Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Downloads will Not Open - Error Infected by a Virus


  • Please log in to reply

#1
midwestlacrosse

midwestlacrosse

    New Member

  • Member
  • Pip
  • 7 posts
Hello. I would appreciate your help! I am trying to download and open files from the internet. In Firefox they do not open and in IE a message appears saying the downloaded file contains a virus and cannot be opened. I know the files are safe to open. I have Windows 7 32-Bit. I have Maleware Bytes Pro installed and it appears to be working normally. I also have Microsoft Security Essentials, however; it will not open and I cannot uninstall it.

These problems happened yesterday when my computer was infected with the Department of Justice virus. Using advice on the internet, I was able to access my computer by using Hitman Pro software. The virus seems to be gone. But now I cannot download and open files. Please help!

OTL logfile created on: 5/23/2013 5:52:31 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 54.18% Memory free
6.99 Gb Paging File | 5.45 Gb Available in Paging File | 77.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.15 Gb Free Space | 36.56% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 75.74 Gb Free Space | 16.26% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 17:50:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
PRC - [2013/05/14 19:19:35 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2013/03/18 15:12:12 | 007,366,656 | ---- | M] (Google Inc.) -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/01/26 07:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
PRC - [2013/01/08 08:59:20 | 000,228,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/08 11:31:39 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/11/22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\HelperService.exe
PRC - [2012/11/22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Program Files\PDF Architect\ConversionService.exe
PRC - [2012/11/08 02:58:14 | 015,976,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2012/10/18 18:44:56 | 000,182,456 | ---- | M] () -- C:\Program Files\IDriveWindows\idwservice_501.exe
PRC - [2012/10/18 18:43:58 | 002,042,040 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDriveWindows\idwmonitor.exe
PRC - [2012/10/18 18:41:56 | 000,043,192 | ---- | M] (Pro Softnet Corporation) -- C:\Program Files\IDriveWindows\idwbg_501.exe
PRC - [2012/10/18 18:40:48 | 000,125,112 | ---- | M] () -- C:\Program Files\IDriveWindows\idwadminsrv.exe
PRC - [2012/10/18 18:39:46 | 000,272,568 | ---- | M] ( ) -- C:\Program Files\IDriveWindows\idw_web.exe
PRC - [2012/10/08 11:42:48 | 001,139,640 | ---- | M] (Boingo Wireless) -- C:\Program Files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
PRC - [2012/07/16 04:14:02 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
PRC - [2012/07/16 04:13:56 | 000,184,840 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/04/27 02:14:08 | 000,407,704 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2012/04/27 02:14:08 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2011/11/23 21:21:24 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/08 07:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/06/03 14:46:38 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/25 13:31:20 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/07/27 16:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/11 08:58:58 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 3300 Series\ezprint.exe
PRC - [2007/05/11 08:57:22 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark 3300 Series\lxccmon.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/04/16 23:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
PRC - [2007/03/26 07:49:26 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxcccoms.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/22 21:29:43 | 000,128,512 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_elementtree.pyd
MOD - [2013/05/22 21:29:43 | 000,098,816 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32api.pyd
MOD - [2013/05/22 21:29:43 | 000,044,032 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_socket.pyd
MOD - [2013/05/22 21:29:42 | 000,557,056 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\pysqlite2._sqlite.pyd
MOD - [2013/05/22 21:29:42 | 000,320,512 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32com.shell.shell.pyd
MOD - [2013/05/22 21:29:42 | 000,026,624 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_multiprocessing.pyd
MOD - [2013/05/22 21:29:42 | 000,022,528 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32ts.pyd
MOD - [2013/05/22 21:29:41 | 001,022,416 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\windows._cacheinvalidation.pyd
MOD - [2013/05/22 21:29:41 | 000,805,888 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._gdi_.pyd
MOD - [2013/05/22 21:29:41 | 000,070,656 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._html2.pyd
MOD - [2013/05/22 21:29:41 | 000,011,264 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32crypt.pyd
MOD - [2013/05/22 21:29:40 | 000,364,544 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\pythoncom27.dll
MOD - [2013/05/22 21:29:40 | 000,087,040 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_ctypes.pyd
MOD - [2013/05/22 21:29:40 | 000,017,408 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32profile.pyd
MOD - [2013/05/22 21:29:39 | 001,175,040 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._core_.pyd
MOD - [2013/05/22 21:29:39 | 000,735,232 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._misc_.pyd
MOD - [2013/05/22 21:29:39 | 000,110,080 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\PyWinTypes27.dll
MOD - [2013/05/22 21:29:39 | 000,108,544 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32security.pyd
MOD - [2013/05/22 21:29:38 | 001,153,024 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_ssl.pyd
MOD - [2013/05/22 21:29:38 | 000,811,008 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._windows_.pyd
MOD - [2013/05/22 21:29:38 | 000,711,680 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\_hashlib.pyd
MOD - [2013/05/22 21:29:38 | 000,122,368 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._wizard.pyd
MOD - [2013/05/22 21:29:38 | 000,035,840 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32process.pyd
MOD - [2013/05/22 21:29:38 | 000,025,600 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32pdh.pyd
MOD - [2013/05/22 21:29:37 | 000,119,808 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32file.pyd
MOD - [2013/05/22 21:29:36 | 000,038,912 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32inet.pyd
MOD - [2013/05/22 21:29:35 | 001,062,400 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\wx._controls_.pyd
MOD - [2013/05/22 21:29:35 | 000,686,080 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\unicodedata.pyd
MOD - [2013/05/22 21:29:35 | 000,127,488 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\pyexpat.pyd
MOD - [2013/05/22 21:29:35 | 000,018,432 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\win32event.pyd
MOD - [2013/05/22 21:29:35 | 000,010,240 | ---- | M] () -- C:\Users\Matt\AppData\Local\Temp\_MEI11242\select.pyd
MOD - [2013/05/14 19:19:34 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013/03/18 15:01:08 | 000,344,064 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/03/18 15:00:52 | 000,231,936 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/03/18 15:00:26 | 000,253,440 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/03/18 15:00:14 | 000,117,248 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/02/27 14:33:20 | 000,026,624 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/02/27 14:33:06 | 010,683,392 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/02/27 14:33:02 | 001,681,408 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/02/27 14:32:58 | 007,741,952 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/02/27 14:32:56 | 002,248,192 | ---- | M] () -- C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2013/02/16 13:41:23 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/14 07:05:10 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013/01/15 18:03:31 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/15 18:03:10 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/15 18:02:55 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/15 18:02:47 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013/01/13 16:39:24 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013/01/13 16:39:22 | 000,745,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\581e9ba9c81e2840a917fbd3d9661f85\System.Security.ni.dll
MOD - [2013/01/13 16:39:17 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013/01/13 16:39:12 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013/01/13 16:39:10 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013/01/13 16:39:03 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2012/12/08 11:31:23 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/10/08 11:42:50 | 000,482,232 | ---- | M] () -- C:\Program Files\Boingo\Boingo Wi-Finder\boingoex.dll
MOD - [2011/05/21 14:45:18 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/12/21 01:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2005/12/13 15:51:56 | 000,122,880 | ---- | M] () -- C:\Program Files\Lexmark 3300 Series\lxccdrec.dll
MOD - [2005/06/14 17:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files\Lexmark 3300 Series\iptk.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zebrsce.dll -- (SRTSP)
SRV - File not found [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)
SRV - [2013/05/14 19:19:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/01/27 12:11:46 | 000,295,232 | ---- | M] () [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/08 11:31:39 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/11/22 17:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012/11/22 17:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Program Files\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012/10/18 18:44:56 | 000,182,456 | ---- | M] () [Auto | Running] -- C:\Program Files\IDriveWindows\idwservice_501.exe -- (IDriveService)
SRV - [2012/10/18 18:40:48 | 000,125,112 | ---- | M] () [Auto | Running] -- C:\Program Files\IDriveWindows\idwadminsrv.exe -- (IDWAdmin)
SRV - [2012/09/20 14:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012/07/16 04:14:02 | 000,069,640 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2012/07/16 04:13:56 | 000,184,840 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe -- (NitroDriverReadSpool2)
SRV - [2012/04/27 10:37:41 | 000,013,160 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe -- (GoToAssist)
SRV - [2011/11/23 21:21:24 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\epson\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/05/29 17:32:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)
SRV - [2007/03/26 07:49:26 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxcccoms.exe -- (lxcc_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2013/01/20 16:59:04 | 000,100,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012/12/14 17:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/08/18 22:27:26 | 000,026,224 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2010/11/20 07:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 07:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 07:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 04:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 04:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/17 01:55:00 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2008/12/09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV - [2007/12/26 20:02:52 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/21 22:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/05 10:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/02/24 14:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 16:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: gmailwatcher%40sonthakit:1.57
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B0538E3E3-7E9B-4d49-8831-A227C80A7AD3%7D:2.2.2
FF - prefs.js..extensions.enabledAddons: %7B3e0e7d2a-070f-4a47-b019-91fe5385ba79%7D:3.5.9
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: grwatcher%40ajnasz.hu:1.7.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@worldwinner.com/Launcher2,version=1.10.0.25: C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012/11/28 17:02:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/13 16:25:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/15 21:24:57 | 000,000,000 | ---D | M]

[2011/05/21 14:12:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2013/01/08 13:38:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions
[2012/10/11 19:28:08 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/08/29 03:03:10 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2012/10/18 14:25:01 | 000,225,820 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\[email protected]
[2012/12/17 09:05:49 | 000,160,535 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\[email protected]
[2013/01/08 13:38:22 | 000,223,719 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\[email protected]
[2011/05/21 14:23:25 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\[email protected]
[2012/10/27 17:05:18 | 000,060,290 | ---- | M] () (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\extensions\[email protected]
[2013/01/13 16:23:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/04/07 19:47:09 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/28 17:02:26 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES\PDF ARCHITECT\FFPDFARCHITECTEXT
[2012/12/08 11:31:39 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2003/03/18 20:20:00 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\mfc71.dll
[2003/02/21 03:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr71.dll
[2012/06/20 11:54:54 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/02/01 15:47:38 | 000,155,648 | ---- | M] (IBM Corporation) -- C:\Program Files\mozilla firefox\plugins\npmfv.dll
[2012/06/20 11:54:56 | 000,091,584 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/08/31 15:38:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/28 20:35:21 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/21 08:53:18 | 000,000,856 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 94.63.240.150 www.bing.com
O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\" File not found
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Boingo Wi-Finder] C:\Program Files\Boingo\Boingo Wi-Finder\Boingo.lnk ()
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3300 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IDrive Background process] C:\Program Files\IDriveWindows\idwbg_501.exe (Pro Softnet Corporation)
O4 - HKLM..\Run: [IDrive Monitor] C:\Program Files\IDriveWindows\idwmonitor.exe (Pro Softnet Corporation)
O4 - HKLM..\Run: [LXCCCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe] C:\Program Files\Lexmark 3300 Series\lxccmon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [IDrive Background process] C:\Program Files\IDriveWindows\idwbg_501.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [IDrive Monitor] C:\Program Files\IDriveWindows\idwmonitor.exe (Pro Softnet Corporation)
O4 - HKCU..\Run: [MusicManager] C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E83FD6CF-77A6-4F36-AAA9-495EEBED6253}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\x-owacid2 {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GO36F4~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/23 17:52:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/21 20:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/23 17:55:07 | 000,704,528 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/05/23 17:55:07 | 000,627,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/23 17:55:07 | 000,372,842 | ---- | M] () -- C:\Windows\System32\prfh0804.dat
[2013/05/23 17:55:07 | 000,138,040 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/05/23 17:55:07 | 000,107,366 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/23 17:55:07 | 000,105,226 | ---- | M] () -- C:\Windows\System32\prfc0804.dat
[2013/05/23 17:50:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2013/05/23 17:33:40 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1523771525-3296313493-2961326560-1000UA.job
[2013/05/23 17:33:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/23 17:33:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/23 17:33:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/23 15:39:55 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 21:35:47 | 000,019,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 21:35:47 | 000,019,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/22 21:28:09 | 2817,048,576 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/21 15:50:24 | 002,250,054 | ---- | M] () -- C:\ProgramData\1.bmp
[2013/05/21 15:50:10 | 000,350,795 | ---- | M] () -- C:\ProgramData\1.jpg
[2013/05/15 21:27:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1523771525-3296313493-2961326560-1000Core.job
[2013/05/14 19:19:35 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/05/14 19:19:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/05/09 17:13:52 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2013/05/08 17:21:09 | 005,280,226 | ---- | M] () -- C:\Users\Matt\Documents\Lone_Mujahid_Pocketbook_Spring_2013-1.pdf
[2013/05/02 10:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/04/24 19:55:59 | 001,450,647 | ---- | M] () -- C:\Users\Matt\Desktop\MinnesotaRRs_info.pdf
[1 C:\Users\Matt\Desktop\*.tmp files -> C:\Users\Matt\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/21 15:50:24 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/05/21 15:50:03 | 000,350,795 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/05/08 17:21:08 | 005,280,226 | ---- | C] () -- C:\Users\Matt\Documents\Lone_Mujahid_Pocketbook_Spring_2013-1.pdf
[2013/04/24 19:55:58 | 001,450,647 | ---- | C] () -- C:\Users\Matt\Desktop\MinnesotaRRs_info.pdf
[2012/11/13 09:56:36 | 000,000,035 | ---- | C] () -- C:\Windows\A6W.INI
[2012/10/28 16:51:45 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IBSSubTmr.dll
[2012/10/03 19:06:40 | 000,090,176 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\lj1y6nb.dat
[2012/10/03 19:06:38 | 000,086,080 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\aftr4sb.dat
[2012/10/03 19:06:35 | 000,060,992 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\slr8k5s.dat
[2012/08/21 15:23:58 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2012/08/18 22:27:26 | 000,026,224 | ---- | C] () -- C:\Windows\System32\drivers\mbamchameleon.sys
[2012/07/11 07:18:14 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2012/07/09 19:42:02 | 000,000,117 | ---- | C] () -- C:\Windows\EWF845.ini
[2012/06/03 12:41:11 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxccinpa.dll
[2012/06/03 12:41:11 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcciesc.dll
[2012/06/03 12:41:11 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcchcp.dll
[2012/06/03 12:41:11 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxccinst.dll
[2012/06/03 12:41:10 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxccserv.dll
[2012/06/03 12:41:10 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxccusb1.dll
[2012/06/03 12:41:10 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxccpmui.dll
[2012/06/03 12:41:10 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxccprox.dll
[2012/06/03 12:41:10 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxccpplc.dll
[2012/06/03 12:41:09 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcclmpm.dll
[2012/06/03 12:41:08 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcchbn3.dll
[2012/06/03 12:41:08 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxccih.exe
[2012/06/03 12:41:07 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcccomc.dll
[2012/06/03 12:41:07 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxcccoms.exe
[2012/06/03 12:41:07 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcccomm.dll
[2012/06/03 12:41:06 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxcccfg.exe
[2012/04/27 10:37:37 | 000,103,784 | ---- | C] () -- C:\Users\Matt\GoToAssistDownloadHelper.exe
[2012/03/17 11:07:04 | 000,019,456 | ---- | C] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 16:06:07 | 000,010,639 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Tab Separated Values (Windows).CAL
[2011/08/15 16:34:16 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/06/10 19:22:59 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/05/29 21:03:59 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011/05/29 21:02:20 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/29 19:04:01 | 000,372,842 | ---- | C] () -- C:\Windows\System32\prfh0804.dat
[2011/05/29 19:04:01 | 000,111,310 | ---- | C] () -- C:\Windows\System32\prfi0804.dat
[2011/05/29 19:04:01 | 000,105,226 | ---- | C] () -- C:\Windows\System32\prfc0804.dat
[2011/05/29 19:04:01 | 000,031,548 | ---- | C] () -- C:\Windows\System32\prfd0804.dat
[2011/05/29 19:04:00 | 000,704,528 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2011/05/29 19:04:00 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2011/05/29 19:04:00 | 000,138,040 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2011/05/29 19:04:00 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2011/05/29 17:09:33 | 000,021,316 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/05/29 00:07:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/05/27 21:43:59 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/05/27 21:43:55 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2011/05/27 21:43:55 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/05/27 21:43:55 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/27 21:43:54 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

========== ZeroAccess Check ==========

[2012/03/27 08:11:02 | 000,000,082 | ---- | M] () -- C:\Windows\$NtUninstallKB18867$\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\8LM8S3WX\t.cxt.ms\lso.swf\u.sol
[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-1523771525-3296313493-2961326560-1000\$2846b182d777c47c043a18afa2f9c2af\n.

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\$Recycle.Bin\S-1-5-18\$2846b182d777c47c043a18afa2f9c2af\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2012/10/15 12:52:45 | 000,013,268 | ---- | M] ()(C:\Users\Matt\Documents\??.docx) -- C:\Users\Matt\Documents\慢走.docx
[2012/08/20 20:00:35 | 000,013,268 | ---- | C] ()(C:\Users\Matt\Documents\??.docx) -- C:\Users\Matt\Documents\慢走.docx

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB18867$] -> Error: Cannot create file handle -> Unknown point type

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello midwestlacrosse,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. In your case the 32bit version will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
After that

Please run OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Click the None button at the top.
  • Under the Custom Scan box paste this in

    dir C:\ /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents and post back here.
So when you return please post
  • FRST.txt
  • OTL.txt

  • 0

#3
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thank you for the quick reply!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-05-2013
Ran by Matt (administrator) on 23-05-2013 19:30:36
Running from C:\Users\Matt\Desktop
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
() C:\Program Files\IDriveWindows\idwservice_501.exe
() C:\Program Files\IDriveWindows\idwadminsrv.exe
( ) C:\Windows\system32\lxcccoms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe
(Nalpeiron Ltd.) C:\Windows\system32\NLSSRV32.EXE
(pdfforge GbR) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GbR) C:\Program Files\PDF Architect\ConversionService.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(UPEK Inc.) C:\Program Files\Fingerprint Reader Suite\upeksvr.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Creative Technology Ltd.) C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtcmd.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Google) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(Lexmark International, Inc.) C:\Program Files\Lexmark 3300 Series\lxccmon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Lexmark International Inc.) C:\Program Files\Lexmark 3300 Series\ezprint.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_501.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwmonitor.exe
(Boingo Wireless) C:\Program Files\Boingo\Boingo Wi-Finder\Boingo Wi-Finder.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Akamai Technologies, Inc.) C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(Amazon.com) C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Akamai Technologies, Inc.) C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SupportSoft, Inc.) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Farbar) C:\Users\Matt\Desktop\FRST.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2007-10-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM\...\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s [118784 2007-07-27] (Creative Technology Ltd.)
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2009-06-03] (SupportSoft, Inc.)
HKLM\...\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup [30192 2011-05-21] (Google)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] ()
HKLM\...\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [153640 2012-04-27] (ActivIdentity)
HKLM\...\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [407704 2012-04-27] (ActivIdentity)
HKLM\...\Run: [LXCCCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,[email protected] [73728 2007-02-22] ()
HKLM\...\Run: [lxccmon.exe] "C:\Program Files\Lexmark 3300 Series\lxccmon.exe" [205744 2007-05-11] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] "C:\Program Files\Lexmark 3300 Series\ezprint.exe" [103344 2007-05-11] (Lexmark International Inc.)
HKLM\...\Run: [EEventManager] "C:\Program Files\Epson Software\Event Manager\EEventManager.exe" [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] "C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe" [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] "C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe" [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [AprvRemoveLegacyExcelKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn [x]
HKLM\...\Run: [AprvRemoveLegacyWordKeys] "C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe" -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn [x]
HKLM\...\Run: [ApproveItForOfficeSetup] "C:\Program Files\ApproveIt\Support\Tools\ApproveItForOfficeSetup.exe " /1 /p "C:\Program Files\ApproveIt\" [x]
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IDrive Background process] "C:\Program Files\IDriveWindows\idwbg_501.exe" [43192 2012-10-18] (Pro Softnet Corporation)
HKLM\...\Run: [IDrive Monitor] "C:\Program Files\IDriveWindows\idwmonitor.exe" Min [2042040 2012-10-18] (Pro Softnet Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [Boingo Wi-Finder] "C:\Program Files\Boingo\Boingo Wi-Finder\Boingo.lnk" [2429 2013-02-08] ()
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll [X]
Winlogon\Notify\psfus: C:\Windows\system32\psqlpwd.dll (UPEK Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$2846b182d777c47c043a18afa2f9c2af\n. ATTENTION! ====> ZeroAccess
HKCU\...\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-12-28] (Google Inc.)
HKCU\...\Run: [MusicManager] "C:\Users\Matt\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [7366656 2013-03-18] (Google Inc.)
HKCU\...\Run: [Akamai NetSession Interface] "C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe" [4480768 2013-01-26] (Akamai Technologies, Inc.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [x]
HKCU\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [19662744 2013-04-16] (Google)
HKCU\...\Run: [IDrive Background process] "C:\Program Files\IDriveWindows\idwbg_501.exe" [43192 2012-10-18] (Pro Softnet Corporation)
HKCU\...\Run: [IDrive Monitor] "C:\Program Files\IDriveWindows\idwmonitor.exe" Min [2042040 2012-10-18] (Pro Softnet Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-1523771525-3296313493-2961326560-1000\$2846b182d777c47c043a18afa2f9c2af\n. ATTENTION! ====> ZeroAccess
Lsa: [Notification Packages] scecli psqlpwd
Startup: C:\ProgramData\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Amazon Unbox.lnk
ShortcutTarget: Amazon Unbox.lnk -> C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:466...q={searchTerms}
BHO: PE_IE_Helper Class - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)
BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
Toolbar: HKCU -No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
PDF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: x-owacid2 - {5B290518-830E-4C57-A66B-E4F748900C27} - C:\Program Files\Microsoft\SMIME Client (2010)\mimectl.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll [36352] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nitropdf.com/NitroPDF - C:\Program Files\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin: @real.com/nppl3260;version=6.0.11.2852 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nppl3260;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1662 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.46 - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @worldwinner.com/Launcher2,version=1.10.0.25 - C:\Program Files\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll (WorldWinner.com, Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Forecastfox - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
FF Extension: AddThis - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF Extension: gmailwatcher - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\[email protected]
FF Extension: grwatcher - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\[email protected]
FF Extension: isreaditlater - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\[email protected]
FF Extension: personas - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\[email protected]
FF Extension: translator - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\Extensions\[email protected]

========================== Services (Whitelisted) =================

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
R2 ADVService; C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-05-21] (Google)
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_501.exe [182456 2012-10-18] ()
R2 IDWAdmin; C:\Program Files\IDriveWindows\idwadminsrv.exe [125112 2012-10-18] ()
R2 lxcc_device; C:\Windows\system32\lxcccoms.exe [537520 2007-03-26] ( )
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184 2012-12-14] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [682344 2012-12-14] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] ()
R2 NitroDriverReadSpool2; C:\Program Files\Nitro PDF\Professional 7\NitroPDFDriverService2.exe [184840 2012-07-16] (Nitro PDF Software)
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1522312 2012-11-22] (pdfforge GbR)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [905864 2012-11-22] (pdfforge GbR)
R2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 ioloSystemService; "C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe" [x]
S2 SRTSP; %systemroot%\system32\zebrsce.dll [x]

==================== Drivers (Whitelisted) ====================

R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [20392 2008-12-09] (EldoS Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [26224 2012-08-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [21104 2012-12-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 MXOPSWD; C:\Windows\System32\DRIVERS\mxopswd.sys [22152 2007-05-03] (Maxtor Corp.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: SRTSP -> C:\Windows\system32\zebrsce.dll ==> No File.

==================== One Month Created Files and Folders ========

2013-05-23 19:30 - 2013-05-23 19:30 - 00000000 ____D C:\FRST
2013-05-23 19:29 - 2013-05-23 19:29 - 01318507 ____A (Farbar) C:\Users\Matt\Desktop\FRST.exe
2013-05-23 18:55 - 2013-04-05 00:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-23 18:55 - 2013-04-05 00:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-23 18:55 - 2013-04-05 00:28 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-05-23 18:55 - 2013-04-05 00:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-23 18:55 - 2013-04-05 00:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-05-23 18:55 - 2013-04-04 23:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-23 18:55 - 2013-04-04 22:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-23 18:00 - 2013-05-23 18:00 - 00038300 ____A C:\Users\Matt\Desktop\Extras.Txt
2013-05-23 17:59 - 2013-05-23 17:59 - 00104318 ____A C:\Users\Matt\Desktop\OTL.Txt
2013-05-23 17:52 - 2013-05-23 17:50 - 00602112 ____A (OldTimer Tools) C:\Users\Matt\Desktop\OTL.exe
2013-05-22 21:37 - 2013-04-09 22:14 - 02347520 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-22 21:37 - 2013-03-18 23:53 - 00186368 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-22 21:37 - 2013-03-18 22:33 - 00040960 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-22 21:36 - 2013-04-10 00:18 - 00728424 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-22 21:36 - 2013-04-10 00:18 - 00218984 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-22 21:36 - 2013-02-27 00:05 - 00101720 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-22 21:36 - 2013-02-26 23:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-22 21:36 - 2013-02-26 23:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-22 21:36 - 2013-02-26 23:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-22 21:36 - 2013-02-26 23:49 - 00047104 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-21 20:02 - 2013-05-22 21:26 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-21 15:50 - 2013-05-21 15:50 - 02250054 ____A C:\ProgramData\1.bmp
2013-05-03 22:20 - 2013-05-03 22:20 - 03149497 ____A C:\Users\Matt\Documents\Regiment TC NCO brief.pptx
2013-04-23 18:38 - 2013-04-12 08:45 - 01211752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders ========

2013-05-23 19:30 - 2013-05-23 19:30 - 00000000 ____D C:\FRST
2013-05-23 19:29 - 2013-05-23 19:29 - 01318507 ____A (Farbar) C:\Users\Matt\Desktop\FRST.exe
2013-05-23 19:27 - 2011-12-28 11:17 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1523771525-3296313493-2961326560-1000UA.job
2013-05-23 19:27 - 2011-05-29 16:50 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-23 19:27 - 2011-05-29 16:50 - 00019920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-23 19:24 - 2011-05-29 17:16 - 01053732 ____A C:\Windows\WindowsUpdate.log
2013-05-23 19:22 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-23 19:21 - 2012-06-26 18:44 - 00000000 ___SD C:\Users\Matt\Google Drive
2013-05-23 19:20 - 2011-11-22 23:58 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-23 19:19 - 2012-10-28 16:51 - 00000000 ____D C:\Users\Matt\AppData\Local\IDrive
2013-05-23 19:19 - 2009-07-13 23:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-23 19:19 - 2009-07-13 23:39 - 00271963 ____A C:\Windows\setupact.log
2013-05-23 19:19 - 2009-07-13 23:33 - 00414688 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-23 19:17 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-05-23 18:53 - 2011-05-29 20:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-05-23 18:53 - 2011-05-29 19:04 - 00372842 ____A C:\Windows\System32\prfh0804.dat
2013-05-23 18:53 - 2011-05-29 19:04 - 00105226 ____A C:\Windows\System32\prfc0804.dat
2013-05-23 18:53 - 2011-05-29 17:26 - 02075000 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-23 18:50 - 2011-06-15 22:34 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-23 18:48 - 2012-06-24 15:41 - 00000000 ____D C:\Users\Matt\Documents\Outlook Files
2013-05-23 18:06 - 2011-11-22 23:58 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-23 18:00 - 2013-05-23 18:00 - 00038300 ____A C:\Users\Matt\Desktop\Extras.Txt
2013-05-23 17:59 - 2013-05-23 17:59 - 00104318 ____A C:\Users\Matt\Desktop\OTL.Txt
2013-05-23 17:59 - 2012-04-15 12:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-23 17:50 - 2013-05-23 17:52 - 00602112 ____A (OldTimer Tools) C:\Users\Matt\Desktop\OTL.exe
2013-05-23 17:43 - 2012-10-28 20:35 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-22 21:29 - 2011-05-29 16:52 - 00000000 ____D C:\users\Matt
2013-05-22 21:27 - 2012-10-28 16:52 - 00000000 ____D C:\Windows\System32\IBCOMMON
2013-05-22 21:27 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-22 21:26 - 2013-05-21 20:02 - 00000000 ____D C:\ProgramData\HitmanPro
2013-05-22 21:26 - 2012-05-22 07:49 - 00000000 ____D C:\Users\Matt\AppData\Local\Akamai
2013-05-22 21:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-05-22 21:26 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-05-22 21:25 - 2012-07-17 21:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Nitro PDF
2013-05-22 21:25 - 2012-03-27 10:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Malwarebytes
2013-05-22 21:25 - 2011-05-29 20:06 - 00000000 __RHD C:\MSOCache
2013-05-22 05:42 - 2011-06-10 11:02 - 00000000 ____D C:\Windows\PCHEALTH
2013-05-21 15:50 - 2013-05-21 15:50 - 02250054 ____A C:\ProgramData\1.bmp
2013-05-16 06:08 - 2013-02-07 21:42 - 00000000 ____D C:\Users\Matt\Desktop\matts docs
2013-05-15 21:27 - 2011-12-28 11:17 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1523771525-3296313493-2961326560-1000Core.job
2013-05-15 21:24 - 2011-06-20 19:41 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-14 19:19 - 2012-04-15 12:56 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-14 19:19 - 2011-05-21 14:37 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-09 17:15 - 2012-06-21 07:04 - 00000000 ____D C:\Users\Matt\Desktop\Army Docs
2013-05-09 17:13 - 2012-06-28 19:53 - 00044544 ____A (Absolute Software Corp.) C:\Windows\System32\agremove.exe
2013-05-09 17:12 - 2012-06-03 12:42 - 00000000 ____D C:\Program Files\Lx_cats
2013-05-03 22:20 - 2013-05-03 22:20 - 03149497 ____A C:\Users\Matt\Documents\Regiment TC NCO brief.pptx
2013-05-02 10:28 - 2011-05-21 15:06 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-04-26 18:56 - 2011-05-21 14:50 - 00000000 ____D C:\ProgramData\Adobe

Other Malware:
===========
C:\Users\Matt\GoToAssistDownloadHelper.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-04-24 16:42

==================== End Of Log ============================

OTL logfile created on: 5/23/2013 7:38:23 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 66.02% Memory free
6.99 Gb Paging File | 5.83 Gb Available in Paging File | 83.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.93 Gb Free Space | 37.76% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 75.74 Gb Free Space | 16.26% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is D0C2-C25B
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Microsoft Security Client
10/03/2012 10:17 PM <SYMLINKD> Backup [c:\windows\system32\config]
05/23/2012 09:25 AM <SYMLINK> DbgHelp.dll [c:\windows\system32\config]
10/03/2012 10:17 PM <SYMLINKD> Drivers [c:\windows\system32\config]
03/05/2013 06:40 AM <SYMLINKD> en-us [c:\windows\system32\config]
01/27/2013 03:37 PM <SYMLINK> EppManifest.dll [c:\windows\system32\config]
01/27/2013 01:25 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
01/27/2013 01:05 PM <SYMLINK> mpevmsg.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpOAv.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> MSESysprep.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> msseces.exe [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> msseoobe.exe [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> msseooberes.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsseWat.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisLog.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisWFP.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> Setup.exe [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> SetupRes.dll [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> shellext.dll [c:\windows\system32\config]
05/19/2011 05:26 PM <SYMLINK> sqmapi.dll [c:\windows\system32\config]
05/23/2012 09:25 AM <SYMLINK> SymSrv.dll [c:\windows\system32\config]
04/06/2012 08:59 AM <SYMLINK> SymSrv.yes [c:\windows\system32\config]
29 File(s) 8,487,145 bytes
Directory of C:\Program Files\Windows Defender
07/13/2009 11:56 PM <SYMLINKD> en-US [c:\windows\system32\config]
05/29/2011 07:00 PM <SYMLINKD> es-ES [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
11/20/2010 07:19 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
07/13/2009 08:06 PM <SYMLINK> MpEvMsg.dll [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [c:\windows\system32\config]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
05/29/2011 06:59 PM <SYMLINKD> zh-CN [c:\windows\system32\config]
12 File(s) 2,930,176 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Matt
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Roaming]
05/29/2011 04:52 PM <JUNCTION> Cookies [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies]
05/29/2011 04:52 PM <JUNCTION> Local Settings [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> My Documents [C:\Users\Matt\Documents]
05/29/2011 04:52 PM <JUNCTION> NetHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/29/2011 04:52 PM <JUNCTION> PrintHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/29/2011 04:52 PM <JUNCTION> Recent [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Recent]
05/29/2011 04:52 PM <JUNCTION> SendTo [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\SendTo]
05/29/2011 04:52 PM <JUNCTION> Start Menu [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu]
05/29/2011 04:52 PM <JUNCTION> Templates [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Matt\AppData\Local
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> History [C:\Users\Matt\AppData\Local\Microsoft\Windows\History]
05/29/2011 04:52 PM <JUNCTION> Temporary Internet Files [C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Matt\Documents
05/29/2011 04:52 PM <JUNCTION> My Music [C:\Users\Matt\Music]
05/29/2011 04:52 PM <JUNCTION> My Pictures [C:\Users\Matt\Pictures]
05/29/2011 04:52 PM <JUNCTION> My Videos [C:\Users\Matt\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
07/13/2009 11:52 PM <SYMLINKD> $NtUninstallKB18867$ [..]
0 File(s) 0 bytes

< End of report >

Attached Files


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello midwestlacrosse,

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run OTL.exe again.
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Click the None button at the top.
  • Under the Custom Scan box paste this in

    dir C:\ /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents and post back here.
When you return please post
  • Fixlog.txt
  • OTL.txt

  • 0

#5
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
OTL logfile created on: 5/24/2013 6:09:34 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.55% Memory free
6.99 Gb Paging File | 5.73 Gb Available in Paging File | 81.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 87.22 Gb Free Space | 37.45% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is D0C2-C25B
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\Program Files\Microsoft Security Client
10/03/2012 10:17 PM <SYMLINKD> Backup [c:\windows\system32\config]
05/23/2012 09:25 AM <SYMLINK> DbgHelp.dll [c:\windows\system32\config]
10/03/2012 10:17 PM <SYMLINKD> Drivers [c:\windows\system32\config]
03/05/2013 06:40 AM <SYMLINKD> en-us [c:\windows\system32\config]
01/27/2013 03:37 PM <SYMLINK> EppManifest.dll [c:\windows\system32\config]
01/27/2013 01:25 PM <SYMLINK> MpAsDesc.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpClient.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MpCmdRun.exe [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
01/27/2013 01:05 PM <SYMLINK> mpevmsg.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpOAv.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpRTP.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MpSvc.dll [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> MSESysprep.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsMpEng.exe [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsMpLics.dll [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> MsMpRes.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> msseces.exe [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> msseoobe.exe [c:\windows\system32\config]
03/26/2012 05:08 PM <SYMLINK> msseooberes.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> MsseWat.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisIpsPlugin.dll [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisLog.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> NisSrv.exe [c:\windows\system32\config]
01/27/2013 12:12 PM <SYMLINK> NisWFP.dll [c:\windows\system32\config]
01/27/2013 12:11 PM <SYMLINK> Setup.exe [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> SetupRes.dll [c:\windows\system32\config]
01/27/2013 12:08 PM <SYMLINK> shellext.dll [c:\windows\system32\config]
05/19/2011 05:26 PM <SYMLINK> sqmapi.dll [c:\windows\system32\config]
05/23/2012 09:25 AM <SYMLINK> SymSrv.dll [c:\windows\system32\config]
04/06/2012 08:59 AM <SYMLINK> SymSrv.yes [c:\windows\system32\config]
29 File(s) 8,487,145 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Matt
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Roaming]
05/29/2011 04:52 PM <JUNCTION> Cookies [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies]
05/29/2011 04:52 PM <JUNCTION> Local Settings [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> My Documents [C:\Users\Matt\Documents]
05/29/2011 04:52 PM <JUNCTION> NetHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/29/2011 04:52 PM <JUNCTION> PrintHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/29/2011 04:52 PM <JUNCTION> Recent [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Recent]
05/29/2011 04:52 PM <JUNCTION> SendTo [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\SendTo]
05/29/2011 04:52 PM <JUNCTION> Start Menu [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu]
05/29/2011 04:52 PM <JUNCTION> Templates [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Matt\AppData\Local
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> History [C:\Users\Matt\AppData\Local\Microsoft\Windows\History]
05/29/2011 04:52 PM <JUNCTION> Temporary Internet Files [C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Matt\Documents
05/29/2011 04:52 PM <JUNCTION> My Music [C:\Users\Matt\Music]
05/29/2011 04:52 PM <JUNCTION> My Pictures [C:\Users\Matt\Pictures]
05/29/2011 04:52 PM <JUNCTION> My Videos [C:\Users\Matt\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
07/13/2009 11:52 PM <SYMLINKD> $NtUninstallKB18867$ [..]
0 File(s) 0 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender-events_31bf3856ad364e35_6.1.7600.16385_none_b56e56591cecccb4
07/13/2009 08:06 PM <SYMLINK> MpEvMsg.dll [...]
1 File(s) 52,224 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpClient.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpSvc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
9 File(s) 2,600,448 bytes
Directory of C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0
07/13/2009 08:15 PM <SYMLINK> MpAsDesc.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpClient.dll [...]
07/13/2009 08:14 PM <SYMLINK> MpCmdRun.exe [...]
11/20/2010 07:19 AM <SYMLINK> MpCommu.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpOAV.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpRTP.dll [...]
07/13/2009 08:15 PM <SYMLINK> MpSvc.dll [...]
07/13/2009 08:14 PM <SYMLINK> MSASCui.exe [...]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [...]
07/13/2009 08:07 PM <SYMLINK> MsMpLics.dll [...]
07/13/2009 08:15 PM <SYMLINK> MsMpRes.dll [...]
11 File(s) 2,877,952 bytes
Total Files Listed:
50 File(s) 14,017,769 bytes
54 Dir(s) 93,656,170,496 bytes free

< End of report >


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by Matt at 2013-05-24 05:57:36 Run:1
Running from C:\Users\Matt\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Deleting junctions completed successfully.

==== End of Fixlog ====
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hmm... something not working right, only part of that worked.

Let's try again.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Please run OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  • Click the None button at the top.
  • Under the Custom Scan box paste this in

    dir C:\ /S /A:L /C

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.

    o When the scan completes, it will open a notepad window. OTL.Txt . This is saved in the same location as OTL.
    o Please copy (Edit->Select All, Edit->Copy) the contents and post back here.

  • 0

#7
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hopefully it worked correctly this time! Thank you!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-05-2013
Ran by Matt at 2013-05-25 08:29:26 Run:2
Running from C:\Users\Matt\Desktop
Boot Mode: Normal

==============================================

"C:\Program Files\Microsoft Security Client" => Deleting junctions completed successfully.
HKLM\System\CurrentControlSet\Control\Lsa\\Notification Packages => Value was restored successfully.
C:\ProgramData\Start Menu\Programs\Startup\ActivClient Agent.lnk => Moved successfully.
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe => Moved successfully.
C:\ProgramData\Start Menu\Programs\Startup\Amazon Unbox.lnk => Moved successfully.
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe => Moved successfully.
C:\ProgramData\Start Menu\Programs\Startup\ApproveIt StartUp.lnk => Moved successfully.
ShortcutTarget: ApproveIt StartUp.lnk -> C:\Windows\Installer\{4E01B649-0023-4EB5-9263-57DE317C3418}\Icon9557F1BC1.ico () not found.
C:\ProgramData\Start Menu\Programs\Startup\Google Calendar Sync.lnk => Moved successfully.
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe => Moved successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk => Moved successfully.
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs SRTSP => Value deleted successfully.

==== End of Fixlog ====

OTL logfile created on: 5/25/2013 11:38:47 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matt\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 64.62% Memory free
6.99 Gb Paging File | 5.66 Gb Available in Paging File | 80.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.74 Gb Free Space | 36.82% Space Free | Partition Type: NTFS

Computer Name: MATT-PC | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is D0C2-C25B
Directory of C:\
07/13/2009 11:53 PM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\System Volume Information\SystemRestore\FRStaging\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0
11/20/2010 07:19 AM <SYMLINK> MpCommu.dll [c:\windows\system32\config]
11/20/2010 07:19 AM <SYMLINK> MsMpCom.dll [c:\windows\system32\config]
2 File(s) 277,504 bytes
Directory of C:\Users
07/13/2009 11:53 PM <SYMLINKD> All Users [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\ProgramData]
07/13/2009 11:53 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/13/2009 11:53 PM <JUNCTION> Documents [C:\Users\Public\Documents]
07/13/2009 11:53 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/13/2009 11:53 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/13/2009 11:53 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/13/2009 11:53 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/13/2009 11:53 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/13/2009 11:53 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/13/2009 11:53 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/13/2009 11:53 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/13/2009 11:53 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/13/2009 11:53 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/13/2009 11:53 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/13/2009 11:53 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Default\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Matt
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Roaming]
05/29/2011 04:52 PM <JUNCTION> Cookies [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies]
05/29/2011 04:52 PM <JUNCTION> Local Settings [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> My Documents [C:\Users\Matt\Documents]
05/29/2011 04:52 PM <JUNCTION> NetHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
05/29/2011 04:52 PM <JUNCTION> PrintHood [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
05/29/2011 04:52 PM <JUNCTION> Recent [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Recent]
05/29/2011 04:52 PM <JUNCTION> SendTo [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\SendTo]
05/29/2011 04:52 PM <JUNCTION> Start Menu [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu]
05/29/2011 04:52 PM <JUNCTION> Templates [C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Matt\AppData\Local
05/29/2011 04:52 PM <JUNCTION> Application Data [C:\Users\Matt\AppData\Local]
05/29/2011 04:52 PM <JUNCTION> History [C:\Users\Matt\AppData\Local\Microsoft\Windows\History]
05/29/2011 04:52 PM <JUNCTION> Temporary Internet Files [C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Matt\Documents
05/29/2011 04:52 PM <JUNCTION> My Music [C:\Users\Matt\Music]
05/29/2011 04:52 PM <JUNCTION> My Pictures [C:\Users\Matt\Pictures]
05/29/2011 04:52 PM <JUNCTION> My Videos [C:\Users\Matt\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/13/2009 11:53 PM <JUNCTION> My Music [C:\Users\Public\Music]
07/13/2009 11:53 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/13/2009 11:53 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Windows
07/13/2009 11:52 PM <SYMLINKD> $NtUninstallKB18867$ [..]
0 File(s) 0 bytes
Total Files Listed:
2 File(s) 277,504 bytes
51 Dir(s) 92,064,833,536 bytes free

< End of report >
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Much better. :)

Now

Please download ESET's Service Repair Tool.

  • Save it to your desktop
  • Right click on it an run it as Administrator
After that

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

#9
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I can now download and open files in Firefox and IE. Maybe the problem is fixed!? Thank you!

Farbar Service Scanner Version: 25-05-2013
Ran by Matt (administrator) on 25-05-2013 at 14:01:33
Running from "C:\Users\Matt\Desktop"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Maybe the problem is fixed!? Thank you!


Almost there. Just one more scan and all going well we will go to clearing away the tools we have been using.

Now

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#11
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C91MNPHJ\fcce1f0b22938d81ab41468e66a4a369[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Matt\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OFRXGDA0\8d6f882a510a4b26b382907215d54c36[1].htm HTML/Iframe.B.Gen virus deleted - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\62d5a204-39686fe7 multiple threats cleaned by deleting - quarantined
C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\207be7af-2349adf2 a variant of Java/Exploit.Agent.OIJ trojan cleaned by deleting - quarantined
C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\x2848xl9.default\user.js JS/SecurityDisabler.A.Gen application cleaned by deleting - quarantined
C:\Users\Matt\Downloads\driverrobot_setup.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Matt\Downloads\InstallFreeRARExtractFrog.exe multiple threats cleaned by deleting - quarantined
C:\Users\Matt\Downloads\PDFCreator-1_4_2_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Users\Matt\Downloads\PDFCreator-1_6_0_setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello again midwestlacrosse,

I think you are good to go. :thumbsup:

We have a couple of last steps to perform and then you're all set.Posted Image

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:


    :Commands
    [resethosts]
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
After reboot

  • Double-click OTL.exe to run it. (Vista users, please right click on OTL.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Any other tools remaining may be deleted.

Next, we need to clean your restore points and set a new one:

Open System by clicking the Start button, right-clicking Computer, and then clicking Properties.

  • In the left pane, click System protection. Administrator permission required If you're prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Under Protection Settings, click the radio button Configure.
  • Under Disk Space Usage, click the radio button Delete.
  • Click Continue, and then click OK.
-------------------------------------------------------------------------------------------------------------------

A reminder: Remember to (re-install if uninstalled during cleaning) update and turn back on any anti-malware programs you may have turned off during the cleaning process.
-------------------------------------------------------------------------------------------------------------------

Here are some things that I think are worth having a look at if you don't already know about them:

---------------------------------------------------------------------------------------------------------------------

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article Strong passwords: How to create and use them.

----------------------------------------------------------------------------------------------------------------------

Regularly check that your Java is up to date. Older versions are vunerable to malicious attack.

  • Download Java for Windows

    Reboot your computer.
    You also need to unininstall older versions of Java.
  • Click Start > Control Panel > Add or Remove Programs
  • Remove all Java updates except the latest one you have just installed.
--------------------------------------------------------------------------------------------------------------------

To help protect your computer in the future:



If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.

* Click Start > Control Panel > System and Security > Windows Update
* Under Windows Update click on Turn automatic updating on or off
* Check items shown to ensure you receive updates automatically. Click OK.

Be aware of what emails you open and websites you visit.

Go here for some good advice about how to prevent infection.

A fun way to check your online safety literacy.

Quiz - getsafeonline

Have a safe and happy computing day!
  • 0

#13
midwestlacrosse

midwestlacrosse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Awesome! Computer works good again. I highly appreciate your assistance! Thank you again
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
You are very welcome. :happy:

I will keep this topic open for a few days in case any issues arise.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP