Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

virus taking all disk space [Solved]

Started by ncope60 , Mar 06 2013 07:10 AM

  • This topic is locked This topic is locked

#1
ncope60
Posted 06 March 2013 - 07:10 AM

ncope60

    New Member

  • Member
  • Pip
  • 6 posts
Yestereday I received a message that there was no space on my hard drive. I saw C was almost full, so I deleted a lot of files and a few programs. I had 43 G available. A few minutes later I had 0 space again. What is going on? I also noticed the last couple of days I get memory errors.
I ran OTC and here are the results.

OTL logfile created on: 3/6/2013 6:35:12 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nancy\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 38.18% Memory free
3.99 Gb Paging File | 1.38 Gb Available in Paging File | 34.54% Paging File free
Paging file location(s): c:\pagefile.sys 256 512

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.57 Gb Total Space | 1.27 Gb Free Space | 0.45% Space Free | Partition Type: NTFS
Drive D: | 13.22 Gb Total Space | 1.86 Gb Free Space | 14.08% Space Free | Partition Type: NTFS
Drive F: | 931.28 Gb Total Space | 588.40 Gb Free Space | 63.18% Space Free | Partition Type: FAT32

Computer Name: NANCY-PC | User Name: nancy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/03/06 06:33:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nancy\Downloads\OTL.exe
PRC - [2013/02/05 09:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2013/01/10 17:41:08 | 000,539,600 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe
PRC - [2013/01/10 17:41:08 | 000,305,808 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe
PRC - [2013/01/10 17:41:08 | 000,214,656 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask2.exe
PRC - [2013/01/10 17:41:00 | 000,082,808 | ---- | M] (Avanquest Software) -- C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/04/11 14:45:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011/07/12 17:10:20 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSpeed.exe
PRC - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/18 18:06:52 | 000,518,144 | ---- | M] (Brother International) -- C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe
PRC - [2010/10/11 11:08:18 | 002,763,080 | ---- | M] (Sunbelt Software) -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe
PRC - [2009/08/05 13:56:44 | 000,710,528 | ---- | M] (SonicWALL Inc.) -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe
PRC - [2009/07/24 20:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 22:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 13:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2007/05/10 22:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/28 17:08:19 | 000,459,728 | ---- | M] () -- C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppgooglenaclpluginchrome.dll
MOD - [2013/02/28 17:08:16 | 004,050,896 | ---- | M] () -- C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
MOD - [2013/02/28 17:07:25 | 000,596,944 | ---- | M] () -- C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\libglesv2.dll
MOD - [2013/02/28 17:07:24 | 000,124,368 | ---- | M] () -- C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\libegl.dll
MOD - [2013/02/28 17:07:21 | 001,552,848 | ---- | M] () -- C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\ffmpegsumo.dll
MOD - [2013/02/26 19:17:03 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2012/01/08 07:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/10/05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/07/08 12:19:28 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMOffice.dll
MOD - [2011/07/07 10:03:20 | 000,258,048 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMScnSet.dll
MOD - [2011/07/07 10:01:40 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSave.dll
MOD - [2011/07/07 10:00:40 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMCommon.dll
MOD - [2011/07/01 08:40:56 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMISM.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2010/06/12 22:35:22 | 000,146,944 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\ScanModule.dll
MOD - [2010/06/10 16:42:18 | 001,036,288 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\SlideBarDLL.dll
MOD - [2010/05/21 08:42:26 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMImageSplitter.dll
MOD - [2010/05/21 08:42:16 | 004,567,040 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMView.dll
MOD - [2010/05/21 08:39:44 | 000,614,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMDB_N.dll
MOD - [2010/05/17 09:53:12 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMPDFView.dll
MOD - [2010/05/17 09:52:10 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSet.dll
MOD - [2010/05/07 10:46:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PerformOcr.dll
MOD - [2010/04/27 14:20:18 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMStatus.dll
MOD - [2010/04/14 15:38:30 | 000,352,256 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMTree.dll
MOD - [2010/03/31 09:25:28 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\OutlookVBA.dll
MOD - [2010/03/17 10:49:58 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMINSO.dll
MOD - [2010/03/02 14:10:02 | 000,430,080 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMPageVW.dll
MOD - [2010/03/02 14:09:08 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMDocVW.dll
MOD - [2009/12/04 16:20:52 | 000,323,584 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMAnoSet.dll
MOD - [2009/11/27 16:38:52 | 000,331,776 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMAppBar.dll
MOD - [2009/11/26 16:49:38 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\NetFun2K.dll
MOD - [2009/11/09 17:35:52 | 000,184,320 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMImgVW.dll
MOD - [2009/09/09 13:44:26 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMANO.dll
MOD - [2009/08/06 09:22:18 | 000,421,888 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\FT.dll
MOD - [2009/07/24 20:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 20:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 20:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/07/23 13:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009/06/26 08:03:42 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMApSet.dll
MOD - [2009/06/17 13:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2009/06/17 13:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2009/06/17 13:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/12/12 15:52:04 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMProp.dll
MOD - [2008/11/17 13:56:24 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\nsSign.dll
MOD - [2008/08/25 16:19:34 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PHooKDlg.dll
MOD - [2008/08/25 15:16:44 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMIEVW.dll
MOD - [2007/08/31 16:51:04 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMVoice.dll
MOD - [2007/05/10 22:25:20 | 002,469,888 | ---- | M] () -- C:\Program Files (x86)\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2007/03/30 09:24:12 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\Qem.dll
MOD - [2007/03/30 09:01:28 | 000,038,992 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\NsOEMKey.dll
MOD - [2007/03/30 08:57:04 | 000,034,896 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\Import.dll
MOD - [2007/03/30 08:49:38 | 000,104,528 | ---- | M] () -- C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\ComClass.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/08 15:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009/07/02 12:16:06 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/06/29 14:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/03/27 20:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe -- (AESTFilters)
SRV - [2013/02/26 19:17:05 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/21 13:29:42 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/05 09:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2013/01/10 17:41:08 | 000,539,600 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\MXTask.exe -- (SystemSuite Task Manager)
SRV - [2013/01/10 17:41:08 | 000,305,808 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\AVQWinMonEngine.exe -- (.AVQWindowsMonitorService)
SRV - [2013/01/10 17:41:00 | 000,082,808 | ---- | M] (Avanquest Software) [Auto | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\AQFileRestoreSrv.exe -- (AQFileRestoreSrv)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/04/11 14:45:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/07 18:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 16:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/11 11:08:18 | 002,763,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/25 17:23:10 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009/09/23 20:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/08/05 13:56:48 | 000,482,688 | ---- | M] (SonicWALL Inc.) [Auto | Running] -- C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEService64.exe -- (SONICWALL_NetExtender)
SRV - [2009/06/29 14:44:38 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\STacSV64.exe -- (STacSV)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 12:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/02 15:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_dc6a6e8ef654da29\AESTSr64.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/14 17:02:42 | 000,021,104 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/14 14:54:30 | 000,064,600 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SBREDrv.sys -- (SBRE)
DRV:64bit: - [2009/07/28 15:28:06 | 000,140,128 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/08 19:49:16 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/08 15:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009/07/08 15:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009/07/02 12:51:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/29 14:44:38 | 000,487,424 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 14:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 14:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 04:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 00:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/05/20 16:09:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:64bit: - [2009/05/12 20:39:00 | 000,239,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/05/04 23:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009/04/29 09:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2009/04/06 19:31:08 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/04/03 08:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/02/23 13:56:10 | 000,022,168 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2013/01/10 17:41:06 | 000,021,576 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AQFileRestore.sys -- (AQFileRestore)
DRV - [2013/01/10 17:41:04 | 000,048,320 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\KFilter.sys -- (KFilter)
DRV - [2013/01/10 17:41:04 | 000,040,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Avanquest\SystemSuite\TFilter.sys -- (TFilter)
DRV - [2010/05/13 07:56:22 | 000,098,392 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}
IE:64bit: - HKLM\..\SearchScopes\{26D0B1F1-F5C7-4908-94A4-6C9F2C247C45}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE:64bit: - HKLM\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKLM\..\SearchScopes\{26D0B1F1-F5C7-4908-94A4-6C9F2C247C45}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKLM\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://romulan/teweb/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000037f8f81ea
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes\{26D0B1F1-F5C7-4908-94A4-6C9F2C247C45}: "URL" = http://www.ask.com/w...}&l=dis&o=ushpl
IE - HKCU\..\SearchScopes\{378EBEEF-77D9-4CEC-99CA-5856013B9FD1}: "URL" = http://websearch.ask...04-F64009ABF4B4
IE - HKCU\..\SearchScopes\{65340536-231A-4550-84A8-6853A3A42120}: "URL" = http://search.condui...&ctid=CT2790392
IE - HKCU\..\SearchScopes\{7E9817EF-6076-4E8D-82EC-06B825F072F2}: "URL" = http://search.yahoo....417,16491,0,8,0
IE - HKCU\..\SearchScopes\{83FE70D8-A664-43B3-9CAF-09FDC7F6DE25}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "BitTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.amazon.com/"
FF - prefs.js..extensions.enabledAddons: add-to-searchbox%40maltekraus.de:2.0
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7B88c7f2aa-f93f-432c-8f0e-b7d85967a527%7D:3.18.0.7
FF - prefs.js..extensions.enabledAddons: seotoolbar%40seobook.com:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.4.20130221100632
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0b14
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.20
FF - prefs.js..extensions.enabledItems: {4d855a8a-1536-4aa8-bf99-da2362910205}:9.0.2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {7605153B-D9E5-4F82-8CF4-CD833E7038BE}:1.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {5384767E-00D9-40E9-B72F-9CC39D655D6F}:1.4.1.0
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\nancy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nancy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nancy\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files (x86)\eMusic Download Manager\xulrunner\components [2012/11/16 07:43:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files (x86)\eMusic Download Manager\xulrunner\plugins [2013/03/05 18:19:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/30 19:31:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 13:29:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/05 18:19:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/30 19:31:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\nancy\AppData\Roaming\Move Networks [2010/01/28 20:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{7605153B-D9E5-4F82-8CF4-CD833E7038BE}: C:\Users\nancy\AppData\Local\{7605153B-D9E5-4F82-8CF4-CD833E7038BE} [2010/08/14 11:57:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 13:29:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/05 18:19:28 | 000,000,000 | ---D | M]

[2009/12/25 18:46:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Extensions
[2013/02/28 16:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions
[2012/11/30 05:43:25 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/28 16:32:40 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/04/25 12:22:29 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013/02/28 16:37:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/18 06:48:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/08/28 16:32:50 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2011/03/27 20:49:54 | 000,000,000 | ---D | M] (Add to Search Bar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\[email protected]
[2010/07/18 20:38:25 | 000,000,000 | ---D | M] (SEMToolbar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\[email protected]
[2012/04/08 07:58:00 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\[email protected]
[2013/02/23 14:27:54 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\[email protected]
[2013/02/19 10:48:18 | 000,223,047 | ---- | M] () (No name found) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\[email protected]
[2012/01/03 15:27:44 | 000,002,333 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\askcom.xml
[2012/01/11 12:44:22 | 000,000,929 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\conduit.xml
[2011/03/27 20:50:59 | 000,002,050 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\google-secure.xml
[2012/10/07 20:09:41 | 000,006,435 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\SearchAmong.xml
[2013/02/15 09:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/06 14:08:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/02/08 09:06:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/02/21 13:29:43 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 17:58:34 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/02/01 12:22:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/21 13:29:41 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.searchamong.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nancy\AppData\Local\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: eMusic Remote Plugin (Enabled) = C:\Program Files (x86)\eMusic Download Manager\plugin\npemusic.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\nancy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: ShopAtHome.com extension = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc\7.0.1.0_0\
CHR - Extension: Gmail = C:\Users\nancy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/08/17 12:17:48 | 000,000,860 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files (x86)\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [WrtMon.exe] C:\Windows\SysNative\spool\drivers\x64\3\WrtMon.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMSpeed] C:\Program Files (x86)\NewSoft\Presto! PageManager 9.02\PMSpeed.exe (NewSoft Technology Corporation)
O4 - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Common Files\AntiVirus\SBRC.exe (Sunbelt Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - Startup: C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk = C:\Program Files (x86)\Brother\DSmobileSCAN II\DSmobileSCAN.exe (Brother International)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files (x86)\WinHTTrack\WinHTTrackIEBar.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {0D221D00-A6ED-477C-8A91-41F3B660A832} http://romulan/TEWeb...OpType=PrintCab (RSClientPrint 2005 Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{563D6202-538C-4E7C-9524-FC833C500C71}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8971B8D-F752-4D25-A64B-A284B973702D}: DhcpNameServer = 209.244.0.4 209.244.0.3
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\syswow64\userinit.exe) - c:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/05 15:34:10 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/02/16 07:55:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/02/13 06:27:41 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/02/13 06:27:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/02/06 14:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009/09/13 20:58:52 | 000,011,776 | ---- | C] (Nattyware) -- C:\Users\nancy\pixie.exe

========== Files - Modified Within 30 Days ==========

[2013/03/06 06:43:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 06:27:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2755957842-2366851467-2523496329-1001UA.job
[2013/03/06 06:16:14 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 06:16:14 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 06:16:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 06:09:37 | 000,001,144 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DSmobileSCAN II.lnk
[2013/03/06 06:08:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 06:08:23 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/03/06 06:08:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 06:08:07 | 3016,904,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/05 19:37:21 | 018,731,087 | -H-- | M] () -- C:\Users\nancy\AppData\Local\AQT{F7728949-9419-45B3-8FC4-5032B0023616}
[2013/03/05 15:38:21 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2013/03/05 15:38:21 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2013/03/05 15:34:00 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2013/03/05 09:08:31 | 001,437,696 | ---- | M] () -- C:\Users\nancy\Documents\Orders2013.accdb
[2013/03/05 08:27:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2755957842-2366851467-2523496329-1001Core.job
[2013/02/26 15:46:04 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleFornancy.job
[2013/02/16 07:55:13 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/16 07:55:13 | 000,002,046 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/02/15 09:46:07 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/14 16:28:45 | 000,000,600 | ---- | M] () -- C:\Users\nancy\AppData\Local\PUTTY.RND
[2013/02/14 07:51:52 | 002,367,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/13 19:23:52 | 000,744,818 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/13 19:23:52 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/13 19:23:52 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/03/05 15:38:21 | 000,002,200 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
[2013/03/05 15:38:21 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2013/03/05 15:34:00 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/03/04 19:01:40 | 001,437,696 | ---- | C] () -- C:\Users\nancy\Documents\Orders2013.accdb
[2013/02/15 09:46:07 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/02/13 06:27:38 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/02/13 06:27:38 | 000,002,046 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/10 17:41:06 | 000,021,576 | ---- | C] () -- C:\Windows\SysWow64\drivers\AQFileRestore.sys
[2012/11/12 08:58:53 | 000,060,864 | ---- | C] () -- C:\Users\nancy\g2mdlhlpx.exe
[2012/11/06 14:19:24 | 000,000,600 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\PUTTY.RND
[2011/09/30 22:44:34 | 000,000,600 | ---- | C] () -- C:\Users\nancy\AppData\Local\PUTTY.RND
[2010/08/14 11:57:29 | 000,000,120 | ---- | C] () -- C:\Users\nancy\AppData\Local\Wganej.dat
[2010/08/14 11:57:29 | 000,000,000 | ---- | C] () -- C:\Users\nancy\AppData\Local\Frasacanar.bin
[2010/08/14 11:54:58 | 000,000,024 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\bawuho.dat
[2010/08/14 11:54:54 | 000,000,004 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\avdrn.dat
[2009/12/24 18:45:35 | 018,731,087 | -H-- | C] () -- C:\Users\nancy\AppData\Local\AQT{F7728949-9419-45B3-8FC4-5032B0023616}
[2009/09/21 22:06:58 | 000,000,119 | ---- | C] () -- C:\Users\nancy\file_id.diz
[2009/02/09 13:59:00 | 000,000,065 | ---- | C] () -- C:\Users\nancy\Pixie Online Help.url

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/04/11 07:13:07 | 000,000,000 | -HSD | M] -- C:\Users\nancy\AppData\Roaming\.#
[2013/03/06 06:09:54 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\.oit
[2012/12/25 12:56:08 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Audacity
[2013/01/17 08:38:20 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Avanquest
[2012/02/16 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Babylon
[2013/03/05 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\BitTorrent
[2012/08/26 02:51:48 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\BitZipper
[2013/01/15 15:42:08 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\calibre
[2012/11/23 06:54:23 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/26 16:27:00 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\CoreFTP
[2012/02/04 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\DriverCure
[2010/01/26 20:44:47 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\eFax Messenger
[2011/04/01 18:08:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\eMusic
[2013/02/16 19:27:17 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\FileZilla
[2013/01/15 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Funmoods
[2012/08/01 17:33:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Garmin
[2010/03/18 18:54:02 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\j2 Global
[2010/08/14 08:52:20 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/08/14 08:14:21 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\OfficeRecovery
[2010/08/11 19:18:17 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\PADGen
[2011/05/22 17:20:03 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Philipp Winterberg
[2012/02/04 11:52:29 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\SpeedyPC Software
[2010/04/18 17:28:50 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\TrafficIncubator
[2011/04/17 09:36:57 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\WeatherBug
[2011/01/27 07:15:32 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Web2Mayhem
[2009/12/24 21:06:23 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\WildTangent

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
Buddierdl
Posted 06 March 2013 - 08:09 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I will post some instructions for you soon.
  • 0

#3
ncope60
Posted 06 March 2013 - 09:51 AM

ncope60

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, looking forward to a solution
  • 0

#4
Buddierdl
Posted 06 March 2013 - 12:06 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi ncope60,

Let's get started.

Step 1: Run OTL fix. Please move OTL to your desktop before running the fix. Please be sure to run all tools from your desktop.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00000037f8f81ea
IE - HKCU\..\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}: "URL" = http://www.searchamo...t=webs&bar=true
IE - HKCU\..\SearchScopes\{378EBEEF-77D9-4CEC-99CA-5856013B9FD1}: "URL" = http://websearch.ask...04-F64009ABF4B4
IE - HKCU\..\SearchScopes\{65340536-231A-4550-84A8-6853A3A42120}: "URL" = http://search.condui...&ctid=CT2790392

FF - prefs.js..browser.search.defaultthis.engineName: "BitTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: %7B88c7f2aa-f93f-432c-8f0e-b7d85967a527%7D:3.18.0.7
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q="
[2012/08/28 16:32:40 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}

[2013/02/18 06:48:26 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012/01/11 12:44:22 | 000,000,929 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\conduit.xml
[2012/10/07 20:09:41 | 000,006,435 | ---- | M] () -- C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\SearchAmong.xml
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/02/16 17:58:34 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

CHR - homepage: http://www.searchamong.com

O2 - BHO: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Updater For Simppull Toolbar) - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - C:\Program Files (x86)\simppulltoolbar\auxi\simppulltoolbAu.dll File not found
O2 - BHO: (no name) - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No CLSID value found.

[2010/08/14 11:57:29 | 000,000,120 | ---- | C] () -- C:\Users\nancy\AppData\Local\Wganej.dat
[2010/08/14 11:57:29 | 000,000,000 | ---- | C] () -- C:\Users\nancy\AppData\Local\Frasacanar.bin
[2010/08/14 11:54:58 | 000,000,024 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\bawuho.dat
[2010/08/14 11:54:54 | 000,000,004 | ---- | C] () -- C:\Users\nancy\AppData\Roaming\avdrn.dat

[2012/02/16 17:58:28 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Babylon
[2013/01/15 13:48:14 | 000,000,000 | ---D | M] -- C:\Users\nancy\AppData\Roaming\Funmoods

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • You should find and "Extras.txt" log located in your downloads folder. Please post that.
  • How is your computer running now?

  • 0

#5
ncope60
Posted 06 March 2013 - 03:45 PM

ncope60

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the OTC Log file
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{154d339e-ccaa-49a5-9b38-6878ad4220bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{378EBEEF-77D9-4CEC-99CA-5856013B9FD1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{378EBEEF-77D9-4CEC-99CA-5856013B9FD1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{65340536-231A-4550-84A8-6853A3A42120}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65340536-231A-4550-84A8-6853A3A42120}\ not found.
Prefs.js: "BitTorrentBar Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.condui...={searchTerms}" removed from browser.search.defaulturl
Prefs.js: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9 removed from extensions.enabledAddons
Prefs.js: %7B88c7f2aa-f93f-432c-8f0e-b7d85967a527%7D:3.18.0.7 removed from extensions.enabledAddons
Prefs.js: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.1.0 removed from extensions.enabledItems
Prefs.js: "http://search.condui...rchSource=2&q=" removed from keyword.URL
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\searchplugins folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\META-INF folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\defaults\preferences folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\defaults folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}\chrome folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79} folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\searchplugin folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\Plugins folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\modules folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\META-INF folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\defaults folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\components folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\chrome folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} folder moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\conduit.xml moved successfully.
C:\Users\nancy\AppData\Roaming\Mozilla\Firefox\Profiles\fyn3emgd.default\searchplugins\SearchAmong.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ABD3B5E1-B268-407B-A150-2641DAB8D898}\ deleted successfully.
C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4B8BAB4-1667-11DF-A242-BA9455D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E4E6BF2A-1667-11DF-A01F-1F9655D89593}\ not found.
C:\Users\nancy\AppData\Local\Wganej.dat moved successfully.
C:\Users\nancy\AppData\Local\Frasacanar.bin moved successfully.
C:\Users\nancy\AppData\Roaming\bawuho.dat moved successfully.
C:\Users\nancy\AppData\Roaming\avdrn.dat moved successfully.
C:\Users\nancy\AppData\Roaming\Babylon folder moved successfully.
C:\Users\nancy\AppData\Roaming\Funmoods\UpdateProc folder moved successfully.
C:\Users\nancy\AppData\Roaming\Funmoods folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 58264 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nancy
->Temp folder emptied: 11388 bytes
->Temporary Internet Files folder emptied: 80937728 bytes
->Java cache emptied: 37868652 bytes
->FireFox cache emptied: 68604358 bytes
->Google Chrome cache emptied: 13947246 bytes
->Apple Safari cache emptied: 16384 bytes
->Flash cache emptied: 78346 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3920 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50199 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 192.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03062013_134139

Files\Folders moved on Reboot...
C:\Users\nancy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\nancy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{500B162F-F35C-4A5B-A627-DDC0C363150F}.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


The adwcleaner file is attached

scan file for aswMBR

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-06 14:08:17
-----------------------------
14:08:17.167 OS Version: Windows x64 6.1.7601 Service Pack 1
14:08:17.168 Number of processors: 2 586 0x602
14:08:17.168 ComputerName: NANCY-PC UserName: nancy
14:08:18.680 Initialize success
14:34:29.738 AVAST engine defs: 13030600
14:35:11.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:35:11.795 Disk 0 Vendor: Hitachi_HTS725032A9A364 PC3OC70E Size: 305245MB BusType: 11
14:35:11.813 Disk 0 MBR read successfully
14:35:11.819 Disk 0 MBR scan
14:35:11.831 Disk 0 unknown MBR code
14:35:11.847 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
14:35:11.871 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291403 MB offset 409600
14:35:11.906 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13538 MB offset 597202944
14:35:11.932 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
14:35:11.990 Disk 0 scanning C:\Windows\system32\drivers
14:35:27.477 Service scanning
14:35:57.728 Modules scanning
14:35:57.748 Disk 0 trace - called modules:
14:35:58.132 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
14:35:58.145 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004383790]
14:35:58.158 3 CLASSPNP.SYS[fffff8800110843f] -> nt!IofCallDriver -> [0xfffffa800437e9d0]
14:35:58.172 5 hpdskflt.sys[fffff88001dec289] -> nt!IofCallDriver -> [0xfffffa80042cf790]
14:35:58.181 7 ACPI.sys[fffff88000f087a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80042fc060]
14:35:59.019 AVAST engine scan C:\Windows
14:36:02.653 AVAST engine scan C:\Windows\system32
14:40:36.582 AVAST engine scan C:\Windows\system32\drivers
14:40:58.650 AVAST engine scan C:\Users\nancy
14:45:11.910 AVAST engine scan C:\ProgramData
15:23:15.561 Scan finished successfully
15:35:39.871 Disk 0 MBR has been saved successfully to "C:\Users\nancy\Desktop\MBR.dat"
15:35:39.876 The log file has been saved successfully to "C:\Users\nancy\Desktop\aswMBR.txt"


I do have 36 Gig of space back now.

Attached Files


  • 0

#6
Buddierdl
Posted 07 March 2013 - 09:20 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi ncope60,

Things are looking pretty good. Let's do a few more things.

Have you recovered all your "missing" hard drive space, or do you think some is still missing?

Step 1: Remove chrome extension. Please remove the following extensions following the directions below.

Coupons Inc., Coupon Printer Manager -> there may be two instances of this one
ShopAtHome.com extension

  • Click the Chrome menu on the browser toolbar.
  • Click Tools.
  • Select Extensions.
  • Click the trash can icon by the extension you'd like to completely remove.
  • A confirmation dialog appears, click Remove.

Step 2: Upload file to VT.

Please go to VirusTotal and upload the file name "MBR.dat" on your desktop for scanning. Send me a link to the results page.

Step 3: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 4: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Things I need in your next reply:
  • Were the extensions uninstall successfully?
  • VirusTotal link
  • SecurityCheck log
  • MBAM log
  • Any outstanding problems?

  • 0

#7
ncope60
Posted 07 March 2013 - 10:35 AM

ncope60

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
having problems with step 1. The chrome browser I successfully deleted the shop at home extension. That was the only extension on chrome browser.
  • 0

#8
ncope60
Posted 07 March 2013 - 11:59 AM

ncope60

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here are the results of the scans. I have enough space to work with now. Whatever it was seems to be fixed now.
Thank you!

Step 2 results
https://www.virustot...sis/1362677408/


Step 3 results

Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avanquest SystemSuite
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 39
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.6.602.171
Adobe Reader XI
Mozilla Firefox (19.0)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
Avanquest SystemSuite Antivirus SBAMSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


Step 4 results

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.07.11

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nancy :: NANCY-PC [administrator]

Protection: Enabled

3/7/2013 11:49:07 AM
mbam-log-2013-03-07 (11-49-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217968
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#9
Buddierdl
Posted 08 March 2013 - 10:06 AM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, ncope60 :). Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

It would be a good idea also to reset your firewall in case the malware opened any ports.

Please update these programs, as old versions pose a security risk.
  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you can leave it installed, but you should remove an old version that is present on your computer. Under the "Programs and Features" menu in the Control Panel, uninstall Java™ 6 Update 39.
  • Adobe Flash -> You have the latest version, but you need to uninstall the old Adobe Flash Player 10 from the Control Panel.
  • Adobe Reader -> You have the latest version, but I would recommend securing it against the latest exploits as follows:
  • Launch Adobe Reader.
  • Click on Edit and select Preferences.
  • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
  • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
  • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
  • Click the OK button.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.
  • Any logs or removal tools left over can be deleted now. If ESET is still installed, you can uninstall it from the "Programs and Features" menu in the control panel.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

First set up a new, clean restore point:
  • Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.
  • In the left pane, click System protection. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Click the System Protection tab, and then click Create.
  • In the System Protection dialog box, type a description, and then click Create.

Then delete the old, infected ones:
  • Go Start > All Programs > Accessories > System Tools
  • Right click Disc Cleanup and select run as administrator
  • Then select the more options tab
  • Select system restore and shadow copies "Clean up"
  • Follow the prompts

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click onAll Programs, then Windows Update.
  • Click on Change Settings in the left pane and then check the option for Automatic Updates.

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

#10
ncope60
Posted 08 March 2013 - 02:13 PM

ncope60

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you!
  • 0

#11
Buddierdl
Posted 08 March 2013 - 02:22 PM

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You're welcome. Posted Image
  • 0

#12
Essexboy
Posted 08 March 2013 - 02:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP