Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected? [Solved]


  • This topic is locked This topic is locked

#1
doubleO7

doubleO7

    Member

  • Member
  • PipPip
  • 11 posts
My wife's computer has been seriously compromised and I want to make sure I didn't 'catch it' ~ my computer does run slow... Thanks!

OTL logfile created on: 2/2/2013 11:47:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 45.04% Memory free
5.21 Gb Paging File | 3.21 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.37 Gb Total Space | 224.44 Gb Free Space | 80.34% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.30 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.32 Gb Free Space | 83.95% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/02 11:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2013/01/19 08:38:37 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/09 06:44:43 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/17 00:46:34 | 001,573,576 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 15:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 08:37:22 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 06:44:41 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe
MOD - [2008/05/06 18:47:32 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmslideshow.dll
MOD - [2008/05/06 18:46:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmopengl.dll
MOD - [2008/05/06 18:46:22 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmphotomgr.dll
MOD - [2008/05/06 18:46:06 | 000,896,000 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmwindowing.dll
MOD - [2008/05/06 18:44:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmdirectx.dll
MOD - [2008/05/06 18:44:38 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimgmgr.dll
MOD - [2008/05/06 18:44:28 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmpersist.dll
MOD - [2008/05/06 18:44:10 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmbrowser.dll
MOD - [2008/05/06 18:43:54 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimglib.dll
MOD - [2008/05/06 18:43:50 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmexiftags.dll
MOD - [2008/05/06 18:43:42 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmcommon.dll
MOD - [2008/05/06 18:43:06 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmthreading.dll
MOD - [2008/05/06 18:42:52 | 003,146,240 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmlangres.dll
MOD - [2008/05/05 18:58:16 | 000,383,818 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\sqlite3.dll
MOD - [2008/05/05 18:57:52 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\libexpat.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/05 14:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/16 23:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/11/17 19:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 08:38:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 06:44:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/28 23:28:10 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/06 19:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 19:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 14:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 13:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/19 12:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/15 16:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 16:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 12:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 06:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 EE 05 38 D6 80 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{081ECD49-36FA-4DC7-839A-823A92EE341B}: "URL" = http://websearch.ask...98-D9F89149820A
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3227981.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.naturalmedicinejournal.com "
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://search.condui...&CUI=SB_CUI&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 09:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2013/01/11 09:54:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions
[2013/01/11 09:54:16 | 000,000,000 | ---D | M] (appbario7) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\{6926c7f7-6006-42d1-b046-eba1b3010315}
[2012/12/08 19:44:32 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]
[2013/01/11 08:59:46 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2013/01/11 09:55:47 | 000,001,048 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\appbario7-customized-web-search.xml
[2012/12/08 19:44:32 | 000,002,308 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\askcom.xml
[2013/01/19 08:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 08:38:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/17 17:03:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/21 00:21:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Program Files (x86)\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E6B092B-80AB-4AAB-A826-946C2EE5F243}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/02 11:47:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 10:58:08 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\lemke12
[2013/01/23 11:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/23 11:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 11:14:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/01/23 11:08:34 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Microsoft Help
[2013/01/23 11:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/23 11:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/01/23 11:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/01/19 08:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 09:54:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Wajam
[2013/01/11 09:54:10 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\PerformerSoft
[2013/01/11 09:54:06 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/01/11 09:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2013/01/11 09:53:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scout
[2013/01/11 09:53:00 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/11 09:52:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutterfly Studio
[2013/01/11 09:43:15 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/01/11 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/01/11 09:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/01/11 09:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly
[2013/01/06 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Emulator - Nestopia139_p2p
[2013/01/05 22:58:24 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Adobe
[2013/01/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/05 11:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

========== Files - Modified Within 30 Days ==========

[2013/02/02 11:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 11:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/02 10:28:54 | 000,235,877 | ---- | M] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/02 10:26:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 23:18:56 | 000,221,695 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:17:00 | 000,320,605 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/02/01 09:05:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 09:05:18 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 09:02:19 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/01 09:02:18 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/01 09:02:18 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/01 08:57:48 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 23:45:13 | 000,123,315 | ---- | M] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/23 12:22:25 | 000,362,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 19:57:52 | 000,004,421 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 10:59:40 | 000,001,252 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 10:59:40 | 000,001,228 | ---- | M] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:54:21 | 000,000,009 | ---- | M] () -- C:\END
[2013/01/11 09:52:48 | 000,056,232 | ---- | M] () -- C:\Users\chris\Desktop\wajam_download.exe
[2013/01/11 09:52:26 | 012,176,352 | ---- | M] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/01/05 19:37:38 | 000,806,366 | ---- | M] () -- C:\Users\chris\Desktop\dsjflsadfj
[2013/01/05 18:40:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/05 11:10:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/02/02 10:28:53 | 000,235,877 | ---- | C] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/01 23:18:55 | 000,221,695 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:16:59 | 000,320,605 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/01/31 23:45:05 | 000,123,315 | ---- | C] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/22 19:57:52 | 000,004,421 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 09:54:21 | 000,000,009 | ---- | C] () -- C:\END
[2013/01/11 09:52:55 | 000,001,252 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 09:52:55 | 000,001,228 | ---- | C] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:52:08 | 012,176,352 | ---- | C] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:52:08 | 000,056,232 | ---- | C] () -- C:\Users\chris\Desktop\wajam_download.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/01/05 19:37:38 | 000,806,366 | ---- | C] () -- C:\Users\chris\Desktop\dsjflsadfj
[2013/01/05 18:40:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/05 11:10:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/05 11:10:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/08/21 10:15:51 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/16 17:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/16 16:59:28 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/06/16 23:34:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 15:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/11 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/01/11 10:59:57 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\PerformerSoft
[2013/01/11 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/23 08:51:39 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SoftGrid Client
[2012/08/16 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Synaptics
[2013/01/22 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
_____________________________________________________________________________________________________________________________________________

OTL Extras logfile created on: 2/2/2013 11:47:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 45.04% Memory free
5.21 Gb Paging File | 3.21 Gb Available in Paging File | 61.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.37 Gb Total Space | 224.44 Gb Free Space | 80.34% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.30 Gb Free Space | 8.92% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.32 Gb Free Space | 83.95% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\File Scout\filescout.exe" /open "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0114E82F-6279-4CE4-AFD8-9593A4948242}" = lport=138 | protocol=17 | dir=in | app=system |
"{13CA488E-A018-4ED3-8A63-E845889C0AB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{18B346AF-2BD3-4298-A5BA-8DDDFEFECF76}" = rport=10243 | protocol=6 | dir=out | app=system |
"{25D7E5D9-32C3-4835-901B-2AB3A69C1283}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{4B66DE9F-D2CB-440C-BE88-45B18F4993DF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{502C59A9-A1C0-443A-BAE6-F3A1C3605DB4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5590FC40-FF7F-44E4-B4A0-ED6CDDF8C18E}" = rport=445 | protocol=6 | dir=out | app=system |
"{5BAA9D64-15F0-408A-814F-5EE169577612}" = rport=138 | protocol=17 | dir=out | app=system |
"{65B1FB6E-6877-4D71-A884-9D15E6B0B2FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{6B4CC0F4-CD2A-491D-8F6C-51696EAF790A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{6C2C7BFC-3C96-4407-94D0-E14BC9B43CE9}" = rport=139 | protocol=6 | dir=out | app=system |
"{6C423FCA-B122-451E-BA7E-ECFF6BC32C4A}" = lport=445 | protocol=6 | dir=in | app=system |
"{6F2BDF81-874C-482E-ADA0-880D2F72C15A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7B48F40F-5618-4866-8A02-D2DA4573FBBA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8375E3E7-B3D1-4AE2-A730-819CD9F858CD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{9D09C05C-3689-424D-AB98-BB94A0D11181}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A048B1BE-7073-49ED-8E59-BF8ACD8AA78A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A5915A8F-3260-4B0B-91E9-D4C79E61D040}" = lport=139 | protocol=6 | dir=in | app=system |
"{BEC34589-B9C4-4792-9CC4-7640986DDE48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C43B72A4-855A-46A5-878C-79F931E02398}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C5043F20-60C3-45B0-B77A-ED396E2A1FD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CA401E1F-FCAB-43DB-A999-7CC19656B22B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CAFE4F08-B0F6-4AEA-9453-9055EAFCEB4D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CE14BF9E-3DA0-4345-8FE7-75F42B4853D0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2C0001D-7C74-49A4-9F9C-1E105F91262B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D39995EC-F511-45A3-A561-A9A1532C09DC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{EFCC1FD5-BD3C-4914-A594-65B6052613DA}" = lport=137 | protocol=17 | dir=in | app=system |
"{F675A6DA-558E-4752-A2B8-6DBADDFBA3BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F9EE22A8-2A2E-4C60-9CD9-9CA7861CF95C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FB551942-4F05-40DF-A198-DC2B9BE0D789}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{FD2CF2A8-434F-48B8-BC2C-B4B31D1C8E69}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080EE04F-6C10-49C4-B33E-F6838B86B4D7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{081F6F3B-59D6-48C2-9D5C-BE72E2476457}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{10545B1B-F8E7-43A8-B172-0CCD0B0CEAA6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{28597532-775C-41AC-A976-1BB844FE2554}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2F2ABA96-80E9-4D3B-BF39-465F40E5DDDD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4617E1AF-60AB-4140-A666-C26921D02E9B}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{47A834EA-26AB-4E6E-95BD-3C953B83BD09}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{556DBB61-87CD-46D3-B2BB-588A537E004F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5BBDDD1D-8DFC-48F9-B3AC-3E23E175C346}" = protocol=1 | dir=in | [email protected],-28543 |
"{7C4499C3-72AF-48F2-9B99-4F3513F10F66}" = protocol=58 | dir=out | [email protected],-28546 |
"{8A72C841-C458-4300-ABB5-743D7B6423CB}" = protocol=58 | dir=in | [email protected],-28545 |
"{9C5806FD-7EF6-455D-B1DB-4B113ABBC810}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A51F7CA7-04BC-41A9-BFFF-58751451325C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ADC401D8-A4BF-4AAE-B5D2-5B6126360F41}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C28872FA-E857-42CC-A7EE-3B3D0D1866B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C62C65F7-93E2-4986-8A50-4325DB3E74DA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C7656403-9C1E-43CC-99A0-B6FA5A56AD1B}" = protocol=1 | dir=out | [email protected],-28544 |
"{CF224EB5-50AC-47AC-BD66-31902FC89586}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D50E6057-CE9C-4481-9458-2F8C8D0C676E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D7B5B164-0A1C-4E24-AE9E-85E32E5A51B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DC791F31-96E1-43A8-BE60-3329AAF19F48}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E56C57EB-8206-41A5-B937-392A50A10C50}" = protocol=6 | dir=out | app=system |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1E4F85D3-21AE-5965-B58F-ADA152087438}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{72927D2A-ADEF-786D-91E3-06CEFD60D107}" = ATI Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9CAB2212-0732-4827-8EC4-61D8EF0AA65B}" = HP Launch Box
"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client
"{D2F5AD37-740F-4A4E-257C-AB1B1577FB03}" = AMD Media Foundation Decoders
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F25DF24C-44F4-CA28-AE93-C50E637677E1}" = AMD Fuel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics TouchPad Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0DC04A49-75C8-234A-459A-56E90120C9BF}" = Catalyst Control Center Graphics Previews Common
"{12222C69-B349-23B5-EE29-2A02B68A56C7}" = CCC Help Greek
"{131D3479-CA72-DEDE-5764-7083B7B1F547}" = CCC Help Danish
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1854100A-B46D-290C-0E1B-29EC1C4276D1}" = CCC Help Spanish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2A2414C2-829B-1617-A858-3E7A95E2F776}" = CCC Help Norwegian
"{2CBC1636-7754-CC40-9FDD-537F6B9576E3}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F089C-BB4B-D768-9E1A-CDBCD6B9654E}" = Catalyst Control Center InstallProxy
"{51B57AC2-5B19-8EBD-C875-1ABE27B8805F}" = CCC Help German
"{53A79F0B-4D17-5D2A-9212-2167C84892EA}" = CCC Help Chinese Standard
"{559C58CD-F800-A374-DA37-D98FF4F440F6}" = CCC Help Chinese Traditional
"{5723D1D9-E745-DEB4-3EFC-699B36CF04F8}" = CCC Help Japanese
"{5EC11835-8CB9-846B-B3DC-B8C99C748D7B}" = CCC Help Dutch
"{60382BCF-CD62-ED26-F920-30ACDDB13E89}" = CCC Help Thai
"{62280713-38D6-DC4B-1AF5-B6145A9D64EE}" = CCC Help English
"{646ADDE8-F6A6-E311-7A17-6744944F4B8A}" = CCC Help Swedish
"{6737D9E5-E5EE-5BCC-5214-8D988AE88FC9}" = CCC Help French
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C9CA7D5-93F8-A8CD-61D1-BF8A288F1FF2}" = CCC Help Portuguese
"{8E53C421-F248-DEFF-68AC-20691AA1DE59}" = CCC Help Finnish
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT5390 802.11b/g/n WiFi Adapter
"{95A46A36-EEF8-A4A2-19F6-45A994E42E29}" = CCC Help Hungarian
"{9A452B33-CA88-CB24-F2C5-7123106600EE}" = CCC Help Italian
"{A834E3B6-C376-1C25-301E-20F16E9FCE00}" = CCC Help Turkish
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{AF01C37B-FCCB-50C3-64A9-A16811F045C7}" = AMD VISION Engine Control Center
"{BB1C717E-376C-4AA1-8940-81BFC38D9778}" = HP Quick Launch
"{BFD1ABD7-9417-41CB-B1F6-04BE4CB9820D}" = HP Software Framework
"{C0F0F180-AAC4-0564-FFD4-8810D6CE3BAB}" = CCC Help Korean
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}" = HP Support Assistant
"{CF173F8A-9F41-B92D-E516-E96166FD0CDD}" = CCC Help Polish
"{D7670221-BF9B-4DFF-B26B-5BE55A87329F}" = HP On Screen Display
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{E00C1D49-FDFE-AD68-7C8F-6F021AAAF212}" = CCC Help Russian
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F6F65734-697D-CBF9-416C-9BFF34AF2C0A}" = CCC Help Czech
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Mozilla Firefox 18.0.1 (x86 en-US)" = Mozilla Firefox 18.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SFlyStudio" = Shutterfly Studio

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2013 3:04:01 PM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C032

Error - 1/22/2013 3:04:01 PM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C032 Sku Id=3850c794-b06f-4633-b02f-8ac4df0a059f

Error - 1/22/2013 3:04:08 PM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C032

Error - 1/22/2013 3:04:08 PM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C032 Sku Id=3850c794-b06f-4633-b02f-8ac4df0a059f

Error - 1/23/2013 9:25:30 AM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 8200
Description = License acquisition failure details. hr=0xC004C032

Error - 1/23/2013 9:25:30 AM | Computer Name = chris-HP | Source = Office Software Protection Platform Service | ID = 1014
Description = Acquisition of End User License failed. hr=0xC004C032 Sku Id=3850c794-b06f-4633-b02f-8ac4df0a059f

Error - 1/23/2013 9:29:18 AM | Computer Name = chris-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/23/2013 10:58:10 AM | Computer Name = chris-HP | Source = WinMgmt | ID = 10
Description =

Error - 1/23/2013 12:52:43 PM | Computer Name = chris-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 1/23/2013 1:07:03 PM | Computer Name = chris-HP | Source = VSS | ID = 8194
Description =

Error - 1/23/2013 1:09:35 PM | Computer Name = chris-HP | Source = MsiInstaller | ID = 11310
Description =

[ Hewlett-Packard Events ]
Error - 11/24/2012 4:21:24 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 11/24/2012 4:21:27 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/1/2012 4:18:44 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description = HP Error ID: -2146233087 Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0] Message: The server did not provide a meaningful
reply; this might be caused by a contract mismatch, a premature session shutdown
or an internal server error. StackTrace: Server stack trace: at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs, TimeSpan timeout) at System.ServiceModel.Channels.ServiceChannel.Call(String
action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[]
outs) at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&
msgData, Int32 type) at HP.SupportFramework.Communicator.MessengerComm.IMessengerCommunicator.UpdateTimer()

at HP.SupportAssistant.UI.MessengerCommunication.sendTimerUpdate() Source: mscorlib

Name:
HPSF.exe Version: 06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\HPSF.exe Format: en-US RAM: 2666 Ram Utilization: 30 TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage)

Error - 12/1/2012 4:18:57 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/8/2012 12:37:06 AM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/22/2012 4:55:05 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/22/2012 4:55:11 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 12/29/2012 4:48:25 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/5/2013 4:52:35 PM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

Error - 1/13/2013 12:43:27 AM | Computer Name = chris-HP | Source = HPSF.exe | ID = 4000
Description =

[ System Events ]
Error - 1/11/2013 12:21:04 AM | Computer Name = chris-HP | Source = DCOM | ID = 10010
Description =

Error - 1/11/2013 11:55:01 AM | Computer Name = chris-HP | Source = Service Control Manager | ID = 7034
Description = The WajamUpdater service terminated unexpectedly. It has done this
1 time(s).

Error - 1/11/2013 12:52:45 PM | Computer Name = chris-HP | Source = DCOM | ID = 10010
Description =

Error - 1/11/2013 12:53:08 PM | Computer Name = chris-HP | Source = DCOM | ID = 10010
Description =

Error - 1/23/2013 2:21:07 PM | Computer Name = chris-HP | Source = DCOM | ID = 10010
Description =

Error - 1/23/2013 3:05:52 PM | Computer Name = chris-HP | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Microsoft Outlook Social Connector 2010 (KB2553406)
64-Bit Edition.

Error - 1/24/2013 9:10:37 AM | Computer Name = chris-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:23:36 PM on ?1/?23/?2013 was unexpected.

Error - 1/24/2013 7:26:37 PM | Computer Name = chris-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:18:19 AM on ?1/?24/?2013 was unexpected.

Error - 1/24/2013 11:26:03 PM | Computer Name = chris-HP | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:37:16 PM on ?1/?24/?2013 was unexpected.

Error - 1/24/2013 11:27:21 PM | Computer Name = chris-HP | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the HPWMISVC service.


< End of report >
  • 0

Advertisements


#2
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello doubleO7 and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.

  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I do see some junk on there, let's remove it and check a little deeper.
Step 1
Programs to uninstall:
Please click Start orb, Control Panel and select Uninstall a program.
In the programs list, please uninstall the Ask.com toolbar.

Step 2
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    FF - prefs.js..CT3227981.browser.search.defaultthis.engineName: true
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..keyword.URL: "http://search.condui...&CUI=SB_CUI&q="
    [2012/12/08 19:44:32 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]
    [2012/12/08 19:44:32 | 000,002,308 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\askcom.xml
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll) - File not found
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 3
Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 4
  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan

Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

Step 5
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
winsock.*
/md5stop
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

In your next reply I would like to see:
  • OTL fix log
  • ADWcleaner log
  • RogueKiller log
  • OTL custom scan log
  • What are the current symptoms, if any?

  • 0

#3
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I'm getting there ...it looks like your online? Am I supposed to just close the RougeKiller after the scan or should DELETE the five susp pa... found in the registry?
  • 0

#4
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts

I'm getting there ...it looks like your online? Am I supposed to just close the RougeKiller after the scan or should DELETE the five susp pa... found in the registry?


Just close out roguekiller, I would like to examine the log before anything there is deleted.
  • 0

#5
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 2/3/2013 2:03:14 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chris\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 58.55% Memory free
5.21 Gb Paging File | 3.82 Gb Available in Paging File | 73.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.37 Gb Total Space | 235.39 Gb Free Space | 84.26% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.31 Gb Free Space | 8.97% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 3.32 Gb Free Space | 83.95% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/02 11:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
PRC - [2013/01/19 08:38:37 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/09 06:44:43 | 001,808,392 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 15:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/19 08:37:22 | 003,022,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/09 06:44:41 | 014,586,888 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe
MOD - [2008/05/06 18:47:32 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmslideshow.dll
MOD - [2008/05/06 18:46:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmopengl.dll
MOD - [2008/05/06 18:46:22 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmphotomgr.dll
MOD - [2008/05/06 18:46:06 | 000,896,000 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmwindowing.dll
MOD - [2008/05/06 18:44:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmdirectx.dll
MOD - [2008/05/06 18:44:38 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimgmgr.dll
MOD - [2008/05/06 18:44:28 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmpersist.dll
MOD - [2008/05/06 18:44:10 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmbrowser.dll
MOD - [2008/05/06 18:43:54 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimglib.dll
MOD - [2008/05/06 18:43:50 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmexiftags.dll
MOD - [2008/05/06 18:43:42 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmcommon.dll
MOD - [2008/05/06 18:43:06 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmthreading.dll
MOD - [2008/05/06 18:42:52 | 003,146,240 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmlangres.dll
MOD - [2008/05/05 18:58:16 | 000,383,818 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\sqlite3.dll
MOD - [2008/05/05 18:57:52 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\libexpat.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/05 14:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/16 23:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/11/17 19:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 08:38:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 06:44:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/28 23:28:10 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/06 19:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 19:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 14:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 13:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/19 12:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/15 16:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 16:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 12:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 06:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...0003cd92b2cb0e7
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 EE 05 38 D6 80 CD 01 [binary data]
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes\{081ECD49-36FA-4DC7-839A-823A92EE341B}: "URL" = http://websearch.ask...98-D9F89149820A
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.naturalmedicinejournal.com "
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 09:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2013/02/03 13:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions
[2013/01/11 08:59:46 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2013/01/11 09:55:47 | 000,001,048 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\appbario7-customized-web-search.xml
[2013/02/02 15:17:43 | 000,001,294 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\delta.xml
[2013/01/19 08:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 08:38:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/17 17:03:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/21 00:21:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SMessaging] C:\Users\chris\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1282327868-799515634-4252873935-1002..\Run: [ShutterflyStudio] C:\Program Files (x86)\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E6B092B-80AB-4AAB-A826-946C2EE5F243}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 13:58:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/03 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\RK_Quarantine
[2013/02/03 12:47:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/03 12:30:49 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/03 12:29:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/02 15:19:20 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Strongvault
[2013/02/02 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/02/02 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Stronghold_LLC
[2013/02/02 15:18:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/02 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\AnySend
[2013/02/02 15:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AnySend
[2013/02/02 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\DSite
[2013/02/02 11:47:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 10:58:08 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\lemke12
[2013/01/23 11:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/23 11:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 11:14:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/01/23 11:08:34 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Microsoft Help
[2013/01/23 11:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/23 11:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/01/23 11:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/01/19 08:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 09:54:06 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/01/11 09:53:00 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/11 09:52:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutterfly Studio
[2013/01/11 09:43:15 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/01/11 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/01/11 09:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/01/11 09:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly
[2013/01/06 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Emulator - Nestopia139_p2p
[2013/01/05 22:58:24 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Adobe
[2013/01/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/05 11:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/05 11:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe

========== Files - Modified Within 30 Days ==========

[2013/02/03 14:07:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 14:06:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:06:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:05:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/03 14:05:38 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/03 14:05:38 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/03 13:58:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 13:58:16 | 372,596,836 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/03 13:58:16 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 12:54:56 | 000,053,435 | ---- | M] () -- C:\Users\chris\Desktop\15-adwcleaner.htm
[2013/02/02 11:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 10:28:54 | 000,235,877 | ---- | M] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/01 23:18:56 | 000,221,695 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:17:00 | 000,320,605 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/01/31 23:45:13 | 000,123,315 | ---- | M] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/23 12:22:25 | 000,362,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 19:57:52 | 000,004,421 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 10:59:40 | 000,001,252 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 10:59:40 | 000,001,228 | ---- | M] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:52:26 | 012,176,352 | ---- | M] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/01/05 19:37:38 | 000,806,366 | ---- | M] () -- C:\Users\chris\Desktop\dsjflsadfj
[2013/01/05 18:40:57 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/05 11:10:01 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk

========== Files Created - No Company Name ==========

[2013/02/03 13:58:16 | 372,596,836 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/03 12:54:50 | 000,053,435 | ---- | C] () -- C:\Users\chris\Desktop\15-adwcleaner.htm
[2013/02/02 10:28:53 | 000,235,877 | ---- | C] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/01 23:18:55 | 000,221,695 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:16:59 | 000,320,605 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/01/31 23:45:05 | 000,123,315 | ---- | C] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/22 19:57:52 | 000,004,421 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 09:52:55 | 000,001,252 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 09:52:55 | 000,001,228 | ---- | C] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:52:08 | 012,176,352 | ---- | C] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2013/01/05 19:37:38 | 000,806,366 | ---- | C] () -- C:\Users\chris\Desktop\dsjflsadfj
[2013/01/05 18:40:57 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/01/05 11:10:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/05 11:10:01 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2012/08/21 10:15:51 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/16 17:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/16 16:59:28 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/06/16 23:34:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 15:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/02/02 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\AnySend
[2013/01/11 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/02/02 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\DSite
[2013/01/11 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/23 08:51:39 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SoftGrid Client
[2013/02/02 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Strongvault
[2012/08/16 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Synaptics
[2013/01/22 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TP

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 19:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2010/11/20 21:24:08 | 000,070,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 19:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 21:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 19:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 19:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 16:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2012/06/01 23:41:28 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2012/06/01 22:36:29 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 21:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 21:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/07/06 19:07:14 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 19:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 19:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 19:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 19:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 21:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 19:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 19:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 19:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 19:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 19:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 11:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 19:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 05:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 00:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 19:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 21:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 21:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 21:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 00:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 19:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 21:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 21:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 21:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 21:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 21:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 21:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 19:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/04/30 23:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 21:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 21:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 21:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 21:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 21:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 21:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 21:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 21:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 19:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 16:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 21:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 19:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 21:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/07/06 19:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/06 19:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/06 19:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/06 19:08:27 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 21:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/06 19:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/06 19:08:27 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 21:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 21:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/12/18 13:08:30 | 000,559,043 | ---- | M] () MD5=BA25E8F1460C7453B7488FE4B42F6919 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 01:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 01:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 01:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 21:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 21:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 21:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

< End of report >







# AdwCleaner v2.109 - Logfile created 02/03/2013 at 13:01:36
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : chris - CHRIS-HP
# Boot Mode : Normal
# Running from : C:\Users\chris\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : \END
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\bprotector_prefs.js
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\file scout
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\IBUpdaterService
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\chris\AppData\Local\Wajam
Folder Deleted : C:\Users\chris\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\chris\AppData\Roaming\Babylon
Folder Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\CT3227981
Folder Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\{6926c7f7-6006-42d1-b046-eba1b3010315}
Folder Deleted : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\Smartbar
Folder Deleted : C:\Users\chris\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\94d8dae568ee49
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Wow6432Node\94d8dae568ee49
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\prefs.js

C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\user.js ... Deleted !

Deleted : user_pref("CT3227981.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3227981.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3227981.CT3227981ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzcwMjglMj[...]
Deleted : user_pref("CT3227981.CT3227981current_term.enc", "VkVHRUNBVEVE");
Deleted : user_pref("CT3227981.CT3227981sdate.enc", "MTE=");
Deleted : user_pref("CT3227981.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227981.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3227981.FirstTime", "true");
Deleted : user_pref("CT3227981.FirstTimeFF3", "true");
Deleted : user_pref("CT3227981.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3227981.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("CT3227981.UserID", "UN43096215221343914");
Deleted : user_pref("CT3227981.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3227981.autoDisableScopes", -1);
Deleted : user_pref("CT3227981.bDay_InstallDate.enc", "MTEtMA==");
Deleted : user_pref("CT3227981.bDay_InstallFromToolbar.enc", "eWVz");
Deleted : user_pref("CT3227981.browser.search.defaultthis.engineName", "");
Deleted : user_pref("CT3227981.cbfirsttime.enc", "RnJpIEphbiAxMSAyMDEzIDA5OjU1OjQyIEdNVC0wNjAwIChDZW50cmFsIFN0[...]
Deleted : user_pref("CT3227981.defaultSearch", "true");
Deleted : user_pref("CT3227981.embeddedsData", "[{\"appId\":\"129837882913311618\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3227981.enableAlerts", "always");
Deleted : user_pref("CT3227981.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3227981.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3227981.fixPageNotFoundError", "true");
Deleted : user_pref("CT3227981.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3227981.fixUrls", true);
Deleted : user_pref("CT3227981.installId", "installbrain");
Deleted : user_pref("CT3227981.installType", "conduitnsisintegration");
Deleted : user_pref("CT3227981.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3227981.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227981.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3227981.isNewTabEnabled", true);
Deleted : user_pref("CT3227981.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3227981.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3227981.keyword", true);
Deleted : user_pref("CT3227981.mam_CouponBuddy_appState.enc", "b24=");
Deleted : user_pref("CT3227981.mam_PriceGong_appState.enc", "b24=");
Deleted : user_pref("CT3227981.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9z[...]
Deleted : user_pref("CT3227981.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3227981.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3227981.mam_gk_lastLoginTime.enc", "MTM1NzkxOTczOTQ0MA==");
Deleted : user_pref("CT3227981.mam_gk_settings.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoy[...]
Deleted : user_pref("CT3227981.mam_gk_userId.enc", "Y2JiMWQ1NDUtYTg4OS00ODdjLWIwY2YtMDE0MTdjNWFkMzg3");
Deleted : user_pref("CT3227981.mam_gk_user_apps_selection.enc", "eyJQcmljZUdvbmciOnRydWUsIkNvdXBvbkJ1ZGR5Ijp0c[...]
Deleted : user_pref("CT3227981.migrateAppsAndComponents", true);
Deleted : user_pref("CT3227981.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"sugar funeral ART\",\"EB_MAIN_FR[...]
Deleted : user_pref("CT3227981.openThankYouPage", "false");
Deleted : user_pref("CT3227981.openUninstallPage", "true");
Deleted : user_pref("CT3227981.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Deleted : user_pref("CT3227981.price-gong.isManagedApp", "true");
Deleted : user_pref("CT3227981.revertSettingsEnabled", "true");
Deleted : user_pref("CT3227981.search.searchAppId", "129837882913311618");
Deleted : user_pref("CT3227981.search.searchCount", "0");
Deleted : user_pref("CT3227981.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3227981.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3227981.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3227981.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Deleted : user_pref("CT3227981.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3227981.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3227981.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3227981.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3227981.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1357919722410");
Deleted : user_pref("CT3227981.serviceLayer_services_appsMetadata_lastUpdate", "1357919722385");
Deleted : user_pref("CT3227981.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1357919726555");
Deleted : user_pref("CT3227981.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357919722689");
Deleted : user_pref("CT3227981.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1357919726279");
Deleted : user_pref("CT3227981.serviceLayer_services_searchAPI_lastUpdate", "1357919719370");
Deleted : user_pref("CT3227981.serviceLayer_services_serviceMap_lastUpdate", "1357919719054");
Deleted : user_pref("CT3227981.serviceLayer_services_toolbarContextMenu_lastUpdate", "1357919726400");
Deleted : user_pref("CT3227981.serviceLayer_services_toolbarSettings_lastUpdate", "1357919719450");
Deleted : user_pref("CT3227981.serviceLayer_services_translation_lastUpdate", "1357919722335");
Deleted : user_pref("CT3227981.serviceLayer_services_userApps_lastUpdate", "1357921652244");
Deleted : user_pref("CT3227981.settingsINI", true);
Deleted : user_pref("CT3227981.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3227981.smartbar.CTID", "CT3227981");
Deleted : user_pref("CT3227981.smartbar.Uninstall", "0");
Deleted : user_pref("CT3227981.smartbar.homepage", true);
Deleted : user_pref("CT3227981.smartbar.toolbarName", "appbario7 ");
Deleted : user_pref("CT3227981.toolbarBornServerTime", "11-1-2013");
Deleted : user_pref("CT3227981.toolbarCurrentServerTime", "11-1-2013");
Deleted : user_pref("CT3227981.url_history0001.enc", "aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo6OmNsaWNraGFuZGxlcjo6OjEz[...]
Deleted : user_pref("CT3227981_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3227981");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227981&SearchSource=13&CU[...]
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Deleted : user_pref("smartbar.originalSearchEngine", "appbario7 Customized Web Search");

*************************

AdwCleaner[S1].txt - [14291 octets] - [03/02/2013 13:01:36]

########## EOF - C:\AdwCleaner[S1].txt - [14352 octets] ##########







RogueKiller V8.4.4 [Feb 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : chris [Admin rights]
Mode : Scan -- Date : 02/03/2013 13:10:24
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : SMessaging (C:\Users\chris\AppData\Local\Strongvault Online Backup\SMessaging.exe) -> FOUND
[TASK][SUSP PATH] DSite : C:\Users\chris\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE /Check -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\Shutterfly Studio Screen Saver.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM321HI SATA Disk Device +++++
--- User ---
[MBR] 6004d606b970572e37a5ce84d8112343
[BSP] 43bbf7b03e249ac0a4adc386b8b1eb66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 286071 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 586283008 | Size: 14910 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 616818688 | Size: 4063 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02032013_02d1310.txt >>
RKreport[1]_S_02032013_02d1310.txt


debug.log-Notepad
[00:00:0000] ***** Global Init *****
[00:00:0016] Has crashed before : Yes
[00:00:0016] Create mutex : RogueKiller

QuarantineReport.txt - Notepad
Time : 03/02/2013 13:10:24
--------------------------
ERROR [Strongvault.vir] -> C:\Users\chris\AppData\Local\Strongvault
ERROR [UPDATE~1.EXE.vir] -> C:\Users\chris\AppData\Roaming\DSite\UPDATE~1\UPDATE~1.EXE
[Shutterfly Studio Screen Saver.scr.vir] -> C:\Windows\Shutterfly Studio Screen Saver.scr
  • 0

#6
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
shoot, am I missing one? I did them in order but now I only see one OTL.text file (yeah, I'm really not computer literate)...

The only symptom out of the ordinary since my first post would be when I returned to the computer, after stepping away with my RK question, the computer seems to be in sleep mode THEN when I turned it on it said something about it shut down to protect the computer, and then I got a blue screen briefly with some white text on it and then Windows started normally and no problemes since.

Is JustChek (spelling?) for JAVA or something? It occationally comes up, asking if I would like to allow it to make changes to my computer and I've replied no because I didn't know what it was...


THANK YOU THANK YOU THANK YOU THANK YOU
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0

#7
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
You did miss one, the OTL fix log. You can find it in C:\_OTL\MovedFiles I would like to look that one over before proceeding. It should be a .txt file and have a bunch of numbers in the file name.

Please do let Juscheck run, as it is the updater for Java, which is having all kinds of security issues these days.

the current Java version is Java Version 7 update 13. Please verify that Jucheck is updating you to this version when it prompts you to do an update.

Don't worry, you are doing just fine. :thumbsup: Let me look over these logs and the OTL fix log when you find it, and then we will move on to the next step.
  • 0

#8
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I hope this is right. let me know if it's not. Thank you!!!!

C:\_OTL\MovedFiles/02033013_124716.log

========== OTL ==========
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Prefs.js: true removed from CT3227981.browser.search.defaultthis.engineName
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "http://search.condui...&CUI=SB_CUI&q=" removed from keyword.URL
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\searchplugins folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\[email protected] folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\pcperf~1\25945~1.13\{fc772~1\pcpmngr.dll deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 12281992755 bytes
->Temporary Internet Files folder emptied: 59187761 bytes
->Java cache emptied: 119876 bytes
->FireFox cache emptied: 69283047 bytes
->Flash cache emptied: 76587 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 263133337 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36074750 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 12,121.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032013_124716

Files\Folders moved on Reboot...
C:\Users\chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#9
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi there,
One more look with OTL to make sure I got it all please,

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows. OTL.Txt which is also saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your next response

  • 0

#10
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 2/5/2013 9:10:50 AM - Run 3
OTL by OldTimer - Version 3.2.65.1 Folder = C:\Users\chris\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.46 Gb Available Physical Memory | 55.96% Memory free
5.21 Gb Paging File | 3.73 Gb Available in Paging File | 71.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.37 Gb Total Space | 234.86 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.31 Gb Free Space | 8.97% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 0.00 Gb Free Space | 0.04% Space Free | Partition Type: FAT32

Computer Name: CHRIS-HP | User Name: chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/09/21 14:28:01 | 000,600,576 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Downloads\OTL.exe
PRC - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/06/15 18:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 15:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 17:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe


========== Modules (No Company Name) ==========

MOD - [2008/05/06 18:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\SFlyStudio.exe
MOD - [2008/05/06 18:47:32 | 000,217,600 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmslideshow.dll
MOD - [2008/05/06 18:46:28 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmopengl.dll
MOD - [2008/05/06 18:46:22 | 000,196,096 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmphotomgr.dll
MOD - [2008/05/06 18:46:06 | 000,896,000 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmwindowing.dll
MOD - [2008/05/06 18:44:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmdirectx.dll
MOD - [2008/05/06 18:44:38 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimgmgr.dll
MOD - [2008/05/06 18:44:28 | 000,598,016 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmpersist.dll
MOD - [2008/05/06 18:44:10 | 000,060,928 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmbrowser.dll
MOD - [2008/05/06 18:43:54 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmimglib.dll
MOD - [2008/05/06 18:43:50 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmexiftags.dll
MOD - [2008/05/06 18:43:42 | 000,429,568 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmcommon.dll
MOD - [2008/05/06 18:43:06 | 000,065,024 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmthreading.dll
MOD - [2008/05/06 18:42:52 | 003,146,240 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\mmlangres.dll
MOD - [2008/05/05 18:58:16 | 000,383,818 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\sqlite3.dll
MOD - [2008/05/05 18:57:52 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Shutterfly\Studio\Bin\libexpat.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/05 14:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/16 23:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/11/17 19:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/19 08:38:36 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/09 06:44:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 13:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/21 16:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/16 18:03:42 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/06/14 15:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/12/27 17:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/20 21:24:08 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/28 23:28:10 | 000,028,528 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\povrtdev.sys -- (msvad_simple)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/06 19:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 19:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 14:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 13:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/04/19 12:32:50 | 001,488,448 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2011/04/15 16:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 16:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 12:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 06:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 21:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 14:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...0003cd92b2cb0e7
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 72 EE 05 38 D6 80 CD 01 [binary data]
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes\{081ECD49-36FA-4DC7-839A-823A92EE341B}: "URL" = http://websearch.ask...98-D9F89149820A
IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.naturalmedicinejournal.com "
FF - prefs.js..extensions.enabledAddons: %7Bd47a9f51-8281-43fa-f450-f28ef8735e9a%7D:2.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/19 08:38:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/08/25 09:09:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Extensions
[2013/02/03 13:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions
[2013/01/11 08:59:46 | 000,088,908 | ---- | M] () (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}.xpi
[2013/01/11 09:55:47 | 000,001,048 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\appbario7-customized-web-search.xml
[2013/02/02 15:17:43 | 000,001,294 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\delta.xml
[2013/01/19 08:37:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/19 08:38:38 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/17 17:03:40 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/21 00:21:10 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SMessaging] C:\Users\chris\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1282327868-799515634-4252873935-1002..\Run: [ShutterflyStudio] C:\Program Files (x86)\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5E6B092B-80AB-4AAB-A826-946C2EE5F243}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 13:58:22 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/02/03 13:07:36 | 000,000,000 | ---D | C] -- C:\Users\chris\Desktop\RK_Quarantine
[2013/02/03 12:47:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/02/03 12:30:49 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/02/03 12:29:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/02 15:19:20 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Strongvault
[2013/02/02 15:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2013/02/02 15:18:25 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Stronghold_LLC
[2013/02/02 15:18:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/02/02 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\AnySend
[2013/02/02 15:17:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AnySend
[2013/02/02 15:17:00 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\DSite
[2013/02/02 11:47:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 10:58:08 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\lemke12
[2013/01/23 11:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/23 11:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013/01/23 11:14:06 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013/01/23 11:09:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013/01/23 11:08:34 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Local\Microsoft Help
[2013/01/23 11:08:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/23 11:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/01/23 11:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/01/19 08:37:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/01/11 09:54:06 | 000,019,632 | ---- | C] (PerformerSoft LLC) -- C:\Windows\SysNative\roboot64.exe
[2013/01/11 09:53:00 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/11 09:52:55 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutterfly Studio
[2013/01/11 09:43:15 | 000,000,000 | ---D | C] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/01/11 09:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly
[2013/01/11 09:43:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/01/11 09:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Shutterfly
[2013/01/06 20:55:34 | 000,000,000 | ---D | C] -- C:\Users\chris\Documents\Emulator - Nestopia139_p2p

========== Files - Modified Within 30 Days ==========

[2013/02/05 09:07:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/05 08:55:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 09:03:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 09:03:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 14:05:38 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/03 14:05:38 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/03 14:05:38 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/03 13:58:16 | 372,596,836 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/03 13:58:16 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 12:54:56 | 000,053,435 | ---- | M] () -- C:\Users\chris\Desktop\15-adwcleaner.htm
[2013/02/02 11:47:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chris\Desktop\OTL.exe
[2013/02/02 10:28:54 | 000,235,877 | ---- | M] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/01 23:18:56 | 000,221,695 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:17:00 | 000,320,605 | ---- | M] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/01/31 23:45:13 | 000,123,315 | ---- | M] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/23 12:22:25 | 000,362,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/22 19:57:52 | 000,004,421 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | M] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 10:59:40 | 000,001,252 | ---- | M] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 10:59:40 | 000,001,228 | ---- | M] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:52:26 | 012,176,352 | ---- | M] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | M] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk

========== Files Created - No Company Name ==========

[2013/02/03 13:58:16 | 372,596,836 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/02/03 12:54:50 | 000,053,435 | ---- | C] () -- C:\Users\chris\Desktop\15-adwcleaner.htm
[2013/02/02 10:28:53 | 000,235,877 | ---- | C] () -- C:\Users\chris\Desktop\renewcleaninggenericvp.png
[2013/02/01 23:18:55 | 000,221,695 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning two.png
[2013/02/01 23:16:59 | 000,320,605 | ---- | C] () -- C:\Users\chris\Desktop\838 cleaning one.png
[2013/01/31 23:45:05 | 000,123,315 | ---- | C] () -- C:\Users\chris\Desktop\FAQ.pdf
[2013/01/22 19:57:52 | 000,004,421 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails4996221766399289501.pdf
[2013/01/22 19:48:49 | 000,004,666 | ---- | C] () -- C:\Users\chris\Desktop\civilCaseDetails6241122668617512643.pdf
[2013/01/11 09:52:55 | 000,001,252 | ---- | C] () -- C:\Users\chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shutterfly Studio.lnk
[2013/01/11 09:52:55 | 000,001,228 | ---- | C] () -- C:\Users\chris\Desktop\Shutterfly Studio.lnk
[2013/01/11 09:52:08 | 012,176,352 | ---- | C] () -- C:\Users\chris\Desktop\ShutterflyStudioInstaller.exe
[2013/01/11 09:43:12 | 000,001,184 | ---- | C] () -- C:\Users\Public\Desktop\Shutterfly Express Uploader.lnk
[2012/08/21 10:15:51 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/16 17:07:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/08/16 16:59:28 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011/06/16 23:34:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/03/17 15:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2012/09/22 18:11:53 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\LocalLow\Microsoft\Silverlight\is\xy05xm05.1kb\d51hxmgb.wmv\1\l
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

========== LOP Check ==========

[2013/02/02 17:14:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\AnySend
[2013/01/11 09:43:15 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\com.Shutterfly.ExpressUploader
[2013/02/02 15:17:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\DSite
[2013/01/11 09:53:00 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Shutterfly
[2013/01/23 08:51:39 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\SoftGrid Client
[2013/02/02 15:19:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Strongvault
[2012/08/16 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\Synaptics
[2013/01/22 13:43:20 | 000,000,000 | ---D | M] -- C:\Users\chris\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#11
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again,
Looks like I missed a little piece of junk so I will remove it now, then we can sweep for any remnants that remain.
You mentioned that your wife's computer has been compromised, has she seeked assistance with it?

Step 1
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-sea...0003cd92b2cb0e7
    IE - HKU\S-1-5-21-1282327868-799515634-4252873935-1002\..\SearchScopes\{081ECD49-36FA-4DC7-839A-823A92EE341B}: "URL" = FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
    [2013/02/03 13:13:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions
    [2013/01/11 09:55:47 | 000,001,048 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\appbario7-customized-web-search.xml
    [2013/02/02 15:17:43 | 000,001,294 | ---- | M] () -- C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\delta.xml
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 3

Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:
  • OTL fix log
  • MalwareBytes log
  • ESET log
  • Any other symptoms?

  • 0

#12
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKU\S-1-5-21-1282327868-799515634-4252873935-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1282327868-799515634-4252873935-1002\Software\Microsoft\Internet Explorer\SearchScopes\{081ECD49-36FA-4DC7-839A-823A92EE341B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{081ECD49-36FA-4DC7-839A-823A92EE341B}\ not found.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\extensions folder moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\appbario7-customized-web-search.xml moved successfully.
C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\67go1625.default\searchplugins\delta.xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 49644 bytes
->Temporary Internet Files folder emptied: 40908 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 86358886 bytes
->Flash cache emptied: 958 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 48381 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 56232 bytes

Total Files Cleaned = 83.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02052013_110956

Files\Folders moved on Reboot...
C:\Users\chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...






Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
chris :: CHRIS-HP [administrator]

Protection: Enabled

2/5/2013 11:22:15 AM
mbam-log-2013-02-05 (11-22-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206716
Time elapsed: 3 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



C:\Users\chris\Downloads\AnySendSetup.exe a variant of Win32/InstallCore.BB application
C:\Users\chris\Downloads\Setup(1).exe a variant of Win32/Adware.iBryte.D application
C:\Users\chris\Downloads\Setup(2).exe a variant of Win32/Adware.iBryte.D application
C:\Users\chris\Downloads\Setup.exe a variant of Win32/Adware.iBryte.D application
C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe a variant of Win32/SoftonicDownloader.E application
E:\CHRIS-HP\Backup Set 2013-02-01 084155\Backup Files 2013-02-01 084155\Backup files 1.zip multiple threats
E:\CHRIS-HP\Backup Set 2013-02-03 205526\Backup Files 2013-02-03 205526\Backup files 1.zip multiple threats


the only sysmptom i have is backup space. In system and security action center it says check backup disk space (important) the disk saved oon doesn't have enough free space

my wife posted today with the headline "virus"
She had posed before however was informed she didn't have enough space on her c drive to utilize tools needed. She started another thread today titled, "virus" as she had cleaned up some space by doing a ...restore? I believe

Thanks Crowbar!!
  • 0

#13
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
You are most welcome!

As for the wife, I will try to find her post, I might as well be the malware remover for your whole family! :)
If I don't get to her, I know that anyone here will be able to help her out just fine.

Now for your computer. I will remove what the ESET scanner found, but I don't want to touch your backup zip files found here
E:\CHRIS-HP\Backup Set 2013-02-01 084155\Backup Files 2013-02-01 084155\Backup files 1.zip
and you can see that ESET does not like this file. I really want to see this file deleted, but since it says backup, I am going to ask that you delete it.
Is your E: drive your backup drive? If so, I do see that it's full as it's only a 3GB drive .
Tell me more about your backup system - is it an external drive? Do you use the Windows backup?

A proper backup method is to use an external drive such as a USB hard drive, and use the Windows 7 backup utility. Mine are always at least twice the capacity of my computers hard drive. Your system drive is 279.37 Gb, so I would use at least a 500gb drive, a bigger one is even better.

There is a file that ESET picked up on, C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe
I want to delete this file, but if you would like to keep it, just remove that line from my OTL fix below.
I don't think that the shutterfly studio program is bad, but the softonic downloader is not considered very good.
I would try to avoid softonic for downloading anything. Same goes for CNET.
For file downloads, I recommend filehippo.com or majorgeeks.com, as they have a good reputation.


Step 1

We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    :OTL
    O4 - HKLM..\Run: [SMessaging] C:\Users\chris\AppData\Local\Strongvault Online Backup\SMessaging.exe File not found
    :files
    C:\Users\chris\AppData\Roaming\Strongvault
    C:\Users\chris\AppData\Local\Strongvault
    C:\Users\chris\Downloads\AnySendSetup.exe
    C:\Users\chris\Downloads\Setup(1).exe
    C:\Users\chris\Downloads\Setup(2).exe
    C:\Users\chris\Downloads\Setup.exe
    C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe
    :commands
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

Step 2
This should be the last time I have you do this - I hope :lol:

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows. OTL.Txt which is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it in your next reply

In your next reply I would like to see:

  • OTL fix log
  • one last (I hope) OTL quick scan to make sure I got those last few entries
  • Tell me more about your backups

  • 0

#14
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
There is honestly nothing on this computer i need from the backed up files... esp if they are infected! So just tell me what to do to get rid everything you suggest. Shutterfly studio, no loss really. I have these photos on a disc and I honestly have no means of a back up system :(

So from here on out if you have a recommendation for me that would be GREAT!
  • 0

#15
doubleO7

doubleO7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SMessaging deleted successfully.
========== FILES ==========
C:\Users\chris\AppData\Roaming\Strongvault\Strongvault Online Backup folder moved successfully.
C:\Users\chris\AppData\Roaming\Strongvault folder moved successfully.
File\Folder C:\Users\chris\AppData\Local\Strongvault not found.
C:\Users\chris\Downloads\AnySendSetup.exe moved successfully.
C:\Users\chris\Downloads\Setup(1).exe moved successfully.
C:\Users\chris\Downloads\Setup(2).exe moved successfully.
C:\Users\chris\Downloads\Setup.exe moved successfully.
C:\Users\chris\Downloads\SoftonicDownloader_for_shutterfly-studio.exe moved successfully.
File\Folder E:\CHRIS-HP\Backup Set 2013-02-01 084155\Backup Files 2013-02-01 084155\Backup files 1.zip multiple threats not found.
File\Folder E:\CHRIS-HP\Backup Set 2013-02-03 205526\Backup Files 2013-02-03 205526\Backup files 1.zip multiple threats not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: chris
->Temp folder emptied: 4954 bytes
->Temporary Internet Files folder emptied: 38382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19051140 bytes
->Flash cache emptied: 778 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP