -------- d-----w- c:\program files\Perfect Uninstaller
2013-01-31 02:16 . 2013-01-31 02:16 -------- d-----w- C:\_OTL
2013-01-30 18:13 . 2013-01-30 18:14 -------- d-----w- c:\users\Darlene\FrostWire
2013-01-30 18:13 . 2013-01-30 21:46 -------- d-----w- c:\users\Darlene\.frostwire5
2013-01-30 18:12 . 2013-01-30 21:49 -------- d-----w- c:\program files (x86)\FrostWire 5
2013-01-30 02:00 . 2013-01-30 02:00 -------- d-----w- c:\users\Darlene\AppData\Local\Apps
2013-01-28 15:22 . 2013-01-28 15:22 -------- d-----w- c:\users\Darlene\AppData\Roaming\Malwarebytes
2013-01-28 15:22 . 2013-01-28 15:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-28 15:22 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-28 15:21 . 2013-01-28 15:21 -------- d-----w- c:\users\Darlene\AppData\Local\Programs
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Roaming\WinISO Computing
2013-01-26 19:42 . 2013-01-26 19:42 -------- d-----w- c:\users\Darlene\AppData\Local\WinISO Computing
2013-01-26 19:42 . 2013-01-27 23:21 -------- d-----w- c:\program files (x86)\WinISO Computing
2013-01-25 03:38 . 2013-01-25 03:38 -------- d-----w- c:\users\Darlene\AppData\Local\Mozilla
2013-01-24 23:58 . 2013-01-24 23:58 -------- d-----w- c:\programdata\NCH Swift Sound
2013-01-24 23:53 . 2013-01-24 23:53 -------- d-----w- c:\programdata\Canneverbe Limited
2013-01-24 22:53 . 2013-01-30 01:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-01-24 22:52 . 2013-01-25 15:20 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-01-24 22:34 . 2013-01-24 22:34 -------- d-----w- c:\windows\system32\drivers\NSTx64
2013-01-24 22:33 . 2013-01-31 02:16 -------- d-----w- c:\program files (x86)\Norton Identity Safe
2013-01-24 19:22 . 2013-01-24 19:22 -------- d-----w- C:\_945401_
2013-01-24 19:20 . 2013-01-24 19:20 -------- d-----w- C:\_823657_
2013-01-24 18:54 . 2013-01-24 18:54 -------- d-----w- c:\users\Darlene\AppData\Roaming\SpeedyPC Software
2013-01-24 18:53 . 2013-01-26 04:37 -------- d-----w- c:\programdata\SpeedyPC Software
2013-01-24 18:19 . 2013-01-24 18:19 -------- d-----w- c:\programdata\ClickIT
2013-01-24 03:32 . 2013-01-27 23:36 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2013-01-24 00:59 . 2013-01-24 00:59 -------- d-----w- c:\programdata\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2013-01-24 00:54 . 2013-01-24 00:54 -------- d--h--w- c:\programdata\CanonEPP
2013-01-23 20:13 . 2013-01-24 00:43 -------- d-----w- c:\users\Darlene\AppData\Roaming\WiseDrivers
2013-01-23 20:06 . 2013-01-23 20:06 -------- d-----w- c:\users\Darlene\AppData\Roaming\RegGenie
2013-01-23 19:46 . 2011-03-08 08:30 299544 ----a-w- c:\windows\RegGenieOnUninstall.exe
2013-01-23 19:00 . 2013-01-23 19:04 -------- d-----w- C:\CAT-Logs
2013-01-23 18:32 . 2013-02-02 21:32 -------- d-----w- c:\program files (x86)\Norton PC Checkup 3.0
2013-01-23 18:31 . 2013-01-23 18:31 -------- d-----w- c:\users\Darlene\AppData\Roaming\PCCUStubInstaller
2013-01-22 00:40 . 2013-01-22 00:40 -------- d-----w- c:\users\Darlene\AppData\Local\VS Revo Group
2013-01-18 00:04 . 2013-01-18 00:04 -------- d-----w- c:\users\Darlene\AppData\Roaming\GlarySoft
2013-01-17 22:23 . 2013-01-17 22:23 -------- d-----w- c:\programdata\RegInOut
2013-01-16 01:33 . 2012-11-14 03:51 19450880 ----a-w- c:\windows\system32\mshtml.dll
2013-01-16 01:33 . 2012-11-14 03:25 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-01-16 01:33 . 2012-11-14 01:14 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-01-15 02:32 . 2013-01-15 02:32 -------- d-----w- c:\users\Darlene\AppData\Roaming\DriverCure
2013-01-14 23:31 . 2012-11-09 05:46 28672 ----a-w- c:\windows\system32\IEUDINIT.EXE
2013-01-14 23:27 . 2013-01-14 23:27 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-12 23:31 . 2013-01-12 23:50 -------- d-----w- c:\programdata\RegAce
2013-01-12 22:35 . 2013-01-12 22:40 -------- d-----w- c:\program files (x86)\Smart Driver Updater
2013-01-12 22:02 . 2013-01-12 22:02 -------- d-----w- c:\windows\ERUNT
2013-01-12 22:01 . 2013-01-12 22:01 -------- d-----w- C:\JRT
2013-01-12 21:52 . 2013-02-01 22:05 -------- d-----w- c:\program files\CCleaner
2013-01-10 03:03 . 2013-01-10 03:03 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-09 21:35 . 2012-12-07 13:20 441856 ----a-w- c:\windows\system32\Wpc.dll
2013-01-09 21:34 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:34 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 23:24 . 2013-01-08 23:24 15739912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-06 00:54 . 2013-01-06 00:54 -------- d-----w- c:\windows\SysWow64\N360_BACKUP
2013-01-05 13:14 . 2013-01-27 20:56 -------- d-----w- c:\users\Darlene\AppData\Local\NPE
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2009-11-29 15:04 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-28 18:08 . 2009-10-20 08:01 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-01-28 18:08 . 2009-10-20 08:01 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-01-15 23:49 . 2012-11-14 22:59 26432 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-01-10 03:11 . 2009-12-06 23:50 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 23:24 . 2012-04-04 22:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 23:24 . 2011-05-17 18:17 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-16 17:11 . 2012-12-22 04:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-22 04:07 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-22 04:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 21:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-29 21:18 . 2012-11-29 21:18 18944 ----a-r- c:\users\Darlene\AppData\Roaming\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-11-14 23:27 . 2012-11-14 23:27 154624 ----a-w- c:\windows\SysWow64\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 8192 ----a-w- c:\windows\SysWow64\iisrstap.dll
2012-11-14 23:27 . 2012-11-14 23:27 60928 ----a-w- c:\windows\system32\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 55296 ----a-w- c:\windows\system32\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 50688 ----a-w- c:\windows\SysWow64\admwprox.dll
2012-11-14 23:27 . 2012-11-14 23:27 26624 ----a-w- c:\windows\SysWow64\ahadmin.dll
2012-11-14 23:27 . 2012-11-14 23:27 192000 ----a-w- c:\windows\system32\iisRtl.dll
2012-11-14 23:27 . 2012-11-14 23:27 16896 ----a-w- c:\windows\system32\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 15360 ----a-w- c:\windows\SysWow64\iisreset.exe
2012-11-14 23:27 . 2012-11-14 23:27 14848 ----a-w- c:\windows\system32\wamregps.dll
2012-11-14 23:27 . 2012-11-14 23:27 10752 ----a-w- c:\windows\SysWow64\wamregps.dll
2012-11-14 23:26 . 2012-11-14 23:26 11264 ----a-w- c:\windows\system32\iisrstap.dll
2012-11-14 23:26 . 2012-11-14 23:26 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 23:26 . 2012-11-14 23:26 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 23:25 . 2012-11-14 23:25 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 23:25 . 2012-11-14 23:25 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 23:25 . 2012-11-14 23:25 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 23:25 . 2012-11-14 23:25 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 23:25 . 2012-11-14 23:25 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 23:25 . 2012-11-14 23:25 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 23:25 . 2012-11-14 23:25 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 23:24 . 2012-11-14 23:24 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 23:24 . 2012-11-14 23:24 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 23:24 . 2012-11-14 23:24 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 23:03 . 2012-11-14 23:03 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 23:03 . 2012-11-14 23:03 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 23:03 . 2012-11-14 23:03 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 23:02 . 2012-11-14 23:02 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 23:02 . 2012-11-14 23:02 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 23:02 . 2012-11-14 23:02 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 23:02 . 2012-11-14 23:02 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 23:02 . 2012-11-14 23:02 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 23:02 . 2012-11-14 23:02 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 23:02 . 2012-11-14 23:02 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 23:01 . 2012-11-14 23:01 62976 ----a-w- c:\windows\system32\TSWbPrxy.exe
2012-11-14 23:01 . 2012-11-14 23:01 54272 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 4916224 ----a-w- c:\windows\SysWow64\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 37376 ----a-w- c:\windows\SysWow64\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2012-11-14 23:01 . 2012-11-14 23:01 269312 ----a-w- c:\windows\SysWow64\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 243200 ----a-w- c:\windows\system32\rdpudd.dll
2012-11-14 23:01 . 2012-11-14 23:01 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-11-14 23:01 . 2012-11-14 23:01 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2012-11-14 23:01 . 2012-11-14 23:01 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 1123840 ----a-w- c:\windows\system32\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 1048064 ----a-w- c:\windows\SysWow64\mstsc.exe
2012-11-14 23:01 . 2012-11-14 23:01 57856 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-11-14 23:01 . 2012-11-14 23:01 5773824 ----a-w- c:\windows\system32\mstscax.dll
2012-11-14 23:01 . 2012-11-14 23:01 46592 ----a-w- c:\windows\SysWow64\MsRdpWebAccess.dll
2012-11-14 23:01 . 2012-11-14 23:01 44032 ----a-w- c:\windows\system32\tsgqec.dll
2012-11-14 23:01 . 2012-11-14 23:01 43520 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2012-11-14 23:01 . 2012-11-14 23:01 384000 ----a-w- c:\windows\system32\wksprt.exe
2012-11-14 23:01 . 2012-11-14 23:01 322560 ----a-w- c:\windows\system32\aaclient.dll
2012-11-14 23:01 . 2012-11-14 23:01 18432 ----a-w- c:\windows\system32\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 16896 ----a-w- c:\windows\SysWow64\wksprtPS.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-14 23:01 . 2012-11-14 23:01 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-14 23:00 . 2012-11-14 23:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-11-14 23:00 . 2012-11-14 23:00 458712 ----a-w- c:\windows\system32\drivers\cng.sys
2012-11-14 23:00 . 2012-11-14 23:00 340992 ----a-w- c:\windows\system32\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-11-14 23:00 . 2012-11-14 23:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-11-14 23:00 . 2012-11-14 23:00 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-11-14 23:00 . 2012-11-14 23:00 1448448 ----a-w- c:\windows\system32\lsasrv.dll
2012-11-14 14:59 . 2012-11-14 15:00 4589880 ----a-w- c:\windows\uninst.exe
2012-11-09 05:45 . 2012-12-12 20:00 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-02 140640]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-07-27 823224]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-01-28 295072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bomgar_Cleanup_ZD874224505"="rd" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="%Service%"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
.
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\System32\drivers\SMR311.SYS [x]
R1 SASDIFSV;SASDIFSV;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Darlene\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
R3 Canon IJ Wireless Setup Assistant;Canon IJ Wireless Setup Assistant Service;c:\users\Darlene\Desktop\CanonAPChkTool_win210en\CNMNPHLP.EXE [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-12-03 82816]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-14 19456]
R3 SRS_HDAL_Service;HD Audio Lab;c:\windows\system32\drivers\SRS_HDAL_amd64.sys [2010-11-15 533280]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-28 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-11-30 52856]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NSTx64\7DD02010.021\ccSetx64.sys [2012-08-20 168096]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-12 292864]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [2010-02-04 15360]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-25 138752]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2009-05-07 63264]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2009-05-07 49696]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2012-03-27 398112]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 17:43 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 23:24]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-13 02:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2009-08-06 828960]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\system32\blank.htm
TCP: DhcpNameServer = 69.174.176.2 69.174.176.3 8.8.8.8
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
FF - ProfilePath - c:\users\Darlene\AppData\Roaming\Mozilla\Firefox\Profiles\9j309dhz.default\
FF - ExtSQL: 2013-01-24 17:44; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
FF - ExtSQL: 2013-01-24 17:55; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-01-24 20:57; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn
.
.
------- File Associations -------
.
.txt=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
Wow6432Node-HKCU-Run-Advanced SystemCare 6 - c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
Notify-igfxcui - (no file)
SafeBoot-32944005.sys
SafeBoot-62641909.sys
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-NST - c:\program files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.2.1.33\InstStub.exe
.
.
.
Completion time: 2013-02-02 20:56:56
ComboFix-quarantined-files.txt 2013-02-03 01:56
.
Pre-Run: 187,018,248,192 bytes free
Post-Run: 190,722,162,688 bytes free
.
- - End Of File - - 243CBAC4070D9B44F7520C5018CCF751
  • 0

#45
emeraldnzl
Posted 02 February 2013 - 09:08 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello darlinbassmaster,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
SMR311
AdvancedSystemCareService6
Norton PC Checkup Application Launcher


File::
c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe
c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
c:\windows\System32\drivers\SMR311.SYS
c:\program files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe
c:\program files (x86)\NortonInstaller\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST\LicenseType\2013.2.1.33\InstStub.exe

Folder::
c:\program files (x86)\Norton PC Checkup 3.0
c:\program files\Common Files\Symantec Shared

Firefox::
FF - ExtSQL: 2013-01-24 17:44; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\programdata\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.2.1.33\coFFPlgn
FF - ExtSQL: 2013-01-24 17:55; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn
FF - ExtSQL: 2013-01-24 20:57; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP