Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected or Hacked? [Solved]

Started by chessder58 , Mar 06 2013 03:07 PM

  • This topic is locked This topic is locked

#1
chessder58
Posted 06 March 2013 - 03:07 PM

chessder58

    Member

  • Member
  • PipPip
  • 19 posts
Today I get this call from a foreigner (india) claiming to be with Microsoft wanting to access my computer to check for virus that was causeing their servers problems. Of course I did not give him any access however he called back like 3 times trying to threaten me. I hung up called Microsoft support... They directed me to a support to check computer and add higher level protecting...
He runs a couple things on my computer pings microsoft.com and in the end it shows computer hacked .. computer hacked... etc. Of course for his support to clean and secure the computer he wanted 350 dollars.. I have had a lot of problems with computer crashes now for awhile and just would run malwarebytes and microsoft essentions but crashes still happening.. Microsoft essentials did find 2 java exploits and several trojans? Any help will be appreciated.

Edited by chessder58, 06 March 2013 - 07:01 PM.

  • 0

Advertisements

#2
chessder58
Posted 06 March 2013 - 06:56 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL logfile created on: 3/6/2013 6:17:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moore\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.81% Memory free
7.60 Gb Paging File | 5.61 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 9.30 Gb Free Space | 15.88% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 225.73 Gb Free Space | 98.30% Space Free | Partition Type: NTFS

Computer Name: MOORE-PC | User Name: Moore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 18:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moore\Downloads\OTL.exe
PRC - [2013/03/05 22:49:26 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/01/31 05:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe
PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/12/30 12:38:37 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/29 08:27:10 | 034,219,904 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 06:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2010/06/18 11:18:20 | 000,462,991 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/12/29 15:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 03:37:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 03:36:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/31 05:11:06 | 002,561,488 | ---- | M] () -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe
MOD - [2013/01/31 05:10:04 | 002,231,248 | ---- | M] () -- c:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll
MOD - [2013/01/09 18:15:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:14:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:14:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 18:14:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:14:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 15:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 15:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 15:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 15:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 15:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 06:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 10:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/03/05 22:49:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 05:11:06 | 002,561,488 | ---- | M] () [Auto | Running] -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe -- (ffdshow manager)
SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/29 12:14:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/06 17:12:14 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/07 16:45:00 | 000,174,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/10/30 13:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 14:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 07:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 10:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 10:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A669512D-7314-4C46-9F30-B53BD303354C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...0000026b91da1ac
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000026b91da1ac
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...000026b91da1ac"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: "prefs.js"
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcgrawhill.com/ChemDrawMGH,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDrawMGH\NPCDPMGH32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/20 17:53:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/05 21:26:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 12:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/05 21:26:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{58bd07eb-0ee0-4df0-8121-dc9b693373df}: C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2013/01/31 12:19:03 | 000,000,000 | ---D | M]

[2012/10/05 21:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Extensions
[2012/10/05 21:26:52 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
[2012/11/15 19:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions
[2012/11/10 22:27:37 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]
[2012/11/10 22:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content\extensionCode
[2012/10/05 21:25:14 | 000,002,361 | ---- | M] () -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\searchplugins\bProtect.xml
[2012/12/12 17:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/05 08:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/08 19:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\FFDSHOW MANAGER\2.2.639.201\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
[2012/11/18 18:03:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/05 21:25:14 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/11/18 18:03:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...0000026b91da1ac
CHR - homepage: http://search.babylo...0000026b91da1ac
CHR - Extension: No name found = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.0\
CHR - Extension: No name found = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\
CHR - Extension: No name found = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph\1.0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Moore\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Smiley Bar for Facebook) - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll (Status Winks)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.90.132.162 66.90.130.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{634424DC-7940-45D1-A933-2D5F0E4DCA95}: DhcpNameServer = 66.90.132.162 66.90.130.101
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\ffdsho~1\261123~1.78\{16cdf~1\ffdsho~1.dll) - c:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll ()
O20 - AppInit_DLLs: (c:\progra~3\ffdsho~1\22639~1.201\{16cdf~1\ffdsho~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/06 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\LogMeIn Rescue Applet
[2013/03/05 22:55:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F104754B-9567-418D-A33B-950286C3A5DE}
[2013/03/05 22:40:05 | 000,000,000 | ---D | C] -- C:\Users\Moore\Documents\jwplayer-3115
[2013/03/05 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{363F7873-4932-45EC-AE7D-7F3F731D4CC6}
[2013/03/04 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52B346D5-30B8-484A-BF16-EE9E588C7C91}
[2013/03/03 18:14:30 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{05D4172C-3BF4-4A37-A429-7D329357D171}
[2013/03/02 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0AB442A5-5DC1-463D-81AA-9B6F04DBF0C9}
[2013/03/02 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C68E4603-9E48-4A89-8E92-14A17B467CAD}
[2013/03/02 10:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/01 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4EBD63E6-A3D4-454F-8D14-4CF369C45D4B}
[2013/03/01 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{CBE14286-E386-4136-AC57-2672E5189015}
[2013/03/01 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{84B6E5B5-5C8C-4006-994C-C2D0B55799A1}
[2013/02/28 20:25:26 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{06B66B8F-A006-4258-9530-3F1A58084303}
[2013/02/28 07:47:24 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FADB0872-C37C-42B7-907C-8779949B54DF}
[2013/02/27 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EC4DA965-0814-4DE0-9EF8-D7DEE99E6725}
[2013/02/26 21:46:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{D7536A98-CB4C-4684-8B40-B91C92F7E421}
[2013/02/26 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{ABBE8792-5552-4C9F-8F52-EB42F5151D22}
[2013/02/25 16:53:28 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9054DB49-9005-40BC-9B16-67B083613D58}
[2013/02/24 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8C4413A5-3D42-4950-80BE-7BEF11675520}
[2013/02/23 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C7BA2C4D-E2FB-42DF-8E69-23D4CEA4EC3C}
[2013/02/23 08:11:39 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F47B4A3F-5AA0-4BB1-A3E1-6D73C8D1A33B}
[2013/02/22 12:12:10 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{7ED53E58-2479-498A-99D4-05CC28BCB8E5}
[2013/02/21 09:04:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{175E1FDB-6890-489E-B93C-621F62E5FC93}
[2013/02/20 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4037416D-DA9F-43CE-8AF7-87AB3B492556}
[2013/02/19 12:01:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9C56310C-0AB6-4E23-93DA-2C85FC0B4DFD}
[2013/02/19 11:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/02/18 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{B4AC9D7B-96A1-4A4C-A909-52400E2B18A8}
[2013/02/17 09:19:16 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{04F9375E-EBEB-40A4-9E7A-7864BB3E1650}
[2013/02/16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F3B6399F-AE7D-4B9F-B3E6-D6AA9C3F0712}
[2013/02/15 15:33:49 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{DB68A745-7977-410B-BF1D-612510F65060}
[2013/02/14 10:09:11 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F869F690-138A-4B50-8881-E0D9FF75CF08}
[2013/02/13 07:38:06 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{99FC6ACC-5701-4656-8306-DA50796CF3FD}
[2013/02/12 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9AF7BA23-B055-4251-ABEE-56B3449C2A6C}
[2013/02/12 08:17:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{E66D7448-D8DE-4EB7-9A44-ACDB58CD882F}
[2013/02/11 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FA23E7BC-A158-4FA6-923E-283C83814B23}
[2013/02/10 16:24:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EE111DDA-6F46-48B6-AA0E-A9DDFF4E96C0}
[2013/02/09 12:11:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{211B538B-186D-4782-B8CA-6C4C426E8A23}
[2013/02/08 23:31:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52378060-1692-441F-9D61-33FCAED8DA0E}
[2013/02/08 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8FE43A57-3827-4FF0-904D-5F361CD04862}
[2013/02/07 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{77A22BC2-4A76-4BEA-B1D9-931844B5A657}
[2013/02/07 12:06:40 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{78CCCF94-393A-4779-BEB5-93F9DF749241}
[2013/02/07 11:27:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0D2F25A7-417F-4535-A561-4373E4285EAF}
[2013/02/06 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{DC13DECE-85F4-42E1-8A03-AB902C6425E7}
[2013/02/05 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{64DAC437-A862-463A-85F5-5CE5EAE04833}
[2013/02/05 10:00:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{BFCDFF6A-E059-4474-843F-6D9A75D29D07}
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/06 18:13:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/06 18:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/06 18:06:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/06 17:18:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 17:18:38 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/06 17:12:31 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/06 17:12:14 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/06 17:11:29 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/06 17:11:25 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AntiMalwarePro.job
[2013/03/06 17:10:35 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 10:14:04 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/28 15:30:43 | 000,051,062 | ---- | M] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2013/02/19 11:27:02 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/02/14 03:31:23 | 000,342,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 03:04:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/02/05 18:12:19 | 000,000,208 | ---- | M] () -- C:\Users\Moore\Desktop\TDCJ Online Offender Search.url
[3 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/02 10:14:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/02 10:14:04 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/12 11:34:28 | 000,051,062 | ---- | C] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2013/02/05 18:12:19 | 000,000,208 | ---- | C] () -- C:\Users\Moore\Desktop\TDCJ Online Offender Search.url
[2012/10/05 21:25:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/04 10:26:12 | 000,002,820 | -HS- | C] () -- C:\Users\Moore\AppData\Local\6o4v7yr6ikfw18072u
[2012/10/04 10:26:12 | 000,002,820 | -HS- | C] () -- C:\ProgramData\6o4v7yr6ikfw18072u
[2012/06/08 15:14:50 | 000,000,045 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE1.dat
[2012/06/03 19:40:08 | 000,007,606 | ---- | C] () -- C:\Users\Moore\AppData\Local\Resmon.ResmonCfg
[2012/04/04 09:22:20 | 000,003,584 | ---- | C] () -- C:\Users\Moore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 10:34:12 | 000,000,032 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE.dat
[2010/06/22 06:33:29 | 000,015,184 | ---- | C] () -- C:\Users\Moore\AppData\Roaming\wklnhst.dat
[2010/06/16 18:36:05 | 000,000,000 | ---- | C] () -- C:\Users\Moore\jagex__preferences3.dat
[2010/06/16 18:36:04 | 000,000,129 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences2.dat
[2010/06/16 18:34:40 | 000,000,046 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/05 21:25:03 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Babylon
[2012/11/18 16:57:10 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\CompuClever
[2013/01/13 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\DriverCure
[2012/10/22 19:59:51 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Internet Chess Club
[2011/06/10 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\PCDr
[2012/11/10 22:31:47 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\PerformerSoft
[2012/11/15 19:39:45 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Qwiklinx
[2012/02/01 21:33:10 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Shareaza
[2013/01/13 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\SpeedyPC Software
[2012/10/05 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\StatusWinks
[2010/06/22 06:33:31 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Template
[2010/06/22 13:38:06 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\W Photo Studio Viewer
[2011/03/04 17:30:04 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Moore\Downloads:Shareaza.GUID
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#3
godawgs
Posted 07 March 2013 - 02:18 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello chessder58, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.

I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from, the C:\Users\Moore\Downloads folder. Please copy that file and the OTL.exe file in the C:\Users\Moore\Downloads folder and paste them on the desktop. This is where OTL needs to be run from. After you copy the files to the desktop you can delete them and the OTL.txt file from the C:\Users\Moore\Downloads folder.

While I an analyzing your log I want you to get a couple of additional scans.


Step-1.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-2.

Run RogueKiller

  • Download RogueKiller.
  • Click the English Webpage link.
  • Click the 64bits (x64) download link and save the RogueKiller.exe file to the desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
Close all open windows and browsers.

  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    Posted Image
  • Click the Search button and wait for the scan to finish.
  • Once done it may ask to reboot, allow this.
  • Do Not delete anything at this point.
  • On reboot a log will be produced please copy/paste that in your next reply. This report is also saved to C:\AdwCleaner[R1].txt


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The Extras.txt log
2. The aswMBR log
3. The RKreport.txt log
4. The AdwCleaner[R1].txt log
  • 0

#4
chessder58
Posted 07 March 2013 - 12:25 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL Extras logfile created on: 3/6/2013 6:17:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moore\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.81% Memory free
7.60 Gb Paging File | 5.61 Gb Available in Paging File | 73.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 9.30 Gb Free Space | 15.88% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 225.73 Gb Free Space | 98.30% Space Free | Partition Type: NTFS

Computer Name: MOORE-PC | User Name: Moore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07500B5F-BE42-4515-99E8-B2BEC728D9E7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32B3FC81-732D-45BE-ACCF-F483FD94270C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32F8AEE8-81D3-49AC-A425-0495FEBA4D24}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{355D8912-8E2B-41CA-B0DE-33DDC6C4A64B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39591236-3728-4E40-8B3B-CA091D40F373}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{416D8CC1-9654-444A-97AD-B3F034EC2E77}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{45937D70-28B9-469B-9D3F-076C4937B6DD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51BB7752-E8B9-4436-A66C-61A6BCDA1FCF}" = lport=137 | protocol=17 | dir=in | app=system |
"{5F3331E1-359D-4C25-B229-4124558D5BB0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6BE7AC96-AE24-4820-AD81-D5BB8D9322FD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{733A7FBF-503A-4100-9B02-307A9A5AFBE8}" = lport=138 | protocol=17 | dir=in | app=system |
"{8AE2EA5A-EDA3-421F-830E-DF736F6FC5B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B2CFD1C-E9FA-4880-80F3-DB381214DB42}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8DC1AC10-E2AF-4C9C-A654-D6A6E8C031CF}" = rport=445 | protocol=6 | dir=out | app=system |
"{8EF5CF6F-B182-4D4C-96D7-D48747353701}" = lport=10243 | protocol=6 | dir=in | app=system |
"{92797EE3-82F4-44E7-B475-EC00A9EE17A0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{A227D21A-EB54-4AAE-B5BA-CBF35CDF70CA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF7138C8-419A-4D91-8E98-2C0E3AD2EBBF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C78CD53B-94B4-4561-8F61-CEA90F66CA69}" = lport=139 | protocol=6 | dir=in | app=system |
"{C8FB6696-8D3F-406C-B031-9DC30813460A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CC9819B0-630D-41C5-AA19-4A78082F98CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CFF96E67-42D1-44BD-95C6-21E5BD38C609}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D667FCC4-76FC-4A6F-B32D-019E48C405AF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D79DBE71-7137-4EB1-BD4E-CA5D1EF120B0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DB1A979B-8871-4049-AB37-219EDBA03EEB}" = rport=137 | protocol=17 | dir=out | app=system |
"{E52EAE7B-06E6-48F4-B9C8-7CFF451FB7C7}" = lport=445 | protocol=6 | dir=in | app=system |
"{E80E161A-78DA-44D4-834D-8B81468737B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{E9E0A4FF-0673-46CF-B6DB-E7282AC1F2C4}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013A4C96-0F7D-47A7-9350-7293FC2FAEB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0729CD58-8D95-4BF6-BC44-DAEBA00120C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13755326-54A1-43B6-8EB6-78E09BB1806D}" = protocol=6 | dir=in | app=c:\users\moore\appdata\local\temp\7zs1360.tmp\symnrt.exe |
"{16C80D27-48BC-49A6-B1DE-F43E1E58103A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1A82441B-D8E4-41AF-B842-B4F9A574E75D}" = protocol=1 | dir=out | [email protected],-28544 |
"{1F482CBD-B6A3-44FE-AC3B-FE7D2D1155B9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{27332A7B-6898-4E59-9547-F354B45B76BC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{37092B65-5811-4F41-AC60-60CDC2227871}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{40C64967-5A5D-44BA-8D01-2EDAF298F602}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{451B31C2-1E69-4D27-959B-8670828FAB3B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{46A66AFB-57BE-4EA8-B6DC-F67FA0DA7191}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4DE43050-53E7-4D87-8D0C-A64EA3737C3D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{54E88676-E187-4751-B7CA-7939DC951997}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{599918E4-6D76-4571-B734-54DCE5BBEE06}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{674BF580-80C9-45F4-A71B-BE025BEC0963}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6EF1D8FF-7B42-4C59-A213-1D9B505AF948}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{77B64A76-FAF9-4CF6-AA41-215B0E4D8186}" = protocol=58 | dir=out | [email protected],-28546 |
"{7A040A03-638C-46F7-8215-9C294F529BC2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80263F1E-39B4-4869-8E99-079B093CE1FF}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{871653D2-4F5E-4D3B-80BD-C6B1243996F3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89F64B8B-C457-40E6-BC61-445F8ACBDF26}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{9296F9CF-BE79-4733-84F4-B71D9FD6617F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd dx\powerdvd.exe |
"{9DB66030-1157-4861-B549-82863C625010}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EE41531-FA46-4EC0-B272-8EAAE16716D7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{A3E9F8D3-D80F-43E9-92E8-53019FCF77E4}" = protocol=17 | dir=in | app=c:\program files (x86)\free torrent viewer\freetorrentviewer.exe |
"{A607B0F0-8C54-4FDC-92F0-5039BB5664CC}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AC849E36-0FC4-4A26-A393-A45AD90DA231}" = protocol=17 | dir=in | app=c:\users\moore\appdata\local\temp\7zs1360.tmp\symnrt.exe |
"{C80F1419-B0FF-4D12-81F4-545EF88050A0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CCD2F9D7-18F3-4BAE-8A18-9E63E405F828}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CF5D6F43-5A92-4BBF-9CA9-5152986DDB0B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D3E45A22-E844-4DEF-BB8C-770F7AE7AE63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D60445D8-DBAD-488E-99D7-BF440D2AD77C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D73F3FE8-FA29-49A5-921B-7D36D1478873}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DC4FF46B-8E9D-49B8-9A74-5A7033B67451}" = protocol=6 | dir=in | app=c:\program files (x86)\free torrent viewer\freetorrentviewer.exe |
"{EAF98A71-5EB4-431C-B331-EB0C9812E6E7}" = protocol=6 | dir=out | app=system |
"{F13CA279-DB1B-4C00-A29C-EC3C1578E3C7}" = protocol=1 | dir=in | [email protected],-28543 |
"{F53D9D79-E187-4055-87A1-D68BC0110027}" = protocol=58 | dir=in | [email protected],-28545 |
"{FA5ADBF8-3F75-4945-B1F6-8077069D0D15}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{32B5A6E8-C0B3-46CB-8EE1-07B0FFD1354B}C:\users\moore\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\moore\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"TCP Query User{B63CE0F2-3F5E-4CAB-8F46-D235C8A11055}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{CD77F40A-1F14-4B42-9B3C-536739D5507D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{25122C03-9358-4A11-940C-1368FBB296A0}C:\users\moore\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\moore\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe |
"UDP Query User{E107940A-2C39-4A1D-8E7C-1AFC82F85AE3}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{FB2639A2-C242-4E92-89DC-5A6B561881EF}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7346C35D-942D-3CCE-94CB-7008BA8D63CB}" = Application Verifier x64 External Package
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro™ Titanium™
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Security Client" = Microsoft Security Essentials
"PC-Doctor for Windows" = Dell Support Center

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = ffdshow manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1ED1E8FC-367E-4C34-A745-6D89A27D2F7F}" = CambridgeSoft ChemDraw McGraw-Hill 12.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2E497885-E60B-420A-832D-0148B392E058}_is1" = Qwiklinx
"{3018B943-C76C-44B0-B078-790A28CEF67E}" = Microsoft UI Engine
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{363a2c1e-637f-45ce-933b-5a5463efd945}" = Windows Software Development Kit
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{512957F0-B211-C50A-C1FC-6867FC3348A1}" = Windows Software Development Kit Redistributables
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774C9DDA-291E-4F43-B48F-DD47DCE62613}" = TripControl 4.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C9B1E13-DC3B-49C1-9B22-D1756F77EBB5}" = Xata XML Core Services
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_STANDARD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{986EABFC-92F6-CECD-9E5A-B13CAC40BB1D}" = WPTx64
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BC6AB96-3613-4676-ABE8-4B7F55D7D8E7}" = DriverUpdate
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A5D42D71-4036-5F88-5085-657C9DF9F1DD}" = WPT Redistributables
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4F102C5-EEA1-CAE1-8E67-1A7FCE27F673}" = Windows Software Development Kit EULA
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E14DDED2-919B-FCCB-84AC-5ABB6D182D46}" = Kits Configuration Installer
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E63A3353-003C-E4C2-230B-F155212D1479}" = SDK Debuggers
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dasher" = Dasher
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"ffdshow_is1" = ffdshow v1.2.4422 [2012-04-09]
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"HaaliMkx" = Haali Media Splitter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"PC TuneUp Maestro" = PC TuneUp Maestro
"PokerStars.net" = PokerStars.net
"RadioRage_4jbar Uninstall" = RadioRage Toolbar
"RealPlayer 16.0" = RealPlayer
"Smiley Bar for Facebook" = Smiley Bar for Facebook
"STANDARD" = Microsoft Office Standard 2007
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8EB85C0E-DE7D-4A53-BD66-708B8F2C80B0}" = HHD Software Free Hex Editor Neo 5.14

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2013 7:56:58 PM | Computer Name = Moore-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/5/2013 8:42:11 PM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/5/2013 9:15:03 PM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 1:15:49 AM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 5:38:16 AM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 5:57:28 AM | Computer Name = Moore-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Dependent
Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 3/6/2013 8:50:07 AM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 1:53:15 PM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 6:46:32 PM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

Error - 3/6/2013 8:07:29 PM | Computer Name = Moore-PC | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = The performance counter explain text string value in the registry
is not formatted correctly. The malformed string is . The first DWORD in the Data
section contains the index value to the malformed string while the second and third
DWORDs in the Data section contain the last valid index values.

[ Media Center Events ]
Error - 6/29/2010 12:02:38 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 11:02:37 PM - Failed to retrieve SportsSchedule (Error: Unable to
connect to the remote server)

Error - 6/29/2010 8:05:37 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 7:05:37 AM - Error connecting to the internet. 7:05:37 AM - Unable
to contact server..

Error - 6/29/2010 8:05:44 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 7:05:43 AM - Error connecting to the internet. 7:05:43 AM - Unable
to contact server..

Error - 6/29/2010 9:07:05 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 8:07:05 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 6/29/2010 9:07:15 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 8:07:13 AM - Error connecting to the internet. 8:07:13 AM - Unable
to contact server..

Error - 6/29/2010 10:07:56 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 9:07:56 AM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 6/29/2010 10:08:06 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 9:08:04 AM - Error connecting to the internet. 9:08:04 AM - Unable
to contact server..

Error - 6/29/2010 11:08:31 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 10:08:31 AM - Error connecting to the internet. 10:08:31 AM - Unable
to contact server..

Error - 6/29/2010 11:08:39 AM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 10:08:37 AM - Error connecting to the internet. 10:08:37 AM - Unable
to contact server..

Error - 6/29/2010 8:30:28 PM | Computer Name = Moore-PC | Source = MCUpdate | ID = 0
Description = 7:30:28 PM - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

[ System Events ]
Error - 3/5/2013 7:25:01 PM | Computer Name = Moore-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:23:02 PM on ?3/?5/?2013 was unexpected.

Error - 3/5/2013 7:25:01 PM | Computer Name = MOORE-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/6/2013 12:32:12 AM | Computer Name = Moore-PC | Source = DCOM | ID = 10010
Description =

Error - 3/6/2013 12:34:42 AM | Computer Name = Moore-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:33:04 PM on ?3/?5/?2013 was unexpected.

Error - 3/6/2013 12:34:42 AM | Computer Name = MOORE-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/6/2013 6:01:56 AM | Computer Name = Moore-PC | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 3/6/2013 3:05:44 PM | Computer Name = Moore-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:04:02 PM on ?3/?6/?2013 was unexpected.

Error - 3/6/2013 3:05:44 PM | Computer Name = MOORE-PC | Source = BugCheck | ID = 1001
Description =

Error - 3/6/2013 7:11:08 PM | Computer Name = Moore-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:06:17 PM on ?3/?6/?2013 was unexpected.

Error - 3/6/2013 7:11:09 PM | Computer Name = MOORE-PC | Source = BugCheck | ID = 1001
Description =


< End of report >

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-03-07 12:08:07
-----------------------------
12:08:07.182 OS Version: Windows x64 6.1.7601 Service Pack 1
12:08:07.182 Number of processors: 4 586 0x2502
12:08:07.182 ComputerName: MOORE-PC UserName: Moore
12:08:07.619 Initialize success
12:08:52.232 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:08:52.232 Disk 0 Vendor: WDC_WD3200BEVT-75A23T0 01.01A01 Size: 305245MB BusType: 11
12:08:52.263 Disk 0 MBR read successfully
12:08:52.279 Disk 0 MBR scan
12:08:52.279 Disk 0 Windows 7 default MBR code
12:08:52.279 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:08:52.325 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 10000 MB offset 206848
12:08:52.357 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 60000 MB offset 20686848
12:08:52.357 Disk 0 Partition - 00 0F Extended LBA 235143 MB offset 143566848
12:08:52.419 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 235142 MB offset 143568896
12:08:52.466 Disk 0 scanning C:\Windows\system32\drivers
12:09:02.247 Service scanning
12:09:32.792 Modules scanning
12:09:32.808 Disk 0 trace - called modules:
12:09:32.839 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
12:09:32.839 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdf060]
12:09:32.854 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800492b060]
12:09:32.870 Scan finished successfully
12:09:42.058 Disk 0 MBR has been saved successfully to "C:\Users\Moore\Desktop\MBR.dat"
12:09:42.058 The log file has been saved successfully to "C:\Users\Moore\Desktop\aswMBR.txt"


RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Moore [Admin rights]
Mode : Scan -- Date : 03/07/2013 12:15:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤
[SUSP PATH] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
[SUSP PATH] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
[RESIDUE] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
[RESIDUE] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> FOUND
[TASK][ROGUE ST] 4695 : wscript.exe C:\Users\Moore\AppData\Local\Temp\launchie.vbs //B -> FOUND
[TASK][SUSP PATH] RunAsStdUser Task : "C:\Users\Moore\AppData\Local\KangoBoxSA\bin\1.0.3.0\KangoBoxSA.exe" [x] -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\WLXPGSS.SCR) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BEVT-75A23T0 ATA Device +++++
--- User ---
[MBR] 466a21840cbab346619ccf7faa58e48b
[BSP] 2e25f30cf43b8b3703aec4536b7894da : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 10000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 20686848 | Size: 60000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 143566848 | Size: 235143 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_03072013_02d1215.txt >>
RKreport[1]_S_03072013_02d1215.txt



# AdwCleaner v2.114 - Logfile created 03/07/2013 at 12:21:38
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Moore - MOORE-PC
# Boot Mode : Normal
# Running from : C:\Users\Moore\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Found : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Found : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\bprotector_extensions.sqlite
File Found : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\bprotector_prefs.js
File Found : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\searchplugins\bProtect.xml
Folder Found : C:\Program Files (x86)\fbDownloader
Folder Found : C:\Program Files (x86)\Qwiklinx
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Moore\AppData\Local\Savings Sidekick
Folder Found : C:\Users\Moore\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Moore\AppData\Roaming\Babylon
Folder Found : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\extensions\[email protected]
Folder Found : C:\Users\Moore\AppData\Roaming\PerformerSoft
Folder Found : C:\Users\Moore\AppData\Roaming\Qwiklinx
Folder Found : C:\Users\Moore\Documents\ShopToWin

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Qwiklinx
Key Found : HKCU\Software\9edadcb33dea49
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Found : HKLM\SOFTWARE\Wow6432Node\9edadcb33dea49
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48B8-9D63-80849FE137CB}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=115849&tt=031012_IKAN_4012_4&babsrc=HP_ss&mntrId=b84571680000000000000026b91da1ac

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=115849&tt=031012_IKAN_4012_4[...]
Found : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7276 octets] - [07/03/2013 12:21:38]

########## EOF - C:\AdwCleaner[R1].txt - [7336 octets] ##########
  • 0

#5
godawgs
Posted 07 March 2013 - 04:11 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

The aswMBR scan is clean so the MasterBoot Record looks OK. You have some nasty toolbars and some infected files.
I also see that Trend Micro Titanium antivirus was installed on the system at one time. I don't see it running at start up but it is not a good idea to have two (or more) antivirus products installed at the same time. You also have a dubious registry cleaner named PC TuneUp Masetro installed. We will uninstall it , the Trend Micro AV and the toolbars that are listed in the programs list. Then we will work on killing the rest.

Hard-Drive Free Space Advice:

15.88%

This is considered low. A Hard-Drive requires a bare minimum of 15% available free space to be able to function correctly, but at least 25% is better in my humble opinion.

When we are finished my friendly advice would be to uninstall some software you do not need and / or move any documents/files/pictures etc to a form of removable media. This is just my advice as the lack of current Hard-Drive space will be impacting on overall system performance. Plus eventually any type of system maintenance will prove to be problematic.


Step-1.

Program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Trend Micro Titanium
PC TuneUp Maestro
RadioRage Toolbar
Smiley Bar for Facebook

3. (Vista/7 users: right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):
C:\Program Files\Trend Micro

2. Close Windows Explorer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.babylo...0000026b91da1ac
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000026b91da1ac
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.babylo...000026b91da1ac"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/05 21:26:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks: C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2012/10/05 21:26:52 | 000,000,000 | ---D | M]
[2012/10/05 21:26:52 | 000,000,000 | ---D | M] (Smiley Bar for Facebook) -- C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
[2012/11/10 22:27:37 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]
[2012/11/10 22:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content\extensionCode
[2012/10/05 21:25:14 | 000,002,361 | ---- | M] () -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\searchplugins\bProtect.xml
[2012/10/05 21:25:14 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Moore\AppData\Roaming\Qwiklinx\Qwiklinx.dll (Qwiklinx, Inc.)
O2 - BHO: (Smiley Bar for Facebook) - {944FEDFD-C4FD-441D-8275-9C651A9FFBDE} - C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll (Status Winks)
O3 - HKLM\..\Toolbar: (no name) - {78ba36c9-6036-482b-b48d-ecca6f964b84} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2012/10/04 10:26:12 | 000,002,820 | -HS- | C] () -- C:\Users\Moore\AppData\Local\6o4v7yr6ikfw18072u
[2012/10/04 10:26:12 | 000,002,820 | -HS- | C] () -- C:\ProgramData\6o4v7yr6ikfw18072u
@Alternate Data Stream - 16 bytes -> C:\Users\Moore\Downloads:Shareaza.GUID

:FILES
ipconfig /flushdns /c
C:\Users\Moore\AppData\Roaming\Babylon
C:\Users\Moore\AppData\Roaming\Shareaza

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
    NOTE: This will produce another RKreport scan log named RKReport[2].txt. I don't need to see this one.
  • Click the Processes tab and uncheck the following entries:
    • [SUSP PATH] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
    • [SUSP PATH] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
    • [RESIDUE] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
    • [RESIDUE] ffdshowmngr.exe -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe [7] -> KILLED [TermProc]
  • Click the Registry tab and uncheck the following entries:
    • [HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • [HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
    • [HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    • [HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
    • [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    • [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-3.

Re-run AdwCleaner Fix

Close all open windows and browsers.

Re-open AdwCleaner
  • (Vista and 7 users)right click The adwcleaner.exe, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Delete button and wait for the scan.
    Posted Image
  • Everything that was found will be deleted.
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this

    Posted Image
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner[S1].txt


Step-4.

I want to get a OTL scan for all users so I have changed the instructions a little. Please read them carefully.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-5.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went
2. The OTL fixes log
3. The RKreport[3].txt and RKreport[4].txt log
4. The AdwCleaner[S1].txt log
5. The new OTL.txt log
6. How is the system running now?
  • 0

#6
chessder58
Posted 07 March 2013 - 08:59 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1.PC TUNEUP MAESTRO - removed
radiorage toolbar - not listed to remove
trendmicro trend - not listed to remove
smileybar for facebook - not listed to remove

2.All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "http://search.babylo...000026b91da1ac" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22C7F6C6-8D67-4534-92B5-529A0EC09405}\ not found.
File C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1081\firefoxextension not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks deleted successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks\chrome\skin folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks\chrome\content folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks\chrome folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks folder moved successfully.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\statuswinks@StatusWinks deleted successfully.
File C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks not found.
Folder C:\Users\Moore\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks\ not found.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\skin folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\locale\en-US folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\locale folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\defaults folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content\lib folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content\extensionCode folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome folder moved successfully.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected] folder moved successfully.
Folder C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions\[email protected]\chrome\content\extensionCode\ not found.
C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\searchplugins\bProtect.xml moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
C:\Users\Moore\AppData\Roaming\Qwiklinx\Qwiklinx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{944FEDFD-C4FD-441D-8275-9C651A9FFBDE}\ not found.
File C:\Program Files (x86)\Smiley Bar for Facebook\ScriptHost.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{78ba36c9-6036-482b-b48d-ecca6f964b84} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78ba36c9-6036-482b-b48d-ecca6f964b84}\ deleted successfully.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{725898a2-cf24-11e0-a9bc-806e6f6e6963}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Moore\AppData\Local\6o4v7yr6ikfw18072u moved successfully.
C:\ProgramData\6o4v7yr6ikfw18072u moved successfully.
Unable to delete ADS C:\Users\Moore\Downloads:Shareaza.GUID .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Moore\Desktop\cmd.bat deleted successfully.
C:\Users\Moore\Desktop\cmd.txt deleted successfully.
C:\Users\Moore\AppData\Roaming\Babylon folder moved successfully.
C:\Users\Moore\AppData\Roaming\Shareaza\Torrents folder moved successfully.
C:\Users\Moore\AppData\Roaming\Shareaza\Data folder moved successfully.
C:\Users\Moore\AppData\Roaming\Shareaza\Collections folder moved successfully.
C:\Users\Moore\AppData\Roaming\Shareaza folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Moore
->Temp folder emptied: 62350286 bytes
->Temporary Internet Files folder emptied: 3276384339 bytes
->Java cache emptied: 286600164 bytes
->FireFox cache emptied: 82008513 bytes
->Google Chrome cache emptied: 7303512 bytes
->Apple Safari cache emptied: 8225792 bytes
->Flash cache emptied: 37840 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 868962528 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 101956 bytes
RecycleBin emptied: 1026172666 bytes

Total Files Cleaned = 5,358.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03072013_195229

Files\Folders moved on Reboot...
C:\Users\Moore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Moore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.

3. RKROGUEKILLER --
Only 2 processes showed with no boxes to check
Killed / term pr...Sus Path...336 ffdshowmanager.exe c:ProgramData/ffdshowmanager/2.6.112
Killed / term pr...Sus Path...1226 ffdshowmanager.exe c:ProgramData/ffdshowmanager/2.6.112
No Registry entrys at all
SO no Delete was possible.

4.# AdwCleaner v2.114 - Logfile created 03/07/2013 at 20:24:24
# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Moore - MOORE-PC
# Boot Mode : Normal
# Running from : C:\Users\Moore\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\bprotector_prefs.js
Folder Deleted : C:\Program Files (x86)\fbDownloader
Folder Deleted : C:\Program Files (x86)\Qwiklinx
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Moore\AppData\Local\Savings Sidekick
Folder Deleted : C:\Users\Moore\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Moore\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Moore\AppData\Roaming\Qwiklinx
Folder Deleted : C:\Users\Moore\Documents\ShopToWin

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Savings Sidekick
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\9edadcb33dea49
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F9E44926-2497-46F3-8A25-928136AC079E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\9edadcb33dea49
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Mozilla\Firefox\extensions [{58BD07EB-0EE0-4DF0-8121-DC9B693373DF}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v7.0.1 (en-US)

File : C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\prefs.js

C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp5060.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.152

File : C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7395 octets] - [07/03/2013 12:21:38]
AdwCleaner[S1].txt - [6415 octets] - [07/03/2013 20:24:24]

########## EOF - C:\AdwCleaner[S1].txt - [6475 octets] ##########

5.OTL logfile created on: 3/7/2013 8:37:58 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moore\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 64.95% Memory free
7.60 Gb Paging File | 6.13 Gb Available in Paging File | 80.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 14.26 Gb Free Space | 24.34% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 225.73 Gb Free Space | 98.30% Space Free | Partition Type: NTFS

Computer Name: MOORE-PC | User Name: Moore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 19:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
PRC - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
PRC - [2013/03/05 22:49:26 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/12/30 12:38:37 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/29 08:27:10 | 034,219,904 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/18 11:18:20 | 000,462,991 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/12/29 15:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013/03/06 02:57:59 | 002,232,272 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
MOD - [2013/02/14 03:37:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 03:36:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 18:15:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:14:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:14:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 18:14:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:14:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 15:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 15:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 15:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 15:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 15:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 06:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 10:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
SRV - [2013/03/05 22:49:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/31 05:11:06 | 002,561,488 | ---- | M] () [Auto | Stopped] -- C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe -- (ffdshow manager)
SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/29 12:14:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/07 20:28:27 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/07 16:45:00 | 000,174,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/10/30 13:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 14:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 07:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 10:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 10:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A669512D-7314-4C46-9F30-B53BD303354C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Moore\Desktop
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 80 20 50 A5 1B CE 01 [binary data]
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes,bProtectorDefaultScope = S-1-5-21-4259660729-1901423613-4169603153-1001\SOFTWARE\Microsoft\Internet ExpICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000026b91da1ac
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: "prefs.js"
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcgrawhill.com/ChemDrawMGH,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDrawMGH\NPCDPMGH32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/20 17:53:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 12:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/07 19:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Extensions
[2013/03/07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions
[2012/12/12 17:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/05 08:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/08 19:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\FFDSHOW MANAGER\2.2.639.201\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\MOORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q41E1E5P.DEFAULT\EXTENSIONS\[email protected]
[2012/11/18 18:03:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/18 18:03:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - homepage: http://search.babylo...0000026b91da1ac
CHR - homepage: http://search.babylo...0000026b91da1ac
CHR - Extension: No name found = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.0\
CHR - Extension: No name found = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.90.132.162 66.90.130.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{634424DC-7940-45D1-A933-2D5F0E4DCA95}: DhcpNameServer = 66.90.132.162 66.90.130.101
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261125~1.80\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


========== Files/Folders - Created Within 30 Days ==========

[2013/03/07 20:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2013/03/07 19:52:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/07 19:46:46 | 000,000,000 | ---D | C] -- C:\Users\Moore\Desktop\New folder
[2013/03/07 13:44:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{3F4511B7-727F-45CA-9C77-8030C9A455B9}
[2013/03/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/07 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Moore\Desktop\RK_Quarantine
[2013/03/07 12:06:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Moore\Desktop\aswMBR.exe
[2013/03/06 19:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
[2013/03/06 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{67690DFE-E713-4003-A74D-03A77E029C07}
[2013/03/06 18:41:12 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/06 18:40:56 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/06 18:40:56 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/06 18:40:56 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/06 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\LogMeIn Rescue Applet
[2013/03/05 22:55:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F104754B-9567-418D-A33B-950286C3A5DE}
[2013/03/05 22:40:05 | 000,000,000 | ---D | C] -- C:\Users\Moore\Documents\jwplayer-3115
[2013/03/05 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{363F7873-4932-45EC-AE7D-7F3F731D4CC6}
[2013/03/04 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52B346D5-30B8-484A-BF16-EE9E588C7C91}
[2013/03/03 18:14:30 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{05D4172C-3BF4-4A37-A429-7D329357D171}
[2013/03/02 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0AB442A5-5DC1-463D-81AA-9B6F04DBF0C9}
[2013/03/02 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C68E4603-9E48-4A89-8E92-14A17B467CAD}
[2013/03/02 10:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/01 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4EBD63E6-A3D4-454F-8D14-4CF369C45D4B}
[2013/03/01 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{CBE14286-E386-4136-AC57-2672E5189015}
[2013/03/01 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{84B6E5B5-5C8C-4006-994C-C2D0B55799A1}
[2013/02/28 20:25:26 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{06B66B8F-A006-4258-9530-3F1A58084303}
[2013/02/28 07:47:24 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FADB0872-C37C-42B7-907C-8779949B54DF}
[2013/02/27 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EC4DA965-0814-4DE0-9EF8-D7DEE99E6725}
[2013/02/26 21:46:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{D7536A98-CB4C-4684-8B40-B91C92F7E421}
[2013/02/26 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{ABBE8792-5552-4C9F-8F52-EB42F5151D22}
[2013/02/25 16:53:28 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9054DB49-9005-40BC-9B16-67B083613D58}
[2013/02/24 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8C4413A5-3D42-4950-80BE-7BEF11675520}
[2013/02/23 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C7BA2C4D-E2FB-42DF-8E69-23D4CEA4EC3C}
[2013/02/23 08:11:39 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F47B4A3F-5AA0-4BB1-A3E1-6D73C8D1A33B}
[2013/02/22 12:12:10 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{7ED53E58-2479-498A-99D4-05CC28BCB8E5}
[2013/02/21 09:04:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{175E1FDB-6890-489E-B93C-621F62E5FC93}
[2013/02/20 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4037416D-DA9F-43CE-8AF7-87AB3B492556}
[2013/02/19 12:01:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9C56310C-0AB6-4E23-93DA-2C85FC0B4DFD}
[2013/02/19 11:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/02/18 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{B4AC9D7B-96A1-4A4C-A909-52400E2B18A8}
[2013/02/17 09:19:16 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{04F9375E-EBEB-40A4-9E7A-7864BB3E1650}
[2013/02/16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F3B6399F-AE7D-4B9F-B3E6-D6AA9C3F0712}
[2013/02/15 15:33:49 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{DB68A745-7977-410B-BF1D-612510F65060}
[2013/02/14 10:09:11 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F869F690-138A-4B50-8881-E0D9FF75CF08}
[2013/02/14 03:02:01 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/14 03:02:01 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/14 03:01:59 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/14 03:01:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/14 03:01:58 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/14 03:01:58 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/14 03:01:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/14 03:01:57 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/14 03:01:56 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/14 03:01:56 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/14 03:01:55 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/14 03:01:55 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/14 03:01:52 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/14 03:01:52 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/14 03:01:52 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/13 07:44:11 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/13 07:44:10 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/13 07:44:09 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/13 07:44:02 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/13 07:44:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/13 07:44:02 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/13 07:44:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/13 07:44:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/13 07:44:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/13 07:43:59 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/13 07:38:06 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{99FC6ACC-5701-4656-8306-DA50796CF3FD}
[2013/02/12 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9AF7BA23-B055-4251-ABEE-56B3449C2A6C}
[2013/02/12 08:17:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{E66D7448-D8DE-4EB7-9A44-ACDB58CD882F}
[2013/02/11 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FA23E7BC-A158-4FA6-923E-283C83814B23}
[2013/02/10 16:24:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EE111DDA-6F46-48B6-AA0E-A9DDFF4E96C0}
[2013/02/09 12:11:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{211B538B-186D-4782-B8CA-6C4C426E8A23}
[2013/02/08 23:31:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52378060-1692-441F-9D61-33FCAED8DA0E}
[2013/02/08 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8FE43A57-3827-4FF0-904D-5F361CD04862}
[2013/02/07 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{77A22BC2-4A76-4BEA-B1D9-931844B5A657}
[2013/02/07 12:06:40 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{78CCCF94-393A-4779-BEB5-93F9DF749241}
[2013/02/07 11:27:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0D2F25A7-417F-4535-A561-4373E4285EAF}
[2013/02/06 18:51:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{DC13DECE-85F4-42E1-8A03-AB902C6425E7}
[2013/02/05 22:45:48 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{64DAC437-A862-463A-85F5-5CE5EAE04833}
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/07 20:35:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 20:35:25 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/07 20:28:38 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/07 20:28:27 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/07 20:28:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/07 20:28:02 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AntiMalwarePro.job
[2013/03/07 20:27:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/07 20:27:34 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/07 20:13:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/07 20:08:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/07 12:21:11 | 000,597,667 | ---- | M] () -- C:\Users\Moore\Desktop\adwcleaner.exe
[2013/03/07 12:12:47 | 000,792,064 | ---- | M] () -- C:\Users\Moore\Desktop\RogueKillerX64.exe
[2013/03/07 12:09:42 | 000,000,512 | ---- | M] () -- C:\Users\Moore\Desktop\MBR.dat
[2013/03/07 12:08:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Moore\Desktop\aswMBR.exe
[2013/03/06 19:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
[2013/03/06 18:40:52 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013/03/06 18:40:49 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013/03/06 18:40:48 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013/03/06 18:40:48 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013/03/06 18:40:47 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013/03/06 18:40:47 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013/03/05 22:49:26 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/03/05 22:49:26 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/03/05 10:11:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/03/05 10:11:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/03/02 10:14:04 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/28 15:30:43 | 000,051,062 | ---- | M] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2013/02/19 11:27:02 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/02/14 03:31:23 | 000,342,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 03:04:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/07 12:20:56 | 000,597,667 | ---- | C] () -- C:\Users\Moore\Desktop\adwcleaner.exe
[2013/03/07 12:12:42 | 000,792,064 | ---- | C] () -- C:\Users\Moore\Desktop\RogueKillerX64.exe
[2013/03/07 12:09:42 | 000,000,512 | ---- | C] () -- C:\Users\Moore\Desktop\MBR.dat
[2013/03/02 10:14:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/02 10:14:04 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/12 11:34:28 | 000,051,062 | ---- | C] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2012/10/05 21:25:03 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/06/08 15:14:50 | 000,000,045 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE1.dat
[2012/06/03 19:40:08 | 000,007,606 | ---- | C] () -- C:\Users\Moore\AppData\Local\Resmon.ResmonCfg
[2012/04/04 09:22:20 | 000,003,584 | ---- | C] () -- C:\Users\Moore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 10:34:12 | 000,000,032 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE.dat
[2010/06/22 06:33:29 | 000,015,184 | ---- | C] () -- C:\Users\Moore\AppData\Roaming\wklnhst.dat
[2010/06/16 18:36:05 | 000,000,000 | ---- | C] () -- C:\Users\Moore\jagex__preferences3.dat
[2010/06/16 18:36:04 | 000,000,129 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences2.dat
[2010/06/16 18:34:40 | 000,000,046 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/25 23:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 00:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 00:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 06:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/24 23:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/20 07:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: QMGR.DLL >
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/20 07:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll

< MD5 for: SERVICES >
[2009/06/10 15:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2012/09/23 20:43:36 | 000,603,848 | ---- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 19:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 20:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/13 22:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 14:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 20:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 14:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 20:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 15:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PNG >
[2012/08/17 15:29:04 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

< MD5 for: SERVICES.PTXML >
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 14:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SERVICES.RUNESCAPE[1].XML >
[2013/01/03 11:47:32 | 000,000,013 | ---- | M] () MD5=C1DDEA3EF6BBEF3E7060A1A9AD89E4C5 -- C:\Users\Moore\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\D6W0A6A9\services.runescape[1].xml

< MD5 for: SVCHOST.EXE >
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 19:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 19:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 06:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 07:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 07:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WSHELPER.DLL >
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\SysWOW64\wshelper.dll
[2009/07/13 19:16:20 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5B90BB3171504C9DAF3C5CB44B203CA7 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\wshelper.dll
[2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\SysNative\wshelper.dll
[2009/07/13 19:41:58 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=D314DA4B0B8DCD023D547FC568E34FB6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\wshelper.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Moore\Downloads:Shareaza.GUID
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >

6. System seems to run good had no crashes during all this.
  • 0

#7
godawgs
Posted 07 March 2013 - 10:37 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

Well that got rid of a lot of rubbish. And revealed some things that didn't show in the first OTL scan. So it's time for round two. And the free space on the hard drive is up around 24% :thumbsup:
There is a good bit to do here so read the directions carefully and take your time. It may be helpful to print the instructions or save them to a text file.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:SERVICES
bprotector

:OTL
PRC - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe
MOD - [2013/03/06 02:57:59 | 002,232,272 | ---- | M] () -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
SRV - [2013/03/06 02:59:12 | 002,569,168 | ---- | M] () [Auto | Running] -- C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe -- (bProtector)
IE - HKU\S-1-5-21-4259660729-1901423613-4169603153-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...0000026b91da1ac
File not found (No name found) -- C:\USERS\MOORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q41E1E5P.DEFAULT\EXTENSIONS\[email protected]
O2 - BHO: (no name) - {2EECD738-5844-4a99-B4B6-146BF802613B} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261125~1.80\{eab34~1\protec~1.dll) - c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:FILES
C:\ProgramData\bProtectorForWindows
C:\Users\Moore\Downloads:Shareaza.GUID

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Windows Sidebar Advice

Your log shows Windows sidebar running. I recommend that you disable the sidebar.

Microsoft has discovered a security vulnerability in Windows Sidebar and Gadgets. If you are not aware of this, Windows Sidebar(gadgets) has the potential to compromise the security of a machine it is running on as mentioned here. So it would be best to disable this feature.

Download the Disable Windows Sidebar and Gadgets Fix-it on this page to your desktop.

Once downloaded, double-click on MicrosoftFixit50906.msi >> follow the prompts >> reboot your machine if not advised to do so.


Step-3.

Your Chrome browser shows Babylon as the homepage:

CHR - homepage: http://search.babylo...0000026b91da1ac
CHR - homepage: http://search.babylo...0000026b91da1ac

The only way to get this out of Chrome is to manually remove it.

Change the Chrome HomePage

Open the Chrome browser.
  • Click on the Chrome menu icon, located in the upper right hand corner of your browser window. When the drop-down menu appears, select the choice labeled Settings. (See image below)

    Posted Image

    Chrome's Options should now be displayed in a new tab or window, depending on your settings. (See the image below)

    Posted Image
  • Click on Settings in the left menu pane, if it is not already selected.
  • Next, locate the Appearance section.
    • By default, the Home button is not visible on Chrome's main toolbar and the Show Home button option is disabled.
  • First, activate this option by clicking on the empty check box next to Show Home button.
  • The Home button should now be displayed in Chrome's address bar, along with an added option directly below the Show Home button setting. The default behavior of the Home button is to load Chrome's New Tab page.
  • To specify a particular URL as your home page, click on the Change link (circled in the image below).

    Posted Image

    The Home page dialog should now be displayed, as shown in the image below.

    Posted Image
  • First, click on the radio button beside Open this page:
  • Next, enter the desired URL of your new home page, like http://www.google.com/.
  • Finally, once you are satisfied with your new setting, click on the OK button.


Before you complete Steps 4 and 5 I want you to disable any screen saver you have running. If you need to know how to do that just let me know.

Step-4.

Posted ImageMalwarebytes' Anti-Malware

Close all programs and browsers on your computer.

  • (Windows Vista/7 users, right click on the MalwareBytes iconon the desktop and click Run As Administrator, then click the Continue button on the UAC window.)
  • You will now be at the main program as shown below.

    Posted Image

    Click the Update tab and update the program if required.
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked EXCEPT items in System Restore, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-5.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
When The Scan is Complete:

  • If No Threats Were Found:
    • Put a checkmark in "Uninstall application on close"
    • Close the program
    • Report to me that nothing was found
  • If Threats Were Found:
    • Click on "list of threats found"
    • Click on "export to text file" and save it to the desktop as ESET SCAN.txt
    • Click on Back
    • Put a checkmark in "Uninstall application on close" (Be sure you have saved the file first)
    • Click on Finish
    • Close the program
    • Copy and paste the report here
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-6.

Run Farbar Service Scanner

  • Please download Farbar Service Scanner to the desktop.
    (Vista and 7, right click on the FSS.exe file and click Run as Administrator). Then click OK or Continue on the UAC window to run the program.
    • Posted Image
    • Make sure the following options are checked:[list]
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step-7.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. Let me know if changing the Chrome homepage was successful.
3. The MalwareBytes log
4. The ESET log (IF it found anything). If it didn't just tell me.
5. The FSS.txt log
  • 0

#8
chessder58
Posted 08 March 2013 - 07:01 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1.All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service bprotector stopped successfully!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bprotector deleted successfully.
========== OTL ==========
Process bProtect.exe killed successfully!
Releasing module c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll scheduled to be moved on reboot.
Releasing module c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll scheduled to be moved on reboot.
Releasing module c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll scheduled to be moved on reboot.
Service bProtector stopped successfully!
Service bProtector deleted successfully!
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe scheduled to be moved on reboot.
Registry key HKEY_USERS\S-1-5-21-4259660729-1901423613-4169603153-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\bprote~1\261125~1.80\{eab34~1\protec~1.dll deleted successfully.
File move failed. c:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll scheduled to be moved on reboot.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== FILES ==========
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
File\Folder C:\Users\Moore\Downloads:Shareaza.GUID not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Moore
->Temp folder emptied: 311930 bytes
->Temporary Internet Files folder emptied: 9607867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 694 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12728 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 153570 bytes

Total Files Cleaned = 10.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03082013_115718

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll scheduled to be moved on reboot.
File move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows\2.6.1125.80 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\bProtectorForWindows scheduled to be moved on reboot.
C:\Users\Moore\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Moore\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2. The google chrome homepage showed www.google.com however when opening new chrome it was still the same as before.

3.Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.08.15

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Moore :: MOORE-PC [administrator]

3/8/2013 12:36:05 PM
mbam-log-2013-03-08 (12-36-05).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 359312
Time elapsed: 1 hour(s), 44 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

4. C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe a variant of Win32/bProtector.A application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.crx Win32/bProtector.E application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll a variant of Win32/bProtector.A application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe a variant of Win32/bProtector.A application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-10.0.2.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-11.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-12.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-13.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-14.0.1.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-15.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-16.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-17.0.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-7.0.1.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-8.0.1.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-9.0.1.dll a variant of Win32/bProtector.B application
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\ffdshowmngr.js Win32/bProtector.F application
C:\Users\All Users\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.crx Win32/bProtector.E application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-10.0.2.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-11.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-12.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-13.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-14.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-15.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-16.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-17.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-7.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-8.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-9.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\ffdshowmngr.js Win32/bProtector.F application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe a variant of Win32/bProtector.A application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll a variant of Win32/bProtector.A application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-10.0.2.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-11.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-12.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-13.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-14.0.1.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-15.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-16.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-17.0.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-7.0.1.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-8.0.1.dll a variant of Win32/bProtector.B application
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-9.0.1.dll a variant of Win32/bProtector.B application

5.Farbar Service Scanner Version: 03-03-2013
Ran by Moore (administrator) on 08-03-2013 at 18:53:36
Running from "C:\Users\Moore\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#9
godawgs
Posted 08 March 2013 - 09:21 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
OTL removed more crap. The MalwareBytes scan is clear, but ESET found more crap. We are gonna uninstall the eset on line scanner cause we will need to run it again. There is also a program I want to uninstall from the installed programs list. We will uninstall ESET in Normal Windows and then uninstall the other one in Safe Mode.


Step-1.

Uninstall ESET On-line Scanner

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

ESET on line scanner

3. Right click the program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.

Delete the folders associated with the uninstalled programs.(Only do this if you uninstalled the program)

1. Using Windows Explorer (to get there right-click your Start button and click "Explore"), please delete the following folders(s) (if present):

C:\Program Files(86)\ESET

2. Close Windows Explorer.


Step-2.

Reboot into Safe Mode.

  • Restart Windows in Safe Mode. To do that....
    • Restart your computer and as soon as it starts booting up again continuously tap the F8 key.
    • An Advanced Boot Options screen will come up where you will be given the option to enter Safe Mode.
      NOTE: If you miss the Boot menu, continue to let the machine boot up. Then restart the machine and start tapping the F8 key.
      Very Important: Never restart the computer while it is booting up. Bad things, including the computer not being able to load Windows, can occur!
    • Use the down arrow key to highlight Safe Mode and push the ENTER key.
    Windows 7

    Posted Image
  • Provide your password if you are asked for it. The Safe Mode desktop will be displayed.
  • Click the Start Orb Posted Image, click Control Panel. Under the Programs heading click Uninstall a program
  • In the list of programs installed, locate the following program(s):

    ffdshow Manager
  • Right click each program and click Uninstall
  • After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
  • Reboot the computer.

Step-3.

We are going to run the ESET on line scanner again. This time make sure the the option Remove found threats is ckecked.
Don't forget to disable your screen saver before running the scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure to check the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    When The Scan is Complete:
  • When completed Do Not select Uninstall application on close
  • Make sure you copy the logfile.
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files(x86)\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-4.

Run RogueKiller

Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
  • Wait until Prescan has finished ...
  • Click on the Delete button.

    Posted Image
  • The report has been created on the desktop.
  • Next click on the ShortcutsFix

    Posted Image
  • The report has been created on the desktop.
Please post:
The RKreport.txt files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-5.

Please open OTL and click the Posted Image button. Post the log it produces in your next reply.


Step-6

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the uninstalls went
2. The ESET scan log
3. The most recent RKreport.txt log
4. The new OTL.txt log
  • 0

#10
chessder58
Posted 08 March 2013 - 11:39 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1.ESET Program was not listed to remove .. Maybe because was run from the webpage.
Reboot to safemode and removed ffdshow Manager good. Rebooted

2.C:\Users\All Users\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.crx Win32/bProtector.E application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-10.0.2.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-11.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-12.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-13.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-14.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-15.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-16.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-17.0.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-7.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-8.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-9.0.1.dll a variant of Win32/bProtector.B application
C:\Users\All Users\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\ffdshowmngr.js Win32/bProtector.F application
C:\ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\uninstall.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.crx Win32/bProtector.E application deleted - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\ffdshowmngr.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-10.0.2.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-11.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-12.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-13.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-14.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-15.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-16.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-17.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-7.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-8.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\components\ffdshowmngr-9.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\ProgramData\ffdshow manager\2.6.1123.78\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension\content\ffdshowmngr.js Win32/bProtector.F application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\bProtect.exe a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\protector.dll a variant of Win32/bProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-10.0.2.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-11.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-12.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-13.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-14.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-15.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-16.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-17.0.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-7.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-8.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082013_115718\C_ProgramData\bProtectorForWindows\2.6.1125.80\{eab34bca-99d8-4192-8f3b-58b53f6d08e7}\FirefoxExtension\components\bProtect-9.0.1.dll a variant of Win32/bProtector.B application cleaned by deleting - quarantined

3.RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Moore [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/08/2013 23:23:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 179 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 5 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 34 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 83 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1]_SC_03082013_02d2323.txt >>
RKreport[1]_SC_03082013_02d2323.txt


4.OTL logfile created on: 3/8/2013 11:26:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Moore\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 53.96% Memory free
7.60 Gb Paging File | 5.87 Gb Available in Paging File | 77.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58.59 Gb Total Space | 14.28 Gb Free Space | 24.38% Space Free | Partition Type: NTFS
Drive D: | 229.63 Gb Total Space | 225.73 Gb Free Space | 98.30% Space Free | Partition Type: NTFS

Computer Name: MOORE-PC | User Name: Moore | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/06 19:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
PRC - [2013/03/05 22:49:26 | 000,701,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_171_ActiveX.exe
PRC - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2012/12/30 12:38:37 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/29 08:27:10 | 034,219,904 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/06/18 11:18:20 | 000,462,991 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/12/29 15:35:38 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/14 03:37:11 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\64cf6c356be66bb17c4667d6d8aa467b\System.Web.Services.ni.dll
MOD - [2013/02/14 03:36:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/01/09 18:15:20 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/09 18:14:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/09 18:14:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/09 18:14:50 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/09 18:14:45 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/12/15 20:14:22 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/11/13 15:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 15:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 15:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 15:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 15:15:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2009/11/13 15:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/10/09 06:52:16 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/17 10:06:00 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 08:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/03/05 22:49:27 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/25 10:34:04 | 000,166,408 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/04/29 12:14:11 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/30 06:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 06:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/08 21:34:44 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/06/07 16:45:00 | 000,174,848 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/10/30 13:23:16 | 007,770,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/26 14:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/26 08:42:58 | 000,233,984 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/09/17 13:54:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/16 07:47:00 | 000,267,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/07/17 10:06:00 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/17 10:06:00 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2009/07/16 21:14:00 | 000,220,672 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{A669512D-7314-4C46-9F30-B53BD303354C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Moore\Desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 80 20 50 A5 1B CE 01 [binary data]
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{C7A6FB61-CFC1-4E13-BD46-CF0110C45CED}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.order.1: "prefs.js"
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcgrawhill.com/ChemDrawMGH,version=12.0: C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDrawMGH\NPCDPMGH32.dll (CambridgeSoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/01/20 17:53:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore:
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012/12/30 12:39:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/30 12:38:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/03/07 19:53:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Extensions
[2013/03/07 19:53:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moore\AppData\Roaming\Mozilla\Firefox\Profiles\q41e1e5p.default\Extensions
[2012/12/12 17:52:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/05 08:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/10/08 19:22:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMDATA\FFDSHOW MANAGER\2.2.639.201\{16CDFF19-861D-48E3-A751-D99A27784753}\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\MOORE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Q41E1E5P.DEFAULT\EXTENSIONS\[email protected]
[2012/11/18 18:03:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/18 18:03:18 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.152\pdf.dll
CHR - plugin: McGraw-Hill ChemDraw (Enabled) = C:\Program Files (x86)\CambridgeSoft\ChemOffice2010\ChemDrawMGH\NPCDPMGH32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Smiley Bar for Facebook = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgojaaaiddhmiiakpejiklijbalpckih\1.0.0.0_0\
CHR - Extension: RealDownloader = C:\Users\Moore\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...pdetect119b.cab (GMNRev Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.90.132.162 66.90.130.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{634424DC-7940-45D1-A933-2D5F0E4DCA95}: DhcpNameServer = 66.90.132.162 66.90.130.101
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\bprote~1\261125~1.80\{eab34~1\protec~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/08 21:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/03/08 18:53:00 | 000,354,265 | ---- | C] (Farbar) -- C:\Users\Moore\Desktop\FSS.exe
[2013/03/07 20:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\bProtectorForWindows
[2013/03/07 19:52:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/07 19:46:46 | 000,000,000 | ---D | C] -- C:\Users\Moore\Desktop\New folder
[2013/03/07 13:44:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{3F4511B7-727F-45CA-9C77-8030C9A455B9}
[2013/03/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2013/03/07 12:27:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2013/03/07 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Moore\Desktop\RK_Quarantine
[2013/03/07 12:06:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Moore\Desktop\aswMBR.exe
[2013/03/06 19:12:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
[2013/03/06 18:46:33 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{67690DFE-E713-4003-A74D-03A77E029C07}
[2013/03/06 12:15:15 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\LogMeIn Rescue Applet
[2013/03/05 22:55:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F104754B-9567-418D-A33B-950286C3A5DE}
[2013/03/05 22:40:05 | 000,000,000 | ---D | C] -- C:\Users\Moore\Documents\jwplayer-3115
[2013/03/05 09:46:02 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{363F7873-4932-45EC-AE7D-7F3F731D4CC6}
[2013/03/04 19:26:59 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52B346D5-30B8-484A-BF16-EE9E588C7C91}
[2013/03/03 18:14:30 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{05D4172C-3BF4-4A37-A429-7D329357D171}
[2013/03/02 11:07:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0AB442A5-5DC1-463D-81AA-9B6F04DBF0C9}
[2013/03/02 10:28:20 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C68E4603-9E48-4A89-8E92-14A17B467CAD}
[2013/03/02 10:13:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/03/01 21:49:34 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4EBD63E6-A3D4-454F-8D14-4CF369C45D4B}
[2013/03/01 17:21:08 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{CBE14286-E386-4136-AC57-2672E5189015}
[2013/03/01 14:01:55 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{84B6E5B5-5C8C-4006-994C-C2D0B55799A1}
[2013/02/28 20:25:26 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{06B66B8F-A006-4258-9530-3F1A58084303}
[2013/02/28 07:47:24 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FADB0872-C37C-42B7-907C-8779949B54DF}
[2013/02/27 17:04:36 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EC4DA965-0814-4DE0-9EF8-D7DEE99E6725}
[2013/02/26 21:46:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{D7536A98-CB4C-4684-8B40-B91C92F7E421}
[2013/02/26 09:46:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{ABBE8792-5552-4C9F-8F52-EB42F5151D22}
[2013/02/25 16:53:28 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9054DB49-9005-40BC-9B16-67B083613D58}
[2013/02/24 12:42:56 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8C4413A5-3D42-4950-80BE-7BEF11675520}
[2013/02/23 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{C7BA2C4D-E2FB-42DF-8E69-23D4CEA4EC3C}
[2013/02/23 08:11:39 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F47B4A3F-5AA0-4BB1-A3E1-6D73C8D1A33B}
[2013/02/22 12:12:10 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{7ED53E58-2479-498A-99D4-05CC28BCB8E5}
[2013/02/21 09:04:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{175E1FDB-6890-489E-B93C-621F62E5FC93}
[2013/02/20 17:17:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{4037416D-DA9F-43CE-8AF7-87AB3B492556}
[2013/02/19 12:01:38 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9C56310C-0AB6-4E23-93DA-2C85FC0B4DFD}
[2013/02/19 11:27:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
[2013/02/18 19:52:47 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{B4AC9D7B-96A1-4A4C-A909-52400E2B18A8}
[2013/02/17 09:19:16 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{04F9375E-EBEB-40A4-9E7A-7864BB3E1650}
[2013/02/16 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F3B6399F-AE7D-4B9F-B3E6-D6AA9C3F0712}
[2013/02/15 15:33:49 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{DB68A745-7977-410B-BF1D-612510F65060}
[2013/02/14 10:09:11 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{F869F690-138A-4B50-8881-E0D9FF75CF08}
[2013/02/13 07:38:06 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{99FC6ACC-5701-4656-8306-DA50796CF3FD}
[2013/02/12 11:34:52 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{9AF7BA23-B055-4251-ABEE-56B3449C2A6C}
[2013/02/12 08:17:19 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{E66D7448-D8DE-4EB7-9A44-ACDB58CD882F}
[2013/02/11 19:27:00 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{FA23E7BC-A158-4FA6-923E-283C83814B23}
[2013/02/10 16:24:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{EE111DDA-6F46-48B6-AA0E-A9DDFF4E96C0}
[2013/02/09 12:11:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{211B538B-186D-4782-B8CA-6C4C426E8A23}
[2013/02/08 23:31:51 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{52378060-1692-441F-9D61-33FCAED8DA0E}
[2013/02/08 11:17:03 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{8FE43A57-3827-4FF0-904D-5F361CD04862}
[2013/02/07 17:31:27 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{77A22BC2-4A76-4BEA-B1D9-931844B5A657}
[2013/02/07 12:06:40 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{78CCCF94-393A-4779-BEB5-93F9DF749241}
[2013/02/07 11:27:22 | 000,000,000 | ---D | C] -- C:\Users\Moore\AppData\Local\{0D2F25A7-417F-4535-A561-4373E4285EAF}
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/08 23:13:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/08 23:09:24 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/08 21:42:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 21:42:03 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/08 21:35:16 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/08 21:34:44 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/08 21:34:42 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/08 21:34:28 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\AntiMalwarePro.job
[2013/03/08 21:34:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/08 21:34:07 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/08 18:53:13 | 000,354,265 | ---- | M] (Farbar) -- C:\Users\Moore\Desktop\FSS.exe
[2013/03/08 12:04:15 | 000,984,576 | ---- | M] () -- C:\Users\Moore\Desktop\MicrosoftFixit50906.msi
[2013/03/07 12:21:11 | 000,597,667 | ---- | M] () -- C:\Users\Moore\Desktop\adwcleaner.exe
[2013/03/07 12:12:47 | 000,792,064 | ---- | M] () -- C:\Users\Moore\Desktop\RogueKillerX64.exe
[2013/03/07 12:09:42 | 000,000,512 | ---- | M] () -- C:\Users\Moore\Desktop\MBR.dat
[2013/03/07 12:08:04 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Moore\Desktop\aswMBR.exe
[2013/03/06 19:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moore\Desktop\OTL.exe
[2013/03/02 10:14:04 | 000,002,055 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/28 15:30:43 | 000,051,062 | ---- | M] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2013/02/19 11:27:02 | 000,002,469 | ---- | M] () -- C:\Users\Public\Desktop\DriverUpdate.lnk
[2013/02/14 03:31:23 | 000,342,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/14 03:04:34 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[1 C:\Users\Moore\Desktop\*.tmp files -> C:\Users\Moore\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/08 12:04:09 | 000,984,576 | ---- | C] () -- C:\Users\Moore\Desktop\MicrosoftFixit50906.msi
[2013/03/07 12:20:56 | 000,597,667 | ---- | C] () -- C:\Users\Moore\Desktop\adwcleaner.exe
[2013/03/07 12:12:42 | 000,792,064 | ---- | C] () -- C:\Users\Moore\Desktop\RogueKillerX64.exe
[2013/03/07 12:09:42 | 000,000,512 | ---- | C] () -- C:\Users\Moore\Desktop\MBR.dat
[2013/03/02 10:14:04 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/03/02 10:14:04 | 000,002,055 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/02/12 11:34:28 | 000,051,062 | ---- | C] () -- C:\Users\Moore\Documents\Resume Billy.rtf
[2012/06/08 15:14:50 | 000,000,045 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE1.dat
[2012/06/03 19:40:08 | 000,007,606 | ---- | C] () -- C:\Users\Moore\AppData\Local\Resmon.ResmonCfg
[2012/04/04 09:22:20 | 000,003,584 | ---- | C] () -- C:\Users\Moore\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/20 10:34:12 | 000,000,032 | ---- | C] () -- C:\Users\Moore\jagex_cl_runescape_LIVE.dat
[2010/06/22 06:33:29 | 000,015,184 | ---- | C] () -- C:\Users\Moore\AppData\Roaming\wklnhst.dat
[2010/06/16 18:36:05 | 000,000,000 | ---- | C] () -- C:\Users\Moore\jagex__preferences3.dat
[2010/06/16 18:36:04 | 000,000,129 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences2.dat
[2010/06/16 18:34:40 | 000,000,046 | ---- | C] () -- C:\Users\Moore\jagex_runescape_preferences.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/18 16:57:10 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\CompuClever
[2013/01/13 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\DriverCure
[2012/10/22 19:59:51 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Internet Chess Club
[2011/06/10 17:06:08 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\PCDr
[2013/01/13 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\SpeedyPC Software
[2012/10/05 21:26:52 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\StatusWinks
[2010/06/22 06:33:31 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Template
[2010/06/22 13:38:06 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\W Photo Studio Viewer
[2011/03/04 17:30:04 | 000,000,000 | ---D | M] -- C:\Users\Moore\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Moore\Downloads:Shareaza.GUID
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#11
godawgs
Posted 09 March 2013 - 09:33 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

ESET killed the residual files. The OTL log looks good. There should have been a RKreport[1]_D_03082013.txt log. Please see if you can find it and post it with your next reply. If you ran RogueKiller fron the desktop, it should be on the desktop.
The Babylon search is no longer in the Chrome home page.
Next we are gonna check for programs that are out of date. Then , if you don't have any other issues we will be ready to clean this puppy up.


Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The checkup.txt log
2. The RKreport[1]_D_03082013.txt log
  • 0

#12
chessder58
Posted 09 March 2013 - 09:51 AM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
When I open google chrome it still opens on the babylon page.

1. Results of screen317's Security Check version 0.99.60
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
Adobe Flash Player 11.6.602.171
Adobe Reader XI
Mozilla Firefox (7.0.1)
Google Chrome 25.0.1364.152
Google Chrome 25.0.1364.97
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


2. RogueKiller V8.5.2 _x64_ [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Moore [Admin rights]
Mode : Shortcuts HJfix -- Date : 03/08/2013 23:23:02
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 6 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 179 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 5 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 34 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 83 / Fail 0
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped

Finished : << RKreport[1]_SC_03082013_02d2323.txt >>
RKreport[1]_SC_03082013_02d2323.txt

Edited by chessder58, 09 March 2013 - 10:14 AM.

  • 0

#13
godawgs
Posted 09 March 2013 - 11:58 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

When I open google chrome it still opens on the babylon page.

Chrome seems to be a pain to reset the home page or to disable/uninstall add-ons or manage search engines. They seem to change how they want to do these things in each update. OTL will reset these things in FF and IE, but not Chrome.
Let's try this.....

Step-1.

Reset/Delete a Search engine in Chrome

Set your default search engine

  • Click the Chrome menu Posted Image on the browser toolbar.
  • Select Settings and find the Search section.
  • Select the search engine you want to use from the menu (like Google). If the search engine you want to use doesn't appear in the menu, click Manage search engines.
  • In the Search Engines dialog that appears, select the search engine that you'd like to use from the list.
  • Click the Make default button that appears at the end of the row.

Remove search engines

  • Click Manage search engines. A pop up should appear populated with search engines the browser uses.
  • Find the Babylon Search engine and click the X that appears at the end of the row.

Hopefully that will get it.


Step-2.

Update Fifefox

Your Firefox is badly out of date. The new version is Firefox 19.0

  • At the top of the Firefox window click the Firefox button.
  • Go over to the Help menu and select About Firefox.
    The About Firefox window will open and Firefox will begin checking for updates. If updates are available, they will begin downloading automatically.
    Posted Image
  • When the updates are downloaded and ready to be installed, click Apply Update. Firefox will be restarted and the updates will be installed.
Posted Image


Let me know if you were able to find and remove the Babylon search engine and how the FF update went.
  • 0

#14
chessder58
Posted 09 March 2013 - 01:17 PM

chessder58

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
1. Babylon is gone! Got a Google homepage now for chrome.

2. Update to Firefox went good!

I did want to mention I have had two system crashes during all this. One on first run of malwarebytes. Then today I was deleteing some pictures and system crashed. But overall seems to be running decent.

Edited by chessder58, 09 March 2013 - 01:18 PM.

  • 0

#15
godawgs
Posted 09 March 2013 - 02:24 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Sometimes MBAM will cause a system crash when running and there is still malware on board. Don't have a clue as to what caused it when deleting pictures. Did you get any kind of error message or code?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP