Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

CMD Virus or something [Closed]

Started by BFella , Apr 29 2013 07:47 PM

  • This topic is locked This topic is locked

#1
BFella
Posted 29 April 2013 - 07:47 PM

BFella

    Member

  • Member
  • PipPip
  • 18 posts
So today when I tried logging into my computer it took awhile, and then when it finally logged in I have a grey screen and the CMD box was up and that's all that was happening, I keep trying to log in but it keeps happening, so I'm guessing it's a virus.

I'm currently in safe mode and I've tried to run Malwarye bytes and it always ends up freezing, AVG does nothing but automatically gets X'd out. I have no idea what to do.

Also, when I boot and it's not in safe mode, it takes forever to boot up, if I click the guest account it'll log onto it but then Windows will suddenly quit working and freeze up.

Does anyone know what to do or how to get rid of this?
  • 0

Advertisements

#2
maliprog
Posted 29 April 2013 - 11:12 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello BFella and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan/Fixes box paste this in

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
services.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them here for me.

Step 2

Please don't forget to include these items in your reply:

  • OTL log
  • OTL Extras log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
BFella
Posted 30 April 2013 - 12:26 AM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 4/29/2013 11:05:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessi\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.92% Memory free
6.17 Gb Paging File | 4.48 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 102.84 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 7.80 Gb Free Space | 53.28% Space Free | Partition Type: NTFS
Drive F: | 393.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSI-PC | User Name: Jessi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/29 23:05:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jessi\Downloads\OTL.exe
PRC - [2013/04/09 01:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/03/29 10:45:02 | 002,937,384 | ---- | M] (AOL Inc.) -- C:\Users\Jessi\AppData\Local\AOL\AIM\aim.exe
PRC - [2012/11/13 14:08:14 | 003,500,568 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe
PRC - [2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 01:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 01:57:06 | 013,130,704 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 01:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 01:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/29 10:43:40 | 023,756,328 | ---- | M] () -- C:\Users\Jessi\AppData\Local\AOL\AIM\libcef.dll
MOD - [2013/03/28 15:46:46 | 014,717,144 | ---- | M] () -- C:\Users\Jessi\AppData\Local\AOL\AIM\NPSWF32.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/08/23 09:38:24 | 000,574,840 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/03/19 16:50:59 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/02/05 08:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/18 23:29:53 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/05/18 23:28:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/05/18 23:28:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2009/05/18 23:12:20 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/02/23 07:48:06 | 000,632,048 | ---- | M] (SoftThinks) [Auto | Stopped] -- C:\Windows\sminst\SftService.exe -- (SftService)
SRV - [2009/02/04 22:57:14 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/29 22:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2009/01/05 15:19:10 | 000,824,560 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/01/05 15:19:08 | 000,173,296 | ---- | M] (SingleClick Systems) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2008/12/18 11:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/12/14 21:13:46 | 000,241,746 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\stacsv.exe -- (STacSV)
SRV - [2008/12/14 21:13:30 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\AEstSrv.exe -- (AESTFilters)
SRV - [2008/05/07 15:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/21 11:26:34 | 000,015,872 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2007/09/14 11:35:04 | 005,730,304 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | System | Stopped] -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6055061C-49CD-4E36-AD5D-492E09E20D6C}\MpKslf665a6b8.sys -- (MpKslf665a6b8)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/06/23 07:21:30 | 000,157,568 | ---- | M] (Hauppauge, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcwhdpvr.sys -- (hcwhdpvr)
DRV - [2010/03/25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2009/02/19 14:22:52 | 000,127,744 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ArcHlp.sys -- (archlp)
DRV - [2008/12/22 03:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/12/14 21:13:54 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/11/04 16:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008/09/03 22:29:08 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/03 01:44:22 | 000,269,216 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2008/09/03 01:44:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008/06/17 09:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/01/20 19:32:51 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/08/17 07:47:48 | 000,073,696 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2005/06/24 17:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 10:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 10:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKLM\..\SearchScopes\{4EAB203A-8E7C-42D9-82F2-F35DA6BF28E2}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3292584
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect...hromesbox-en-us
IE - HKCU\..\SearchScopes\{4EAB203A-8E7C-42D9-82F2-F35DA6BF28E2}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7ADBS_enUS432
IE - HKCU\..\SearchScopes\{CC7ABE2A-E615-4A7A-85D7-4130ADA83E52}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.condui...2200242225&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2013/04/17 15:34:41 | 000,444,749 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15278 more lines...
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Solid Savings) - {11111111-1111-1111-1111-110211621178} - C:\Program Files\Solid Savings\Solid Savings.dll (215 Apps)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [RunDLLEntry] C:\Windows\System32\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKLM..\Run: [SMessaging] C:\Users\Jessi\AppData\Local\Strongvault Online Backup\SMessaging.exe (Stronghold Online Backup)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BackupAgent] C:\Program Files\Strongvault Online Backup\BackupAgent.exe (Strongvault LLC)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_F51A6D0EEE39DF9BB15E2444D1233C4B] C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Jessi\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\runhstart.bat ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe (Adobe Systems Incorporated)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; SLCC1; .NET CLR 2.0.50727; MDDC; .NET CLR 3.5.30729; WinNT-PAI 01.09.2009; .NET4.0C; .NET CLR 3.0.30729)" -"http://mappinghistor...ive/map32.html" File not found
O4 - Startup: C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk = C:\Users\Jessi\AppData\Local\Strongvault\StrongVaultApp.exe ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18C4C674-F587-4FDC-A02F-467FE837A48F}: DhcpNameServer = 192.168.0.1 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A5EA9E0-83B8-4D98-8E47-6FB6667165A1}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Jessi\Downloads\abstract_0013.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jessi\Downloads\abstract_0013.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 14:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2010/07/13 06:46:19 | 000,000,000 | ---D | M] - F:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2007/08/14 07:29:44 | 000,000,055 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\Shell - "" = AutoRun
O33 - MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\Shell\AutoRun\command - "" = D:\TLBootstrap_WPP.exe
O33 - MountPoints2\{5858a4fc-e1b3-11df-8745-0023ae342cef}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O33 - MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2009/05/13 07:09:17 | 000,183,640 | R--- | M] ()
O33 - MountPoints2\{cdfe852f-ede0-11de-884f-0023ae342cef}\Shell\AutoRun\command - "" = H:\MI.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

========== Files/Folders - Created Within 30 Days ==========

[2013/04/29 15:12:45 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Malwarebytes
[2013/04/29 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/29 15:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/29 12:50:22 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\TuneUp Software
[2013/04/29 12:49:17 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/29 12:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/29 12:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/04/29 12:32:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/29 12:32:54 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\MFAData
[2013/04/29 12:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/29 12:32:54 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Avg2013
[2013/04/28 19:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/04/28 19:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2013/04/28 19:06:22 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2013/04/28 16:19:45 | 000,000,000 | ---D | C] -- C:\Users\Jessi\.thumbnails
[2013/04/28 16:11:21 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\fontconfig
[2013/04/28 16:11:14 | 000,000,000 | ---D | C] -- C:\Users\Jessi\.gimp-2.8
[2013/04/28 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\gegl-0.2
[2013/04/24 17:47:42 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Strongvault
[2013/04/24 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\vlc
[2013/04/24 17:46:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2013/04/24 17:46:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/04/24 17:45:56 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Strongvault Online Backup
[2013/04/24 17:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Strongvault Online Backup
[2013/04/24 17:45:52 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Strongvault
[2013/04/24 17:45:51 | 000,000,000 | ---D | C] -- C:\Program Files\Strongvault Online Backup
[2013/04/24 17:45:44 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013/04/24 17:45:44 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Strongvault Online Backup
[2013/04/24 17:45:31 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
[2013/04/23 12:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2013/04/23 12:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2013/04/23 12:03:49 | 000,000,000 | ---D | C] -- C:\Users\Jessi\Desktop\UDP Unicorn
[2013/04/18 22:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2013/04/18 22:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2013/04/18 22:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2013/04/08 19:19:49 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
[2013/04/08 19:19:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2013/03/31 21:05:25 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2013/03/31 20:45:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Net Tools
[2013/03/31 20:45:38 | 000,077,824 | ---- | C] (JVSoftware) -- C:\Windows\System32\nmapwin.exe
[2013/03/31 20:45:35 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\Windows\System32\CCGNU32.dll
[2013/03/31 20:45:25 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\System32\aamd532.dll
[2013/03/31 20:45:22 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\Flash.ocx
[2013/03/31 20:32:30 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\iLivid
[2013/03/31 20:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2013/03/31 20:29:19 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2013/03/31 20:13:22 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Solid Savings
[2013/03/31 20:13:12 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Updater26278
[2013/03/31 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\Solid Savings
[2013/03/31 20:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/03/31 20:11:27 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\Conduit
[2013/03/31 20:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
[2013/03/31 20:10:27 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Roaming\SearchProtect
[2013/03/31 20:10:23 | 000,000,000 | ---D | C] -- C:\Users\Jessi\AppData\Local\CRE

========== Files - Modified Within 30 Days ==========

[2013/04/29 20:56:11 | 000,907,768 | ---- | M] () -- C:\Users\Jessi\Desktop\IMG_2342 (1).jpg
[2013/04/29 20:08:52 | 000,078,499 | ---- | M] () -- C:\Users\Jessi\Desktop\logo20462277001271987215.png
[2013/04/29 18:11:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/29 17:28:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 17:28:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/29 17:28:05 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/29 17:13:04 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/29 17:12:56 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job
[2013/04/29 17:00:11 | 000,006,756 | ---- | M] () -- C:\Users\Jessi\AppData\Local\d3d9caps.dat
[2013/04/29 10:07:47 | 000,049,283 | ---- | M] () -- C:\Users\Jessi\Desktop\Exam 2.pdf
[2013/04/29 10:07:05 | 000,064,490 | ---- | M] () -- C:\Users\Jessi\Desktop\Functions Test Final.pdf
[2013/04/28 16:23:37 | 000,102,955 | ---- | M] () -- C:\Users\Jessi\Untitled.xcf
[2013/04/28 16:23:37 | 000,001,458 | ---- | M] () -- C:\Users\Jessi\AppData\Local\recently-used.xbel
[2013/04/25 08:57:59 | 000,034,350 | ---- | M] () -- C:\Users\Jessi\Desktop\Functions 2 - Exam 2.pdf
[2013/04/25 03:01:06 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_UPDATES.job
[2013/04/25 03:01:03 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/25 03:00:45 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/24 17:46:38 | 000,000,821 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/24 17:45:58 | 000,001,926 | ---- | M] () -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk
[2013/04/24 17:45:29 | 000,000,000 | ---- | M] () -- C:\END
[2013/04/24 17:43:37 | 000,069,877 | ---- | M] () -- C:\Windows\unins000.dat
[2013/04/24 17:42:08 | 000,723,230 | ---- | M] () -- C:\Windows\unins000.exe
[2013/04/24 12:57:34 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/18 21:10:16 | 000,087,098 | ---- | M] () -- C:\Users\Jessi\Desktop\My girl.jpg
[2013/04/17 15:34:41 | 000,444,749 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/10 03:31:18 | 000,286,048 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/09 20:34:14 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/04/09 16:48:38 | 588,907,279 | ---- | M] () -- C:\Users\Jessi\Documents\Untitled.mp4
[2013/04/09 15:06:12 | 084,998,562 | ---- | M] () -- C:\Users\Jessi\Documents\Track 3 - 1.wav
[2013/04/09 15:06:12 | 000,332,080 | ---- | M] () -- C:\Users\Jessi\Documents\Track 3 - 1.sfk
[2013/04/09 15:06:12 | 000,001,024 | ---- | M] () -- C:\Users\Jessi\Documents\Track 3 - 2.wav
[2013/04/08 19:19:49 | 000,000,867 | ---- | M] () -- C:\Users\Jessi\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2013/04/08 19:19:49 | 000,000,865 | ---- | M] () -- C:\Users\Jessi\Desktop\AIM.lnk
[2013/04/02 03:10:32 | 000,640,462 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/02 03:10:32 | 000,118,682 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/01 17:22:55 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/03/31 20:46:08 | 000,000,778 | ---- | M] () -- C:\Users\Jessi\Desktop\NetTools.lnk
[2013/03/31 20:35:16 | 000,000,835 | ---- | M] () -- C:\Users\Jessi\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/03/31 20:35:16 | 000,000,833 | ---- | M] () -- C:\Users\Jessi\Desktop\iLivid.lnk
[2013/03/31 20:29:26 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite

========== Files Created - No Company Name ==========

[2013/04/29 20:56:09 | 000,907,768 | ---- | C] () -- C:\Users\Jessi\Desktop\IMG_2342 (1).jpg
[2013/04/29 20:08:51 | 000,078,499 | ---- | C] () -- C:\Users\Jessi\Desktop\logo20462277001271987215.png
[2013/04/29 10:07:47 | 000,049,283 | ---- | C] () -- C:\Users\Jessi\Desktop\Exam 2.pdf
[2013/04/29 10:07:03 | 000,064,490 | ---- | C] () -- C:\Users\Jessi\Desktop\Functions Test Final.pdf
[2013/04/28 16:23:37 | 000,102,955 | ---- | C] () -- C:\Users\Jessi\Untitled.xcf
[2013/04/28 16:23:37 | 000,001,458 | ---- | C] () -- C:\Users\Jessi\AppData\Local\recently-used.xbel
[2013/04/25 08:57:56 | 000,034,350 | ---- | C] () -- C:\Users\Jessi\Desktop\Functions 2 - Exam 2.pdf
[2013/04/24 17:46:38 | 000,000,821 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/04/24 17:45:58 | 000,001,926 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StrongVaultApp.lnk
[2013/04/24 17:43:22 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2013/04/24 17:43:22 | 000,069,877 | ---- | C] () -- C:\Windows\unins000.dat
[2013/04/23 12:25:00 | 000,416,768 | ---- | C] () -- C:\Users\Jessi\Desktop\UDP Unicorn.exe
[2013/04/18 21:10:16 | 000,087,098 | ---- | C] () -- C:\Users\Jessi\Desktop\My girl.jpg
[2013/04/09 15:06:12 | 000,332,080 | ---- | C] () -- C:\Users\Jessi\Documents\Track 3 - 1.sfk
[2013/04/09 15:06:12 | 000,001,024 | ---- | C] () -- C:\Users\Jessi\Documents\Track 3 - 2.wav
[2013/04/09 14:58:46 | 084,998,562 | ---- | C] () -- C:\Users\Jessi\Documents\Track 3 - 1.wav
[2013/04/08 19:19:49 | 000,000,865 | ---- | C] () -- C:\Users\Jessi\Desktop\AIM.lnk
[2013/03/31 20:46:08 | 000,000,778 | ---- | C] () -- C:\Users\Jessi\Desktop\NetTools.lnk
[2013/03/31 20:45:38 | 000,809,345 | ---- | C] () -- C:\Windows\System32\nmap-os-fingerprints
[2013/03/31 20:45:38 | 000,557,444 | ---- | C] () -- C:\Windows\System32\nmap-service-probes
[2013/03/31 20:45:38 | 000,482,123 | ---- | C] () -- C:\Windows\System32\nmapwin.chm
[2013/03/31 20:45:38 | 000,452,096 | ---- | C] () -- C:\Windows\System32\nmap.exe
[2013/03/31 20:45:38 | 000,290,816 | ---- | C] () -- C:\Windows\System32\nmapserv.exe
[2013/03/31 20:45:38 | 000,225,546 | ---- | C] () -- C:\Windows\System32\nmap-mac-prefixes
[2013/03/31 20:45:38 | 000,192,007 | ---- | C] () -- C:\Windows\System32\CHANGELOG
[2013/03/31 20:45:38 | 000,108,536 | ---- | C] () -- C:\Windows\System32\nmap-services
[2013/03/31 20:45:38 | 000,025,611 | ---- | C] () -- C:\Windows\System32\COPYING
[2013/03/31 20:45:38 | 000,021,552 | ---- | C] () -- C:\Windows\System32\nmap.xsl
[2013/03/31 20:45:38 | 000,017,955 | ---- | C] () -- C:\Windows\System32\nmap-rpc
[2013/03/31 20:45:38 | 000,006,318 | ---- | C] () -- C:\Windows\System32\nmap-protocols
[2013/03/31 20:45:38 | 000,000,192 | ---- | C] () -- C:\Windows\System32\nmap_performance.reg
[2013/03/31 20:45:22 | 000,010,348 | ---- | C] () -- C:\Windows\System32\SubclassingSink.tlb
[2013/03/31 20:35:16 | 000,000,841 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013/03/31 20:35:16 | 000,000,835 | ---- | C] () -- C:\Users\Jessi\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/03/31 20:35:16 | 000,000,833 | ---- | C] () -- C:\Users\Jessi\Desktop\iLivid.lnk
[2013/03/31 20:29:26 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2013/03/31 20:09:58 | 000,000,000 | ---- | C] () -- C:\END
[2013/03/24 19:29:25 | 000,127,744 | ---- | C] () -- C:\Windows\System32\drivers\ArcHlp.sys
[2013/03/24 19:21:11 | 000,000,265 | ---- | C] () -- C:\Windows\HCWBlast.ini
[2013/03/24 19:20:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2013/03/24 19:19:50 | 000,002,336 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2012/05/27 15:46:21 | 000,225,233 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\UserTile.png
[2011/12/10 23:55:26 | 000,123,720 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/07/30 14:11:32 | 000,006,022 | -HS- | C] () -- C:\Users\Jessi\AppData\Local\8w1q6yk7g38oh2v5al00mcc5270
[2011/07/30 14:11:32 | 000,006,022 | -HS- | C] () -- C:\ProgramData\8w1q6yk7g38oh2v5al00mcc5270
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\qrsa.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\Users\Jessi\AppData\Local\pxwm.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\ovih.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\nskh.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\Users\Jessi\AppData\Local\nhpp.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\ProgramData\mqbg.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\Users\Jessi\AppData\Local\jqjq.exe
[2011/07/30 14:11:30 | 000,000,000 | ---- | C] () -- C:\Users\Jessi\AppData\Local\ceec.exe
[2011/06/03 21:33:39 | 000,010,422 | -HS- | C] () -- C:\Users\Jessi\AppData\Local\io2j138s300jt5
[2011/06/03 21:33:39 | 000,010,422 | -HS- | C] () -- C:\ProgramData\io2j138s300jt5
[2010/06/21 13:23:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/07 18:57:34 | 000,006,756 | ---- | C] () -- C:\Users\Jessi\AppData\Local\d3d9caps.dat
[2009/08/03 17:57:54 | 000,014,312 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\wklnhst.dat
[2009/07/28 21:04:31 | 000,331,776 | ---- | C] () -- C:\Users\Jessi\AppData\Roaming\DataSafeDotNet.exe
[2009/05/27 15:46:44 | 000,081,408 | ---- | C] () -- C:\Users\Jessi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 05:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/01/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\acccore
[2011/05/02 16:52:04 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Awem
[2010/02/06 12:26:20 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\BanzaiInteractive
[2009/10/25 10:04:29 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\BeachPartyCraze
[2011/01/30 18:36:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Boomzap
[2009/09/10 16:05:41 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Camel101
[2009/09/15 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\CupcakeCafe
[2010/09/07 09:52:31 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\DigirononGames
[2011/04/03 13:06:07 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Dying for Daylight
[2011/04/03 13:06:43 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Dying for Daylight Shared
[2009/12/26 12:34:38 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\EscapeTheMuseum2
[2009/06/01 21:38:06 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Farm Mania
[2011/07/29 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Farm Mania 2
[2009/08/25 15:54:32 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Fever Frenzy
[2009/10/23 16:51:49 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Flood Light Games
[2010/07/08 21:50:46 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Floodlight Games
[2009/09/23 16:19:59 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\FloodLightGames
[2011/01/04 15:37:19 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Freeze Tag
[2010/05/22 09:41:35 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\FreezeTag
[2010/05/19 19:24:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Fugazo
[2011/07/09 20:17:08 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\funkitron
[2010/07/18 22:12:34 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\GamesCafe
[2010/12/21 10:20:46 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Gogii
[2009/09/18 16:07:02 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Gold Casual Games
[2009/06/09 12:12:32 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\GOL_byHasbro
[2009/09/25 20:26:15 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\IronCode
[2009/10/23 16:30:35 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\iWin_generic
[2011/01/20 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\LittleGamesCompany
[2011/01/20 07:08:06 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Meridian93
[2009/09/17 16:14:10 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Merscom
[2011/02/04 23:28:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Mystery of Mortlake Mansion
[2010/05/26 16:47:17 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Namco
[2013/04/29 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Nico Mak Computing
[2010/08/28 13:11:17 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\PeaceCraft2
[2011/07/13 00:49:25 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\PlayFirst
[2009/10/16 09:11:15 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Playrix Entertainment
[2009/10/05 16:40:44 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Princess Isabella
[2013/03/27 23:37:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Publish Providers
[2012/07/02 11:34:11 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\redsn0w
[2011/02/11 22:40:35 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Scholastic
[2013/03/31 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SearchProtect
[2009/09/17 16:29:00 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Shape games
[2010/08/29 01:11:44 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Silverback Productions
[2013/03/28 12:00:13 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Sony
[2011/04/08 20:16:46 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\SpinTop Games
[2013/04/28 16:27:03 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Strongvault
[2009/08/03 17:57:55 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Template
[2010/05/27 16:32:14 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\The Inquisitor
[2010/09/11 18:00:03 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Total Eclipse
[2013/04/29 12:50:22 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\TuneUp Software
[2010/05/30 10:52:03 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\UNOUndercover
[2013/04/29 17:10:12 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\uTorrent
[2010/09/02 21:05:38 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\V-Games
[2011/05/09 19:26:09 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\Visan
[2009/09/21 16:40:52 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildGames 3 Days Zoo Mystery
[2012/12/24 21:36:44 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangent
[2010/04/22 17:35:59 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangent Janes Realty2
[2010/07/06 17:48:17 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1000
[2009/08/25 16:49:56 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1001
[2010/09/17 18:15:05 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1002
[2009/09/21 21:31:32 | 000,000,000 | ---D | M] -- C:\Users\Jessi\AppData\Roaming\WildTangentv1005

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2009/05/19 01:25:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/05/19 01:25:48 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/05/19 01:25:48 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2012/11/13 14:07:52 | 003,906,584 | ---- | M] (Safer-Networking Ltd.) MD5=E4A0900CF535888DDD85B10040CA3E34 -- C:\Program Files\Spybot - Search & Destroy 2\explorer.exe
[2009/05/19 01:25:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 19:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES.EXE >
[2008/01/20 19:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/10 23:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 19:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 19:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 19:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 19:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
  • 0

#4
BFella
Posted 30 April 2013 - 12:26 AM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL Extras logfile created on: 4/29/2013 11:05:53 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jessi\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.96 Gb Total Physical Memory | 1.06 Gb Available Physical Memory | 35.92% Memory free
6.17 Gb Paging File | 4.48 Gb Available in Paging File | 72.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218.20 Gb Total Space | 102.84 Gb Free Space | 47.13% Space Free | Partition Type: NTFS
Drive E: | 14.65 Gb Total Space | 7.80 Gb Free Space | 53.28% Space Free | Partition Type: NTFS
Drive F: | 393.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: JESSI-PC | User Name: Jessi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0374CDE7-0935-4E8C-8869-B24946EC0F83}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C8AB0A66-2562-4410-A1FD-077FEF85879B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06649A88-7D68-4C44-A54E-7618F910E7D6}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{098D432C-E090-4481-BC40-B0155BB1263D}" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"{1BEEC67E-7D07-4FEE-B40D-481EF5067BD7}" = protocol=17 | dir=in | app=c:\users\jessi\appdata\roaming\utorrent\utorrent.exe |
"{3C615986-CB91-4EF7-82DF-FA963A752B40}" = protocol=58 | dir=out | [email protected],-203 |
"{5DC3F427-6ED8-4CC7-8660-33468DBBE69F}" = protocol=6 | dir=in | app=c:\users\jessi\appdata\roaming\utorrent\utorrent.exe |
"{6FB16BCF-1F5D-4E84-9725-4B50DAACFE16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7734024E-432E-46A8-919E-B06C1C62AAEE}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{77BFE858-468A-442C-9D61-B3425273C6AB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7BB0F227-E989-4D49-80AD-25C7B2421830}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{933ABDE6-1B1D-4D0D-92F1-D7D6BCB56EF8}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{98BF0E24-C2CA-4A5E-81DB-1A351DB90EA3}" = protocol=58 | dir=in | app=system |
"{C2BED0AC-A1CA-48C2-A0EF-9ECE96A1ABE4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CE24EBED-D646-430D-A3C6-1C9243B7AF9C}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe |
"{E50E3D3A-E265-43A0-8507-B12698456C63}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FE678CAC-9633-4E1E-BDBF-73BD29325DFB}" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe |
"TCP Query User{0793B06C-C535-464F-9384-F8A82682AE64}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{0A4545CF-2AA5-44B5-921C-676F4627BFCA}C:\program files\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files\net tools\nettools5.exe |
"TCP Query User{16B8419A-862F-42EE-B004-06D4223943DE}C:\program files\dell video chat\dellvideochat.exe" = protocol=6 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"TCP Query User{2755355F-6B07-44C4-ACD0-EE3218120028}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"TCP Query User{77E0E905-8239-472C-8296-6021069930EE}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
"TCP Query User{C734D77C-BF1A-4BA8-970F-16B7A0A7BFE2}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{DF893B6C-58C5-4716-9836-90E8C3B82C2D}C:\program files\net tools\nettools5.exe" = protocol=6 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{0D6FFC9F-DF57-4AC7-A5BA-EB009656301D}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
"UDP Query User{1CA1547D-ADCA-4638-8AB3-F166E1F8567A}C:\program files\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files\net tools\nettools5.exe |
"UDP Query User{29CAE83D-E303-4151-9B24-9A740AFB9DC1}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{2CF7FD63-E248-45FD-AECF-2FAFBCF01EEE}C:\program files\dell video chat\dellvideochat.exe" = protocol=17 | dir=in | app=c:\program files\dell video chat\dellvideochat.exe |
"UDP Query User{36F56E12-53F2-47A0-9F76-403CECFEE7B9}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{ADC73E98-E2ED-41FB-86E2-7336A220FA48}C:\program files\pinnacle\videospin\programs\videospin.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe |
"UDP Query User{F9977C7A-22C9-45A1-A26B-504328FE0160}C:\program files\net tools\nettools5.exe" = protocol=17 | dir=in | app=c:\program files\net tools\nettools5.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053C30EA-D4C6-47A0-8537-8D231D9BE873}" = DELL0703
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.0
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43907a2e-bbc1-44da-968c-b31d0256a8f6}_is1" = Media Player
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59DB31A9-BCB0-4985-ACA6-F6477C7BE367}" = Strongvault Online Backup
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5ECB4CCF-448D-4B52-B933-45961F4291A4}" = HP Photosmart Plus B210 series Product Improvement Study
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75CE8AF5-0A5E-4A42-BC67-F83591DA9A7D}" = Sound Blaster X-Fi MB
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F5FDEA1-D0AC-4D80-9D95-59775FCCFA40}" = HP Photosmart Plus B210 series Help
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88B05038-C890-468B-A563-0015FD53CDC3}" = ArcSoft TotalMedia Extreme
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = The Sims™ 2 Deluxe
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BE962181-E347-464E-AE70-276DD63A8293}" = HP Photosmart Plus B210 series Basic Device Software
"{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E6F012B0-E930-11E0-A67A-F04DA23A5C58}" = Vegas Pro 11.0
"{E9627240-E930-11E0-8690-F04DA23A5C58}" = MSVCRT Redists
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OA009" = Integrated Webcam Driver (1.00.02.0825)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"Hauppauge HDPVR Scheduler" = Hauppauge HDPVR Scheduler
"Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"NetTools_is1" = NetTools 5.0
"SearchProtect" = Search Protect by conduit
"SoftwareUpdUtility" = Download Updater (AOL Inc.)
"Solid Savings" = Solid Savings
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WinZip Registry Optimizer_is1" = WinZip Registry Optimizer
"WTA-006e375b-e842-49cb-bf43-7f9a676098cb" = Midnight Mysteries- Salem Witch Trials
"WTA-007f0cd1-95dc-467b-88de-4351f4a387ee" = My Kingdom for the Princess 2
"WTA-022a615a-f621-4a6c-b531-e896217e8ff2" = I SPY Mystery
"WTA-07531fcb-3a68-4564-94c8-707580afe8ad" = Jade Rousseau The Secret Revelations
"WTA-0f2579d9-371f-4fcf-a9b1-e936767a0d73" = Cruise Clues: Caribbean Adventure
"WTA-13d58424-bae6-4644-a530-5e0a53e0216b" = Miss Teri Tale: Where's Jason?
"WTA-157e9913-25cc-4a21-a77b-d46d2a32f4a5" = Agatha Christie - 4:50 from Paddington
"WTA-1ac84bc9-f7e5-498c-8dd8-6417cb3b62d9" = Eighteen Wheels of Steel: Extreme Trucker 2
"WTA-1ce52262-6500-4953-b9fe-194146f83c37" = House, MD
"WTA-2307673c-6964-4dbc-b6d9-c25a71d3dd4d" = Mystery of Mortlake Mansion
"WTA-2e28434a-cfa5-4b0a-9489-2c829c780bbe" = Operation Mania
"WTA-3246f054-17d2-42a2-967f-b5c27b4fcc68" = Victorian Mysteries: Woman in White
"WTA-3593fe59-fce8-41aa-b88b-042334120226" = Paige Harper and the Tome of Mystery
"WTA-372388e4-2d09-418d-ab14-cd13f6ad77ea" = Millionaire Manor: The Hidden Object Show 3
"WTA-3e0f6f85-d9c7-46ca-bce2-ebb5637d412f" = Twisted Lands: Shadow Town
"WTA-4124c58a-e7b3-44c3-942f-928c6ee0155c" = Supermarket Mania 2
"WTA-47318b8f-df6e-46f5-aaa8-06d3df401d4d" = Magic Encyclopedia - Moon Light
"WTA-49ad27ec-640b-45a0-a142-7e017394df25" = Unsolved Mystery Club ™ - Amelia Earhart ™
"WTA-4adc9843-cca1-43f7-9460-7c0d3e3656a2" = Grace's Quest: To Catch An Art Thief
"WTA-508b354c-49e2-4982-b9bf-38731f7b15af" = Amazing Adventures: The Forgotten Dynasty
"WTA-52287838-8177-43d1-b145-8fad26d0ad3f" = Soap Opera Dash
"WTA-55d3d05c-29a2-4c5f-89c2-fdf98a593893" = I SPY Spooky Mansion
"WTA-5afda489-6905-4893-a4b5-2b3c6193cd8d" = Diner Dash 5 - Boom! The Collector's Edition
"WTA-5f4f4e79-e12e-4132-aef8-e76029148954" = Lilly Wu and the Terra Cotta Mystery
"WTA-633c7ac7-eefc-4983-82a7-c5e7cc357a30" = Jigsaw World
"WTA-698b5752-e9f2-499f-9b43-e8b96f6e852f" = Jane Lucky
"WTA-6f6735d9-91c5-4dfd-a79f-fce118b35610" = Mystery P.I. - Stolen in San Francisco
"WTA-6fc1ca2f-33f5-431f-815a-64f87e5e2d04" = Mah Jong Fortuna 2 Deluxe
"WTA-7418711e-a3ab-4a96-9f10-0dd228d8be59" = Deep Blue Sea 2: The Amulet of Light
"WTA-78487b6e-abe8-4578-a0a6-96f93f96489c" = Letters from Nowhere 2
"WTA-7fd66aac-7115-4729-8c7c-5c283d9b373e" = Mah Jong Adventures
"WTA-81b5d7ee-2656-4c04-8ab9-a4ad0ef243b3" = Mahjong Memoirs
"WTA-87e00b5a-84c4-486b-9d4d-980f0686c092" = Dream Day Wedding - Bella Italia
"WTA-8de80bc0-76f9-4c27-b9ea-7ca951bb3b8a" = Sally's Studio Premium Edition
"WTA-97882e51-5243-4e92-addc-b9d1019a8e78" = Chronicles of Albian
"WTA-9c016648-b635-4a5e-a169-f766d7dc5005" = Slingo Mystery 2: The Golden Escape
"WTA-a4b8f922-e7ca-4523-9a61-fe22f4b55211" = Antique Road Trip
"WTA-a6cac940-4c33-4c14-b79e-8616140fcd5f" = Slingo Quest Egypt
"WTA-a912ca56-22ad-4f3e-8506-8b548aa8641e" = Super Collapse - Puzzle Gallery 4
"WTA-afa2242a-692e-4baf-8b42-b11a81e23281" = Secrets of the Dragon Wheel
"WTA-afa83938-0861-42b4-9b05-28b704539165" = The Fifth Gate
"WTA-b49b6edd-7df4-4b0e-8e55-7c52644df500" = The Clockwork Man - The Hidden World
"WTA-b96f6116-c380-4f23-9795-ceae036ef1a3" = Dying for Daylight
"WTA-ba8ba1bb-f1f9-4ad1-868f-78faf3bcba6f" = Vacation Quest - The Hawaiian Islands
"WTA-c068f6da-0b9b-49a6-bc66-a1147c94ebc9" = Buried in Time
"WTA-c45758de-ce55-485e-b7e3-a3967ed3dce2" = Escape Whisper Valley™
"WTA-c49bda51-5903-4401-a4fe-868c26a1831d" = L. Frank Baum's The Wonderful Wizard of Oz
"WTA-c7173a39-8170-4784-bf88-ed86dd0bf9cb" = Cake Mania: To the Max
"WTA-c71d50ec-00e3-4b02-9165-38cad73eb315" = Ultimate Mahjong
"WTA-de83ec06-16da-463b-ab20-0b97d287f9fb" = Baby Luv
"WTA-e950e18f-c85c-4fbe-8ec1-a4c13d3159a2" = Nightmare on the Pacific
"WTA-eed66f9b-f9ef-42f8-aed8-9fa8aea2240a" = Jane's Hotel Mania
"WTA-f9b8c495-59d4-4d27-a17e-67670874b68c" = Mahjong Escape Ancient Japan
"WTA-fac21d77-43f5-4671-825d-d9ed06f20699" = Dream Day True Love

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AIM" = AIM for Windows

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2013 3:48:52 PM | Computer Name = Jessi-PC | Source = System Restore | ID = 8193
Description =

Error - 4/29/2013 4:03:55 PM | Computer Name = Jessi-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/29/2013 4:04:31 PM | Computer Name = Jessi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2013 5:23:57 PM | Computer Name = Jessi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2013 5:59:23 PM | Computer Name = Jessi-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/29/2013 7:45:18 PM | Computer Name = Jessi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2013 7:54:24 PM | Computer Name = Jessi-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/29/2013 7:54:59 PM | Computer Name = Jessi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2013 9:12:52 PM | Computer Name = Jessi-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/29/2013 9:23:03 PM | Computer Name = Jessi-PC | Source = EventSystem | ID = 4609
Description =

[ Broadcom Wireless LAN Events ]
Error - 12/3/2012 11:42:15 PM | Computer Name = Jessi-PC | Source = WLAN-Tray | ID = 0
Description = 20:42:14, Mon, Dec 03, 12 Error - Unable to gain access to user store


Error - 12/14/2012 12:25:35 AM | Computer Name = Jessi-PC | Source = WLAN-Tray | ID = 0
Description = 21:25:34, Thu, Dec 13, 12 Error - Unable to gain access to user store


Error - 4/27/2013 6:04:06 PM | Computer Name = Jessi-PC | Source = WLAN-Tray | ID = 0
Description = 15:04:06, Sat, Apr 27, 13 Error - Unable to gain access to user store


Error - 4/29/2013 1:45:09 PM | Computer Name = Jessi-PC | Source = WLAN-Tray | ID = 0
Description = 10:45:09, Mon, Apr 29, 13 Error - Unable to gain access to user store


[ Spybot - Search and Destroy Events ]
Error - 3/21/2013 2:41:10 AM | Computer Name = Jessi-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 4/29/2013 9:12:03 PM | Computer Name = Jessi-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 4/29/2013 9:12:53 PM | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2013 9:12:53 PM | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 4/29/2013 9:12:53 PM | Computer Name = Jessi-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 4/29/2013 9:22:15 PM | Computer Name = Jessi-PC | Source = DCOM | ID = 10005
Description =

Error - 4/29/2013 9:22:15 PM | Computer Name = Jessi-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.149.774.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.9402.0 Error code: 0x8007043c Error
description: This service cannot be started in Safe Mode

Error - 4/29/2013 9:22:52 PM | Computer Name = Jessi-PC | Source = DCOM | ID = 10005
Description =

Error - 4/29/2013 9:23:03 PM | Computer Name = Jessi-PC | Source = DCOM | ID = 10005
Description =

Error - 4/29/2013 9:26:16 PM | Computer Name = Jessi-PC | Source = DCOM | ID = 10005
Description =

Error - 4/29/2013 9:39:08 PM | Computer Name = Jessi-PC | Source = DCOM | ID = 10005
Description =


< End of report >
  • 0

#5
maliprog
Posted 30 April 2013 - 12:58 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Try to start your system after these steps in Normal mode and let me know results.

Step 1

Please go to Windows Control Panel and Uninstall SpyBot Search and destroy. It sometimes mess with our fixes and I would like you to uninstall it before we continue. You can install it again after we are finish.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - [2013/03/06 05:36:52 | 000,093,984 | ---- | M] (Conduit) [Auto | Stopped] -- C:\Program Files\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3292584
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:47392
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKCU..\Run: [SearchProtect] C:\Users\Jessi\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
    O33 - MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\Shell - "" = AutoRun
    O33 - MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\Shell\AutoRun\command - "" = D:\TLBootstrap_WPP.exe
    O33 - MountPoints2\{5858a4fc-e1b3-11df-8745-0023ae342cef}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
    O33 - MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2009/05/13 07:09:17 | 000,183,640 | R--- | M] ()
    O33 - MountPoints2\{cdfe852f-ede0-11de-884f-0023ae342cef}\Shell\AutoRun\command - "" = H:\MI.exe

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 4

Please don't forget to include these items in your reply:

  • OTL fix log
  • adwCleaner log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#6
BFella
Posted 30 April 2013 - 02:29 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
All processes killed
========== OTL ==========
Service CltMngSvc stopped successfully!
Service CltMngSvc deleted successfully!
C:\Program Files\SearchProtect\bin\CltMngSvc.exe moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully.
C:\Program Files\SearchProtect\bin\cltmng.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
C:\Users\Jessi\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3eb5f0b0-59ac-11e0-8d73-0023ae342cef}\ not found.
File D:\TLBootstrap_WPP.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5858a4fc-e1b3-11df-8745-0023ae342cef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5858a4fc-e1b3-11df-8745-0023ae342cef}\ not found.
File H:\PMBP_Win.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ba615e-440c-11de-a745-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97ba615e-440c-11de-a745-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97ba615e-440c-11de-a745-806e6f6e6963}\ not found.
File move failed. F:\.\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cdfe852f-ede0-11de-884f-0023ae342cef}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cdfe852f-ede0-11de-884f-0023ae342cef}\ not found.
File H:\MI.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 525640 bytes
->Temporary Internet Files folder emptied: 459342602 bytes
->Java cache emptied: 54250 bytes
->Flash cache emptied: 598 bytes

User: Jessi
->Temp folder emptied: 80285882 bytes
->Temporary Internet Files folder emptied: 1064522266 bytes
->Java cache emptied: 9222239 bytes
->Google Chrome cache emptied: 6426075 bytes
->Apple Safari cache emptied: 14710784 bytes
->Flash cache emptied: 2055 bytes

User: Public

User: RA Media Server
->Temp folder emptied: 5425690 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3674240 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2020183668 bytes

Total Files Cleaned = 3,495.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04302013_064449
  • 0

#7
BFella
Posted 30 April 2013 - 02:30 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Tt doesn't let me boot in regular mode still, the screen is now black instead of grey when I try to login. There are two things on my desktop in safemode called desktop.ini

Not sure what those are.

ADW LOG:

# AdwCleaner v2.300 - Logfile created 04/30/2013 at 13:21:46
# Updated 28/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Jessi - JESSI-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jessi\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Jessi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Jessi\Desktop\iLivid.lnk
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SearchProtect
Folder Deleted : C:\Users\Jessi\AppData\Local\Conduit
Folder Deleted : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Deleted : C:\Users\Jessi\AppData\Local\Ilivid
Folder Deleted : C:\Users\Jessi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jessi\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PricePeep
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222622278}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0026278.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550255625578}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266626678}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292584
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440244624478}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211621178}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621178}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\Software\SearchProtect

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Jessi\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2045] : homepage = "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI=UN37504462200242225&UM[...]
Deleted [l.2883] : urls_to_restore_on_startup = [ "hxxp://search.conduit.com/?ctid=CT3292584&SearchSource=48&CUI[...]

*************************

AdwCleaner[R1].txt - [7301 octets] - [30/04/2013 13:21:34]
AdwCleaner[S1].txt - [7368 octets] - [30/04/2013 13:21:46]

########## EOF - C:\AdwCleaner[S1].txt - [7428 octets] ##########

Edited by BFella, 30 April 2013 - 02:31 PM.

  • 0

#8
maliprog
Posted 01 May 2013 - 01:29 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi BFella,

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now in Normal mode
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results
  • 0

#9
BFella
Posted 01 May 2013 - 02:41 PM

BFella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Hi BFella,

Please click on Start and then to Run
Type in msconfig and press Enter
Now click on Startups
Then uncheck everything and press Apply button.
Restart your system now in Normal mode
IMPORTANT! In case of laptop, make sure, you do NOT disable any keyboard, or touchpad entries.

If system boots correctly and is running smoothly and faster then we have a startup problem
Try going back into msconfig and check one item and reboot
Keep doing that till you have found the problem or all are finally checked.
Post back with the results


What are the mouse and keyboard entries so I don't uncheck them?
  • 0

#10
maliprog
Posted 04 May 2013 - 03:40 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
I'm sorry but I won't be able to answer to you for two days. Please stay tuned and after two days I'll be able to answer you more quickly.
  • 0

#11
maliprog
Posted 06 May 2013 - 12:23 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi BFella,

Sorry for delay one more time. Let's continue.

You can disable all entries that doesn't have "keyboard", "human interface device" or "mouse" in it's name. Please let me know results.
  • 0

#12
maliprog
Posted 14 May 2013 - 11:13 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP