Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware all over the PC. [Closed]


  • This topic is locked This topic is locked

#16
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Acknowledged...

Let myself know when done so and do please answer my prior query:-

Fair play, can you inform myself which Operating System is on the machine used please to download, as it would be prudent to secure the USB Drive so no infection is spread. Please do not be alarmed by this and merely view it as myself erring on the side of caution.

And we will then go from there OK. :)
  • 0

Advertisements


#17
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
I am done, I don't see AOL Toolbar in the uninstall list. Also we use Windows 7 on all the PCs. Is there a way to clean a thumb drive before removing it to insure it isn't infected? Nothing has happened on the other PC's I had it on thus far. So where do we go from here now? :) Thanks for everything so far.
  • 0

#18
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

I am done, I don't see AOL Toolbar in the uninstall list

Not a problem, might as well uninstall the following also since you mentioned do not use the particular browser:-

Google Chrome
Google Update Helper


Thanks for everything so far.

You're welcome!

Also we use Windows 7 on all the PCs. Is there a way to clean a thumb drive before removing it to insure it isn't infected? Nothing has happened on the other PC's I had it on thus far

We can do as follows...

Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of any machine you have been using to download etc.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
  • Insert your USB Drive in your machine...it will be automatically vaccinated(as will any usb drives connected in the future).
Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advice would be to keep it installed.

Scan with JRT:

Please download Junkware Removal Tool to the desktop(use your USB drive to transfer if still problems downloading via the infected machine).

Note: Temp shut down your protection software now to avoid potential conflicts, how to do so can be read here.

  • Right-click on JRT.exe and select Run as Administrator to launch the application.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply.
Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Reset Firefox:

Note: You can also refer to this Mozzilla Support article.

  • Launch Firefox >> Help >> Troubleshooting Information
Note: If no Menu bar visible >> right click on the top of the browser >> Menu Bar to make it show.
  • Near the top of the new window that appears under Reset Firefox to its default state
  • Click on Reset Firefox... >> in the Reset Firefox window that appears >> click on Reset Firefox >> Finish.
Note: There will now be a folder on your desktop called Old Firefox Data, this is a backup of bookmarks/settings etc. You can delete this when I give the all clear if you so wish.

This web-page is worth bookmarking/reading for future reference:-

Securing Your Web Browser

Re-scan with OTL:

OTL should still be on the desktop...if not redownload from here. Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is the computer performing now, any further symptoms and or problems encountered?
  • Junkware Removal Tool Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#19
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Hello! Sorry for the slow reply. So far the pop up tabs ceased and my downloads are no longer hijacked on this PC. If there are problems, I don't see them.

Looks like the junk scan has gotten quiet a few things.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Angelina on Sat 07/06/2013 at 23:46:42.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-139958153-1293919107-277672395-1000\software\web assistant"
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlauncher.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mywebsearch.skinlaunchersettings.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0475C69C-3859-4BB5-A110-08965740E8A4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{888CF3EE-7AC0-460E-A521-A89349956C99}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C22C8A74-DD20-4D7A-B6C7-1CF78A7FCF1B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E6789607-1013-4742-AB05-165555DDCF50}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\big fish games"
Successfully deleted: [Folder] "C:\Users\Angelina\AppData\Roaming\pccustubinstaller"
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{0E805AAF-FD68-4639-80EC-48C8B061816E}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{159EBF6B-3C26-4F00-8A53-B5AC03ED6B6E}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{163E4B0A-B690-47BD-9CB1-82444CC506A3}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{16D95AAB-2720-4D31-B879-92965BFEF10F}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{22D081B9-2E25-4A0A-93D1-571EA8FAE305}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{23442B1D-F7E1-4B37-963E-74F0EF31BF42}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{270EF138-4EB1-4AF3-A37C-4C23082DA981}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{2FFC7173-1255-4A08-B995-BCF2138ECC68}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{306861D1-4950-4084-A371-5B8AE7C2B36D}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{31272C7E-BC8A-49D3-ADFA-5CE5BBE7E84C}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{36F9D151-F091-4212-91D6-06CFD0C82301}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{38D778F9-6E76-4395-A35F-77479C118137}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{3A6111DC-8DC1-40B6-A1D4-8556C69212AC}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{3AF06F52-7861-467C-BA98-161276F585BC}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{3B4B72D4-1D90-45D8-A966-DDCD46BC1E00}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{3D00350A-1D3E-44DA-891D-C4651C44FB98}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{3D59A9F5-19DA-4835-B780-52E7EFBF2A73}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{40B6CA5C-F466-46E1-9CA3-F83127F70821}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{41BBFF3A-985D-4F23-9768-17A249C0D09A}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{4A67CFBF-1889-4766-9B14-8504FADF6D8D}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{57DA0788-FA18-413D-9751-B9AE22F21B4E}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{5D9CED7C-3E8B-4B7B-9F40-7ABE415DC66F}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{5DF03D71-20EF-4ED7-929B-5A6E15481B3D}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{5FB405F2-2DC8-471D-B052-C99508A5E82D}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{605F6C4E-E773-46C6-8AAF-A2F91FB81A38}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{62B287BF-72BD-496D-8B64-C468D7F5CED9}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{66D42F03-C502-460F-9049-446D44028D84}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{68C3E6AB-7E12-4E6F-9C70-E0891F6297C9}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{6B9173C5-90D2-4C3E-AA05-9978A447728B}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{7123AD03-73B9-469C-B95D-84E4A16D890C}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{72A3AC00-822E-41A0-86F2-1791507BD772}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{787AD29E-AC49-481E-85BF-3715B60877E1}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{7BCB8D50-2C60-4637-B325-B86D699ADD37}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{8BD2AA6D-58DF-48B1-91C0-D228A4C888BF}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{9368B405-77C9-4DD5-9A43-4B18F83C05FB}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{974FCE46-A8A2-4D2A-AB1D-06EC9523C862}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{98610BFB-F7F0-48FF-BB09-229F87F8EE9D}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{9A347BA2-2637-4A46-AFDE-0E1126A0B256}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{A3D4B4AF-9DD0-4233-8342-FF29BE1EA0D3}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{A4AC7A91-A8CC-4A21-B973-28D9716B34A6}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{A52E3013-961F-4DBB-84C1-EFC53372E1F0}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{A8CC78DA-28F6-4484-8946-6E5EE1F301B5}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{A9408F6C-D10E-46F8-A076-301688A346A1}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{AA198C17-BE01-4297-A153-36CCB2912371}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{ACE10CF7-713B-4467-8FEB-4DA2C1A2287A}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{AE18AEEA-0AE0-4B36-9B27-F18830016388}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{AFDBC0C5-159F-4F4D-A2DC-5438F1FBA2AA}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{B18FFA70-1C27-42CE-86A8-A9F122B30FF8}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{B4F53B99-634E-4C41-BCEE-4CEEB390A143}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{B7BBBE92-9235-4724-B2FC-D1B5EEFCC21F}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{B8C71111-8B8F-4F39-83C1-259C3F6206DC}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{BD68E432-AEEF-4C51-9E70-A151FE8A3651}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{C010F274-38A4-4067-8744-8ED4C64C5C12}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{C226125D-397C-49B6-A196-95A935F88995}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{C2A097E6-F997-4E18-8F51-15F395EAF937}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{C9EB2FF1-2006-43E3-BE30-8AFDEB7EA574}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{D240DC67-1303-4B11-ABA7-7317F57C7753}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{D312E312-9DD7-4C4C-9E1C-7E15A36BFB87}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{D59B8F63-D5C5-4B9A-9BCF-E3B81A8306FC}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{D706A7DD-218E-4114-9533-BE8A55E78F10}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{DD6D30E0-AF17-4F13-A5D0-1063AB7A06CC}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{E36645E5-A9D4-4F79-B019-F1E640008BF4}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{E8110D0D-B185-4630-89B9-FCBF92BB8E56}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{EA783A50-1E7B-4731-B679-0037355AD127}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{EA7B89DC-E8DE-4F88-BAA2-EDA3A784B353}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{EA90392C-6A4B-4362-92F8-65E0274F9B66}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{ECC6BD3E-AB00-4F80-AD1D-5F5A00CF169B}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{EFC58D4F-2E05-4334-B8AD-BB3A92989DA5}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{F1116A76-51C1-4C15-A501-5D527B3A50F3}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{F51B8265-D366-4777-A27D-F9E8EFDA1422}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{F68FE1EC-5B23-41C0-8E47-6F2F3B04928A}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{F717BE83-0343-408F-A7EE-649223BFDC97}
Successfully deleted: [Empty Folder] C:\Users\Angelina\appdata\local\{FF94EA46-5B2C-4DEF-95B3-7FFF49522201}



~~~ FireFox

Successfully deleted: [File] C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\invalidprefs.js
Successfully deleted: [Folder] C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted the following from C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\prefs.js

user_pref("aol_toolbar.default.search.url", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=B99DB5E188E649269B8B1E896A54A795&tb_oid
user_pref("aol_toolbar.search.searchtype", "web");
user_pref("blingee.guard.defaultengine_keyword_url", "hxxp://www.searchcanvas.com/web?ot=8&q=");
user_pref("blingee.guard.defaultengine_name", "SearchCanvas");
user_pref("browser.search.defaulturl", "hxxp://search.aol.com/search/search?q={searchTerms}&s_it=adknowledgeaol-ff&s_qt=sb&tb_uuid=B99DB5E188E649269B8B1E896A54A795&tb_oid=04-0
user_pref("extensions.defaulttab.active.affiliate", 4206);
user_pref("extensions.defaulttab.active.overridechromesearch", false);
user_pref("extensions.defaulttab.active.overridekeywordsearch", false);
user_pref("extensions.defaulttab.browserID", "C0EAB8984BA925AD8EAD0F953300366E");
user_pref("extensions.defaulttab.firstrun", false);
user_pref("extensions.defaulttab.installedVersion", "2.0");
Emptied folder: C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\minidumps [5 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Angelina\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 07/06/2013 at 23:50:21.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Two more posts coming with the two logs.
  • 0

#20
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OTL logfile created on: 7/7/2013 10:10:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angelina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 4.64 Gb Available Physical Memory | 77.62% Memory free
11.96 Gb Paging File | 9.58 Gb Available in Paging File | 80.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 738.39 Gb Free Space | 80.55% Space Free | Partition Type: NTFS
Drive F: | 3.65 Gb Total Space | 3.55 Gb Free Space | 97.16% Space Free | Partition Type: FAT32

Computer Name: ANGELINA-PC | User Name: Angelina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/02 11:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angelina\Desktop\OTL.exe
PRC - [2013/06/26 20:30:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/12 10:25:07 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
PRC - [2012/12/20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
PRC - [2012/09/17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2012/01/27 14:30:16 | 000,465,216 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2012/01/26 19:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2012/01/26 19:47:36 | 004,293,952 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/29 06:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
PRC - [2011/06/27 17:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe


========== Modules (No Company Name) ==========

MOD - [2013/06/26 20:30:59 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/12 10:25:07 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2013/05/15 03:13:02 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\990123c5701a26f1d724150839811bce\System.Xml.Linq.ni.dll
MOD - [2013/05/15 03:12:25 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\1e8f7367eaa08c5057d78c093982f8f0\System.IdentityModel.ni.dll
MOD - [2013/05/15 03:12:24 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\e698a866fd16973a24ca6697218028ad\System.ServiceModel.ni.dll
MOD - [2013/05/15 03:12:09 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013/05/15 03:05:17 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/15 03:05:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013/05/15 03:05:01 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/15 03:04:54 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/15 03:04:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/02/13 04:30:08 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\9266d6e1f8057b5b62b460cbf33cda21\System.WorkflowServices.ni.dll
MOD - [2013/02/13 04:26:51 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/01/10 04:57:30 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\1e04a5319c58010e945220af2751d34e\System.ServiceModel.Web.ni.dll
MOD - [2013/01/10 04:51:00 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 04:50:58 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\eb33bf977e97e97b12e82c18e36fbaee\SMDiagnostics.ni.dll
MOD - [2013/01/10 04:47:48 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 04:47:14 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 04:47:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 04:46:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 04:46:54 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/12/20 18:19:26 | 000,479,752 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
MOD - [2012/01/26 19:49:34 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/29 06:52:54 | 000,474,176 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemoteService.exe
MOD - [2011/06/27 17:26:30 | 002,022,976 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe
MOD - [2011/06/27 17:25:30 | 000,058,944 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\DataService.dll
MOD - [2011/06/24 21:21:46 | 000,322,624 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\en-US\UI\ManagerUI.dll
MOD - [2011/06/24 21:20:26 | 000,565,968 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\sqlite3.dll
MOD - [2010/03/22 13:52:42 | 006,776,832 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtGui4.dll
MOD - [2010/03/16 18:28:28 | 000,326,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtXml4.dll
MOD - [2010/03/16 18:28:16 | 000,635,904 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtNetwork4.dll
MOD - [2010/03/16 18:28:04 | 001,926,144 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\QtCore4.dll
MOD - [2010/03/11 17:52:34 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qmng4.dll
MOD - [2010/03/11 17:52:34 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qgif4.dll
MOD - [2010/03/05 13:07:58 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qjpeg4.dll
MOD - [2010/03/05 13:07:58 | 000,031,744 | ---- | M] () -- C:\Program Files (x86)\Dell\Stage Remote\plugins\imageformats\qico4.dll


========== Services (SafeList) ==========

SRV:64bit: - [2011/08/10 15:53:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 16:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/26 20:30:59 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 10:25:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/14 13:26:12 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/21 14:32:50 | 000,819,040 | ---- | M] (Infowatch) [Auto | Running] -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe -- (CSObjectsSrv)
SRV - [2012/12/20 18:23:04 | 000,356,968 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe -- (avp)
SRV - [2012/09/17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/06/11 17:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 17:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/02/16 10:49:44 | 001,695,040 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/11/25 03:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 03:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/25 18:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/02 23:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/16 14:27:09 | 000,004,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bbcap.sys -- (bbcap)
DRV:64bit: - [2012/11/02 15:48:52 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/10/18 14:50:46 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/09/03 18:23:58 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/09/03 17:57:00 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/10 04:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012/05/29 19:55:55 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/29 19:55:55 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/10 15:53:28 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/10 15:53:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/10 15:53:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 15:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/02 14:39:44 | 000,084,536 | ---- | M] (Infowatch) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\CSCrySec.sys -- (CSCrySec)
DRV:64bit: - [2011/06/02 14:39:44 | 000,066,616 | ---- | M] (Infowatch) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys -- (CSVirtualDiskDrv)
DRV:64bit: - [2011/03/10 19:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/10 16:27:32 | 001,576,576 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/21 17:02:40 | 002,374,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/26 15:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2008/07/26 15:22:34 | 002,624,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2008/07/26 15:22:22 | 000,015,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2006/11/01 02:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/10 14:29:02 | 000,050,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\koramgame\STOnline\avital\wyqku64.sys -- (uqk)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{496A8516-EF98-46B3-A130-3C33996E76CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{496A8516-EF98-46B3-A130-3C33996E76CB}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-139958153-1293919107-277672395-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-139958153-1293919107-277672395-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-139958153-1293919107-277672395-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaolp00000023"
FF - prefs.js..extensions.enabledAddons: plugin%40starstable.com:1.0.0.2
FF - prefs.js..extensions.enabledAddons: %7B000F1EA4-5E08-4564-A29B-29076F63A37A%7D:1.0.3.171
FF - prefs.js..extensions.enabledAddons: %7B6226BA26-C017-4007-928C-DE9715C6FA67%7D:1.0.0
FF - prefs.js..extensions.enabledAddons: scriptish%40erikvold.com:0.1.11
FF - prefs.js..extensions.enabledAddons: anti_banner%40kaspersky.com:13.0.2.558
FF - prefs.js..extensions.enabledAddons: %7B494C52B1-9CE9-4A5A-B18B-4EC234EA4F61%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Angelina\AppData\Local\Roblox\Versions\version-1c92e6916e7c4b20\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Angelina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\Angelina\AppData\Roaming\Mozilla\Firefox\Profiles\oupu947a.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Angelina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/01 18:56:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected]spersky.com [2013/07/01 18:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/01 18:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/01 18:56:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\[email protected] [2013/07/01 18:56:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/26 20:30:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/26 20:30:57 | 000,000,000 | ---D | M]

[2012/06/15 17:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelina\AppData\Roaming\mozilla\Extensions
[2013/07/06 23:49:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions
[2012/07/21 11:27:50 | 000,000,000 | ---D | M] () -- C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}
[2013/07/01 20:15:40 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions\{494C52B1-9CE9-4A5A-B18B-4EC234EA4F61}
[2012/12/04 21:00:42 | 000,000,000 | ---D | M] ("Star Stable Online") -- C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions\[email protected]
[2013/06/16 19:11:37 | 000,202,188 | ---- | M] () (No name found) -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\extensions\[email protected]
[2012/12/10 14:13:21 | 000,061,817 | ---- | M] () (No name found) -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\extensions\{6226BA26-C017-4007-928C-DE9715C6FA67}.xpi
[2013/07/04 10:54:26 | 000,002,560 | ---- | M] () -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\searchplugins\aol-search.xml
[2013/01/30 00:28:34 | 000,002,402 | ---- | M] () -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\searchplugins\bingp.xml
[2013/06/08 15:56:27 | 000,001,108 | ---- | M] () -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\searchplugins\internethelper31-customized-web-search.xml
[2013/07/05 20:07:25 | 000,005,401 | ---- | M] () -- C:\Users\Angelina\AppData\Roaming\mozilla\firefox\profiles\oupu947a.default\searchplugins\searchcanvas.xml
[2013/06/26 20:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/26 20:30:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/26 20:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/26 20:30:57 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/06/26 20:30:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/01 18:56:16 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY PURE 3.0\FFEXT\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - Extension: YouTube = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Kaspersky URL Advisor = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.2.733_0\
CHR - Extension: Virtual Keyboard = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.2.733_0\
CHR - Extension: getsav-in = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0\
CHR - Extension: Gmail = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Anti-Banner = C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.2.733_0\

O1 HOSTS File: ([2013/07/04 20:05:33 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (getsav-in 5.0) - {779B8AAB-11D0-4FD8-BA7D-6DE8481402E3} - C:\Users\Angelina\AppData\Local\getsav-in\ie\getsav-in_1372869902.dll File not found
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Kaspersky Passsword Manager Toolbar) - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\spIEBho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Stage Remote] C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe ()
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-21-139958153-1293919107-277672395-1000..\Run: [CAHeadless] C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-139958153-1293919107-277672395-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-139958153-1293919107-277672395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-139958153-1293919107-277672395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A43453B-3302-4514-9559-DA2242DE234B}: DhcpNameServer = 172.16.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/14 22:54:30 | 000,000,166 | ---- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/06 23:46:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/07/06 23:46:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/07/06 23:40:42 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Angelina\Desktop\JRT.exe
[2013/07/05 13:17:55 | 000,000,000 | ---D | C] -- C:\8527ea6d4f557f4db653da590ae2
[2013/07/04 23:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/07/04 20:06:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/07/04 19:59:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/07/04 19:59:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/07/04 19:59:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/07/04 19:59:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/07/04 19:59:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/07/04 19:58:51 | 005,085,494 | R--- | C] (Swearware) -- C:\Users\Angelina\Desktop\ComboFix.exe
[2013/07/03 15:46:50 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/02 12:37:22 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/07/02 12:37:22 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/07/02 12:37:22 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/07/02 12:37:22 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/07/02 12:37:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/07/02 12:37:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/07/02 11:44:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Angelina\Desktop\OTL.exe
[2013/07/02 11:40:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Angelina\Desktop\aswMBR.exe
[2013/07/01 20:52:47 | 000,000,000 | ---D | C] -- C:\Users\Angelina\AppData\Roaming\Malwarebytes
[2013/07/01 20:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/01 20:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/01 20:52:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/07/01 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/01 20:34:38 | 000,000,000 | ---D | C] -- C:\Users\Angelina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
[2013/07/01 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\Angelina\AppData\Local\Programs
[2013/07/01 19:53:30 | 000,000,000 | ---D | C] -- C:\Users\Angelina\AppData\Local\LogMeIn Rescue Applet
[2013/07/01 18:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0
[2013/07/01 18:57:14 | 000,000,000 | --SD | C] -- C:\Users\Angelina\Documents\Passwords Database
[2013/07/01 18:57:04 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/07/01 18:56:46 | 000,066,616 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSVirtualDiskDrv.sys
[2013/07/01 18:56:33 | 000,084,536 | ---- | C] (Infowatch) -- C:\Windows\SysNative\drivers\CSCrySec.sys
[2013/07/01 18:56:18 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/06/30 20:06:54 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Angelina\Desktop\dds.com
[2013/06/30 19:39:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/06/26 20:30:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/06/15 03:00:42 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/15 03:00:42 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/06/13 03:01:55 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/06/13 03:01:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/06/13 03:01:55 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/06/13 03:01:55 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/06/13 03:01:55 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/06/13 03:01:55 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/06/13 03:01:55 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/06/13 03:01:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/06/13 03:01:55 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/06/13 03:01:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/06/13 03:01:54 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/06/13 03:01:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/06/13 03:01:53 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/06/12 12:26:01 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/06/12 12:26:01 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/06/12 12:25:59 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013/06/12 12:25:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013/06/12 12:25:44 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/06/12 12:25:42 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013/06/12 12:25:41 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/06/12 12:25:41 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013/06/12 12:25:41 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/06/12 12:25:41 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013/06/12 12:25:41 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013/06/12 12:25:30 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/06/12 12:25:29 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

========== Files - Modified Within 30 Days ==========

[2013/07/07 10:06:53 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000UA.job
[2013/07/07 10:06:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/07 10:06:53 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/07 10:06:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/06 23:40:45 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Angelina\Desktop\JRT.exe
[2013/07/06 20:42:29 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/06 20:42:29 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/05 20:13:24 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/04 23:19:22 | 000,000,031 | ---- | M] () -- C:\Windows\SysNative\bbcap.err
[2013/07/04 23:19:16 | 523,218,943 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/04 21:56:08 | 005,085,494 | R--- | M] (Swearware) -- C:\Users\Angelina\Desktop\ComboFix.exe
[2013/07/04 20:05:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/07/04 19:48:53 | 000,001,048 | ---- | M] () -- C:\Users\Angelina\Desktop\Continue Download Helper Installation.lnk
[2013/07/04 19:26:53 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-139958153-1293919107-277672395-1000Core.job
[2013/07/04 11:15:19 | 000,779,788 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/04 11:15:19 | 000,660,520 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/04 11:15:19 | 000,121,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/04 10:43:01 | 000,650,027 | ---- | M] () -- C:\Users\Angelina\Desktop\AdwCleaner.exe
[2013/07/02 11:44:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Angelina\Desktop\OTL.exe
[2013/07/02 11:44:18 | 000,000,512 | ---- | M] () -- C:\Users\Angelina\Desktop\MBR.dat
[2013/07/02 11:42:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Angelina\Desktop\aswMBR.exe
[2013/07/01 20:52:43 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/01 19:01:34 | 000,002,218 | ---- | M] () -- C:\Users\Angelina\Desktop\Safe Money.lnk
[2013/07/01 18:57:04 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2013/07/01 18:18:36 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dat
[2013/06/30 20:17:28 | 000,004,455 | ---- | M] () -- C:\Users\Angelina\Desktop\Attachtext.rar
[2013/06/30 20:06:57 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Angelina\Desktop\dds.com
[2013/06/22 22:03:03 | 000,011,460 | ---- | M] () -- C:\Users\Angelina\Desktop\cat1371963758865.png
[2013/06/22 20:55:54 | 000,094,380 | ---- | M] () -- C:\Users\Angelina\Desktop\happybday.png
[2013/06/18 21:04:06 | 000,053,483 | ---- | M] () -- C:\Users\Angelina\Desktop\ooooooooo.png
[2013/06/18 15:46:44 | 000,041,957 | ---- | M] () -- C:\Users\Angelina\Desktop\wow.png
[2013/06/18 14:15:42 | 000,398,875 | ---- | M] () -- C:\Users\Angelina\Desktop\haylee.png
[2013/06/14 12:42:05 | 000,008,489 | ---- | M] () -- C:\Users\Angelina\AppData\Local\recently-used.xbel
[2013/06/13 21:17:13 | 000,165,541 | ---- | M] () -- C:\Users\Angelina\Desktop\537085_359687050797410_1524904552_n.jpg
[2013/06/12 22:42:47 | 000,048,548 | ---- | M] () -- C:\Users\Angelina\Desktop\ear_types_by_xxforestfirezxx-d67g415.png
[2013/06/12 13:40:37 | 000,239,967 | ---- | M] () -- C:\Users\Angelina\Desktop\521891_190205304464119_461054557_n.png
[2013/06/12 10:25:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/06/12 10:25:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/06/12 00:43:01 | 001,100,539 | ---- | M] () -- C:\Users\Angelina\Desktop\aww song.wma
[2013/06/12 00:34:21 | 000,476,429 | ---- | M] () -- C:\Users\Angelina\Desktop\chips.wma
[2013/06/10 22:54:49 | 000,073,744 | ---- | M] () -- C:\Users\Angelina\Desktop\woah.png
[2013/06/10 22:10:38 | 003,601,469 | ---- | M] () -- C:\Users\Angelina\Desktop\pets 2.wma
[2013/06/10 21:57:57 | 001,675,259 | ---- | M] () -- C:\Users\Angelina\Desktop\pets.wma
[2013/06/10 13:43:45 | 000,027,103 | ---- | M] () -- C:\Users\Angelina\Desktop\yup 5.png
[2013/06/10 13:41:41 | 000,027,106 | ---- | M] () -- C:\Users\Angelina\Desktop\yup 3.png
[2013/06/10 13:39:21 | 000,022,452 | ---- | M] () -- C:\Users\Angelina\Desktop\you 3.png
[2013/06/10 13:37:32 | 000,018,983 | ---- | M] () -- C:\Users\Angelina\Desktop\yup 2.png
[2013/06/10 13:36:10 | 000,016,848 | ---- | M] () -- C:\Users\Angelina\Desktop\yup.png
[2013/06/10 13:24:38 | 001,077,218 | ---- | M] () -- C:\Users\Angelina\Desktop\aww 5.png
[2013/06/10 13:23:30 | 000,623,002 | ---- | M] () -- C:\Users\Angelina\Desktop\aww 4.png
[2013/06/10 13:21:22 | 000,445,119 | ---- | M] () -- C:\Users\Angelina\Desktop\aww 3.png
[2013/06/10 13:19:30 | 000,422,763 | ---- | M] () -- C:\Users\Angelina\Desktop\aww 2.png
[2013/06/10 12:24:30 | 000,085,730 | ---- | M] () -- C:\Users\Angelina\Desktop\love.png
[2013/06/10 12:13:35 | 000,389,442 | ---- | M] () -- C:\Users\Angelina\Desktop\aww.png
[2013/06/09 22:54:05 | 000,272,223 | ---- | M] () -- C:\Users\Angelina\Desktop\adopts.png
[2013/06/09 22:25:29 | 001,306,334 | ---- | M] () -- C:\Users\Angelina\Desktop\what.png
[2013/06/09 02:22:29 | 001,325,375 | ---- | M] () -- C:\Users\Angelina\Desktop\cupcake ref.png
[2013/06/08 22:35:43 | 000,023,768 | ---- | M] () -- C:\Users\Angelina\Desktop\576836_533407150028962_292981641_n.jpg
[2013/06/08 14:16:04 | 000,000,258 | RHS- | M] () -- C:\Users\Angelina\ntuser.pol
[2013/06/08 07:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

========== Files Created - No Company Name ==========

[2013/07/04 19:59:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/07/04 19:59:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/07/04 19:59:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/07/04 19:59:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/07/04 19:59:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/04 10:42:54 | 000,650,027 | ---- | C] () -- C:\Users\Angelina\Desktop\AdwCleaner.exe
[2013/07/03 09:49:22 | 000,001,048 | ---- | C] () -- C:\Users\Angelina\Desktop\Continue Download Helper Installation.lnk
[2013/07/02 11:44:18 | 000,000,512 | ---- | C] () -- C:\Users\Angelina\Desktop\MBR.dat
[2013/07/01 20:52:43 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/01 19:01:34 | 000,002,218 | ---- | C] () -- C:\Users\Angelina\Desktop\Safe Money.lnk
[2013/07/01 18:57:48 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk
[2013/07/01 18:18:36 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/06/30 20:17:28 | 000,004,455 | ---- | C] () -- C:\Users\Angelina\Desktop\Attachtext.rar
[2013/06/22 22:03:02 | 000,011,460 | ---- | C] () -- C:\Users\Angelina\Desktop\cat1371963758865.png
[2013/06/22 20:55:54 | 000,094,380 | ---- | C] () -- C:\Users\Angelina\Desktop\happybday.png
[2013/06/18 21:04:05 | 000,053,483 | ---- | C] () -- C:\Users\Angelina\Desktop\ooooooooo.png
[2013/06/18 15:46:44 | 000,041,957 | ---- | C] () -- C:\Users\Angelina\Desktop\wow.png
[2013/06/18 14:15:39 | 000,398,875 | ---- | C] () -- C:\Users\Angelina\Desktop\haylee.png
[2013/06/14 12:42:05 | 000,008,489 | ---- | C] () -- C:\Users\Angelina\AppData\Local\recently-used.xbel
[2013/06/13 21:17:11 | 000,165,541 | ---- | C] () -- C:\Users\Angelina\Desktop\537085_359687050797410_1524904552_n.jpg
[2013/06/12 22:42:46 | 000,048,548 | ---- | C] () -- C:\Users\Angelina\Desktop\ear_types_by_xxforestfirezxx-d67g415.png
[2013/06/12 13:40:34 | 000,239,967 | ---- | C] () -- C:\Users\Angelina\Desktop\521891_190205304464119_461054557_n.png
[2013/06/12 00:43:01 | 001,100,539 | ---- | C] () -- C:\Users\Angelina\Desktop\aww song.wma
[2013/06/12 00:34:21 | 000,476,429 | ---- | C] () -- C:\Users\Angelina\Desktop\chips.wma
[2013/06/10 22:54:49 | 000,073,744 | ---- | C] () -- C:\Users\Angelina\Desktop\woah.png
[2013/06/10 22:10:38 | 003,601,469 | ---- | C] () -- C:\Users\Angelina\Desktop\pets 2.wma
[2013/06/10 21:57:57 | 001,675,259 | ---- | C] () -- C:\Users\Angelina\Desktop\pets.wma
[2013/06/10 13:43:45 | 000,027,103 | ---- | C] () -- C:\Users\Angelina\Desktop\yup 5.png
[2013/06/10 13:41:41 | 000,027,106 | ---- | C] () -- C:\Users\Angelina\Desktop\yup 3.png
[2013/06/10 13:39:21 | 000,022,452 | ---- | C] () -- C:\Users\Angelina\Desktop\you 3.png
[2013/06/10 13:37:32 | 000,018,983 | ---- | C] () -- C:\Users\Angelina\Desktop\yup 2.png
[2013/06/10 13:36:10 | 000,016,848 | ---- | C] () -- C:\Users\Angelina\Desktop\yup.png
[2013/06/10 13:24:38 | 001,077,218 | ---- | C] () -- C:\Users\Angelina\Desktop\aww 5.png
[2013/06/10 13:23:30 | 000,623,002 | ---- | C] () -- C:\Users\Angelina\Desktop\aww 4.png
[2013/06/10 13:21:21 | 000,445,119 | ---- | C] () -- C:\Users\Angelina\Desktop\aww 3.png
[2013/06/10 13:19:30 | 000,422,763 | ---- | C] () -- C:\Users\Angelina\Desktop\aww 2.png
[2013/06/10 12:24:30 | 000,085,730 | ---- | C] () -- C:\Users\Angelina\Desktop\love.png
[2013/06/10 12:13:34 | 000,389,442 | ---- | C] () -- C:\Users\Angelina\Desktop\aww.png
[2013/06/09 22:54:05 | 000,272,223 | ---- | C] () -- C:\Users\Angelina\Desktop\adopts.png
[2013/06/09 22:25:28 | 001,306,334 | ---- | C] () -- C:\Users\Angelina\Desktop\what.png
[2013/06/09 02:22:29 | 001,325,375 | ---- | C] () -- C:\Users\Angelina\Desktop\cupcake ref.png
[2013/06/08 22:35:42 | 000,023,768 | ---- | C] () -- C:\Users\Angelina\Desktop\576836_533407150028962_292981641_n.jpg
[2013/06/08 14:16:04 | 000,000,258 | RHS- | C] () -- C:\Users\Angelina\ntuser.pol
[2012/11/18 21:15:11 | 000,017,408 | ---- | C] () -- C:\Users\Angelina\AppData\Local\WebpageIcons.db
[2012/05/29 20:01:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/29 19:40:33 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:FF9C44FE
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:54AA54AA
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B741B2C2
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:91730504
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:5CF48ABF
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:98AE08EA
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F591490A

< End of report >

Edited by Down_with_malware, 07 July 2013 - 11:31 AM.

  • 0

#21
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
OTL Extras logfile created on: 7/7/2013 10:10:48 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Angelina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.98 Gb Total Physical Memory | 4.64 Gb Available Physical Memory | 77.62% Memory free
11.96 Gb Paging File | 9.58 Gb Available in Paging File | 80.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 738.39 Gb Free Space | 80.55% Space Free | Partition Type: NTFS
Drive F: | 3.65 Gb Total Space | 3.55 Gb Free Space | 97.16% Space Free | Partition Type: FAT32

Computer Name: ANGELINA-PC | User Name: Angelina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-139958153-1293919107-277672395-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27379E37-92BC-4FFB-AE15-BD4F6CFF9BD3}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{717F39AF-10AE-4FC3-9B84-2A59E27C1B9D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B59A6AB6-6BF3-4724-AD11-C4C47B2222AF}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{BBA7A752-9641-4857-81D8-B833EF1EBBE2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D00B49A3-C863-42DB-AEE1-F0B45C272641}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{E6ACBEE2-9684-41D9-9BCF-9E17A9A11ABB}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{167BE4BB-45F1-429C-B742-63F5E6E0C730}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{1AA392DC-709F-43F0-9A11-E8DA1841829E}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{29BD777C-62D9-42F2-B0E0-C2685555D610}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{307EE635-4D14-42DD-80E8-6F1D51FD1631}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3341A63A-7EE5-442E-886C-761E7A4EBE6E}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{385A3A92-1699-4B92-A35C-8B706DD3CA17}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{3981AD78-B25E-44A6-B6A4-324ECE387B8B}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{4A380698-40B8-4477-AA89-936EEB9DD920}" = protocol=6 | dir=in | app=c:\koramgame\stonline\launcher.exe |
"{6F8FD6BA-ADD4-471D-A411-8790D4D6EB51}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{738C4D38-7154-47D1-94B6-DA2B43CECDCC}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\installerhelp.exe |
"{8AAEA279-E912-402E-97A7-A0125AC051E7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{93787CC6-9124-44ED-9659-4797E8BA0532}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{93958C2E-C888-4B1D-8707-E3D7FBB6B7F8}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremoteservice.exe |
"{948BFF61-0BF1-4F07-AEA6-7E5E4D92E7EA}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{9D547290-11F1-4405-83B3-A2AD68803FDF}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\controller.exe |
"{ABF90974-8193-4680-9528-CB8A28008151}" = protocol=6 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{ADFCE152-BF4F-41D8-806E-6D78D648B788}" = protocol=17 | dir=in | app=c:\koramgame\stonline\launcher.exe |
"{AF125BCE-0821-486C-AAA7-579682C57CFF}" = protocol=6 | dir=in | app=c:\koramgame\stonline\_launcher.exe |
"{B15EC457-4100-41C7-ABF6-A2BA1581A250}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\dmr.exe |
"{B9EDA77B-881A-4910-AEB2-A2C287D35F63}" = dir=in | app=c:\users\angelina\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{BA212E5B-118B-49B8-A761-0BA58D2D8D03}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero blu-ray player\blu-rayplayer.exe |
"{BAA765D6-5DCA-4B0A-813B-FFFC2A68DD24}" = protocol=17 | dir=in | app=c:\program files (x86)\dell\stage remote\stageremote.exe |
"{BD126B53-F724-4801-B9CB-21A606CB738A}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{C8BA389F-FF01-4B45-92D7-A33326E1CAF7}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{E67441DA-988F-4CE5-9C91-E194D3AE78B6}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E852CAF6-C449-439A-A060-DF5383199284}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{F810FEB7-9C27-441C-B180-8AF1FF2E5DA5}" = protocol=17 | dir=in | app=c:\koramgame\stonline\_launcher.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{094A1E1C-F6F9-9BC1-4F0D-8EC94A9F118D}" = ccc-utility64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{262325FE-E6AA-7D56-9071-453A374086C9}" = ATI AVIVO64 Codecs
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{66CF1DF9-1715-4325-89BC-76B1CA2EE3BE}" = Adobe Premiere Elements 11
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{82AB13D7-BDE1-D24C-B245-1A3F0C29022C}" = ATI Catalyst Install Manager
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CNXT_AUDIO_HDA" = Conexant HD Audio
"GIMP-2_is1" = GIMP 2.8.2
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MyPC Backup" = MyPC Backup
"PC-Doctor for Windows" = My Dell
"PremElem110" = Adobe Premiere Elements 11

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00082694-C740-753D-0E17-FAB8B7DFF52F}" = CCC Help Thai
"{066EA6E0-1152-714C-F2B3-10457072F542}" = CCC Help Czech
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{12F9B590-7ED9-6ED7-B41E-CB69E4147A7B}" = Catalyst Control Center Localization All
"{14FE48DA-E172-4CC5-B397-92ECA4B0E088}" = STOnline
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19DD3392-63F3-5F8B-BAFE-EF362F797E9E}" = CCC Help Hungarian
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1E98D5E9-1E56-CE9B-4198-24D185F71B8C}" = CCC Help Polish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2B9F83AE-EA8C-7FFB-6BA3-A81BCA9AE4DC}" = CCC Help Japanese
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{382F1842-0E6C-4782-B920-D96ED5165F03}" = Catalyst Control Center - Branding
"{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{458039D4-0096-9DCF-A752-70D02227F616}" = CCC Help Italian
"{46ABF416-F6DC-C213-0356-E52C0C751E03}" = CCC Help Swedish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{50218CA0-C05D-C4CE-035C-27A735750666}" = Catalyst Control Center
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52FBC497-0796-D089-BBE1-1C0642678E8C}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5DFC378F-28C5-A5B7-0798-2E2A1D60EC28}" = CCC Help Spanish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{662140BE-138C-4DC1-B4CD-B62C6C855A25}" = Pirate101
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74E5BE40-C54E-11E1-ABC3-F04DA23A5C58}" = Vegas Movie Studio HD 11.0
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78AE10E1-C54E-11E1-AC47-F04DA23A5C58}" = MSVCRT Redists
"{7B818622-DB95-B03F-E081-2796BBFA150C}" = CCC Help Chinese Standard
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D01A923-5A28-53ED-EB3C-FB6C8D80964B}" = CCC Help English
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{90FA9C66-5810-AE21-8598-704E8C299DE6}" = CCC Help Korean
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{975C9422-4A8E-82DE-238D-604778B4B431}" = CCC Help Finnish
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A3A529DA-F910-6768-EF19-A795C26FE102}" = CCC Help Chinese Traditional
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{AF4D3C63-009B-4A17-B02E-D395065DD3F0}" = Dell Stage Remote
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B614E5FA-6DA4-45A1-845C-52F870240A89}" = PRE11 STI 64Installer
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{B9AB5A97-9C85-B607-B61B-90C129BC2C6F}" = CCC Help Dutch
"{BC4A54D6-6591-4D01-AE21-C9ABAAF69D7F}" = Microsoft Expression Encoder 4
"{BE6505D6-9355-D51A-D36E-85E51AD89554}" = CCC Help Greek
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CC1D9CCB-B4E6-1575-14AE-BF0F7774A6C8}" = CCC Help French
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2DB85DC-6582-251E-FA93-EB2CF6870EF1}" = CCC Help Portuguese
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D571FEBA-938F-BCCF-FC0C-8BA4E9C06D83}" = CCC Help Norwegian
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCC41203-3F8B-9C4D-19E6-59B72E4FFB5F}" = CCC Help Russian
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECE8F1BD-62BA-A6BB-D351-2980ECE35976}" = CCC Help German
"{ED2DFB39-FED4-83A9-92B0-EDF04CD27D2B}" = Catalyst Control Center InstallProxy
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F9EC30D1-F688-4708-9850-CB5120074AAA}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{FA0E84DC-7A7F-9A73-9632-0F00FC89C421}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"BB FlashBack Express" = BB FlashBack Express
"BFGC" = Big Fish Games: Game Manager
"BFG-Puppy Luv" = Puppy Luv
"BFG-Purrfect Pet Shop" = Purrfect Pet Shop
"BFG-Ride!" = Ride!
"BFG-Super Granny 4" = Super Granny 4
"BFG-Virtual Families" = Virtual Families
"BFG-Wonder Pets Save the Puppy" = Wonder Pets Save the Puppy
"BFG-Zhu Zhu Pets" = Zhu Zhu Pets
"BFG-Zoo Vet 2 - Endangered Animals" = Zoo Vet 2: Endangered Animals
"Disney Toontown Online" = Disney Toontown Online
"Encoder_4.0.3205.0" = Microsoft Expression Encoder 4
"getsav-in" = getsav-in
"Google Chrome" = Google Chrome
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}" = Kaspersky PURE 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MixPad" = MixPad
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OpenAL" = OpenAL
"PaintToolSAI" = PaintTool SAI Ver.1
"Recordpad" = RecordPad Sound Recorder
"sl-adk" = SelectionLinks
"sl-cb" = SelectionLinks
"The Endless Forest_is1" = The Endless Forest
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"ZinioReader4" = Zinio Reader 4

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-139958153-1293919107-277672395-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for Angelina
"AOL Toolbar" = AOL Toolbar
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2013 3:09:22 AM | Computer Name = Angelina-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\Program Files (x86)\Cozi
Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
version required by the application conflicts with another component version already
active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 7/7/2013 1:06:42 PM | Computer Name = Angelina-PC | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#22
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
By the way, I restarted fire fore after I did the scans, so you know. No problems thus far.
  • 0

#23
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

So far the pop up tabs ceased and my downloads are no longer hijacked on this PC.

Good.

By the way, I restarted fire fore after I did the scans, so you know.

Not a problem.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2013/07/01 20:15:40 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions\{494C52B1-9CE9-4A5A-B18B-4EC234EA4F61}
O2:64bit: - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (no name) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - No CLSID value found.
O2 - BHO: (SelectionLinks) - {878B8524-AED5-4870-9A96-A515440DAC75} - C:\Program Files (x86)\OApps\SelectionLinks.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
@Alternate Data Stream - 225 bytes -> C:\ProgramData\Temp:FF9C44FE
@Alternate Data Stream - 207 bytes -> C:\ProgramData\Temp:54AA54AA
@Alternate Data Stream - 205 bytes -> C:\ProgramData\Temp:B741B2C2
@Alternate Data Stream - 204 bytes -> C:\ProgramData\Temp:91730504
@Alternate Data Stream - 198 bytes -> C:\ProgramData\Temp:5CF48ABF
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:98AE08EA
@Alternate Data Stream - 189 bytes -> C:\ProgramData\Temp:A6881EE7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:F591490A

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\OApps
C:\PROGRAM FILES\WEB ASSISTANT
C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl
netsh advfirewall reset /c
netsh advfirewall set allprofiles state off /c

:Reg
[-HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ MyPC Backup]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sl-cb]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sl-adk]

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click on the MBAM executable and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Check Hard Disk For Errors:

Please download the attached CHDE.bat(see below) to the desktop.



Now right-click on CHDE.bat and select Run as Administrator to run the batch file.

A blank command window will open on the desktop, then close in a few minutes. This is normal and the batch file will self-delete when completed.

A file icon named checkhd.txt should appear on the desktop. Please post the contents of this file in your next reply.

Next:

When completed the above, please post back the following in the order asked for:

  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • Check Hard Disk For Errors Log.

  • 0

#24
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
It has been very busy here. :) Here are the logs.

OTL Fix Log

All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Folder C:\Users\Angelina\AppData\Roaming\mozilla\Firefox\Profiles\oupu947a.default\extensions\{494C52B1-9CE9-4A5A-B18B-4EC234EA4F61}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{878B8524-AED5-4870-9A96-A515440DAC75}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
ADS C:\ProgramData\Temp:FF9C44FE deleted successfully.
ADS C:\ProgramData\Temp:54AA54AA deleted successfully.
ADS C:\ProgramData\Temp:B741B2C2 deleted successfully.
ADS C:\ProgramData\Temp:91730504 deleted successfully.
ADS C:\ProgramData\Temp:5CF48ABF deleted successfully.
ADS C:\ProgramData\Temp:98AE08EA deleted successfully.
ADS C:\ProgramData\Temp:A6881EE7 deleted successfully.
ADS C:\ProgramData\Temp:F591490A deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Angelina\Desktop\cmd.bat deleted successfully.
C:\Users\Angelina\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files (x86)\OApps not found.
File\Folder C:\PROGRAM FILES\WEB ASSISTANT not found.
C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl\5.0_0 folder moved successfully.
C:\Users\Angelina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl folder moved successfully.
< netsh advfirewall reset /c >
Ok.
C:\Users\Angelina\Desktop\cmd.bat deleted successfully.
C:\Users\Angelina\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state off /c >
Ok.
C:\Users\Angelina\Desktop\cmd.bat deleted successfully.
C:\Users\Angelina\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ MyPC Backup\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sl-cb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sl-adk\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Angelina
->Temp folder emptied: 95170 bytes
->Temporary Internet Files folder emptied: 4768550 bytes
->Java cache emptied: 99622 bytes
->FireFox cache emptied: 358018328 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 22271 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 811862 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42303946 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 387.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07092013_102240

Files\Folders moved on Reboot...
C:\Users\Angelina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Angelina\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Malware Bytes Log

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.09.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Angelina :: ANGELINA-PC [administrator]

Protection: Enabled

7/9/2013 10:28:16 AM
mbam-log-2013-07-09 (10-28-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 216590
Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

HDCheck Log


The type of the file system is NTFS.
Volume label is OS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
428 large file records processed.

0 bad file records processed.

0 EA records processed.

43 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
31734 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

961187839 KB total disk space.
187310368 KB in 183391 files.
98376 KB in 31735 indexes.
0 KB in bad sectors.
431803 KB in use by the system.
65536 KB occupied by the log file.
773347292 KB available on disk.

4096 bytes in each allocation unit.
240296959 total allocation units on disk.
193336823 allocation units available on disk.
  • 0

#25
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

It has been very busy here. :)

Not a problem...

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here to run the scan...

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then right click on it and select Run as Administrator to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the log file first!
  • Now click on: Posted Image
  • Use notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
  • 0

Advertisements


#26
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
How are you doing? Here are the results.


C:\FRST\Quarantine\Java.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\Player_Setup.exe multiple threats cleaned by deleting - quarantined
C:\FRST\Quarantine\setup.exe a variant of Win32/InstallCore.BY application cleaned by deleting - quarantined
C:\FRST\Quarantine\Conduit\CT3158970\Incredibar-Games_ENAutoUpdateHelper.exe Win32/Toolbar.Conduit.G application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\bin\ChromeModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\bin\cltmng.exe a variant of Win32/Conduit.SearchProtect.B application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\bin\FirefoxModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\bin\InternetExplorerModule.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\bin\SPHook32.dll probably a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\SearchProtect\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\Wajam\Wajam\IE\priam_bho.dll Win32/Wajam.A application cleaned by deleting - quarantined
C:\FRST\Quarantine\Wajam\Wajam\Updater\WajamUpdater.exe Win32/Wajam.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js Win32/Conduit.SearchProtect.A application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_1.15.15.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_1.15.2.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_sa_1.15.12.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_sa_1.15.15.0(1).exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_sa_1.15.15.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\FFCrowdstarToolbarInstaller_CDS4_tbr_sa_1.15.2.0.exe a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\SoftonicDownloader_for_painttool-sai(1).exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\Users\Angelina\Downloads\SoftonicDownloader_for_painttool-sai.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined

Edited by Down_with_malware, 11 July 2013 - 03:18 PM.

  • 0

#27
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Down_with_malware,

My name is godawgs. Dakeyras has had to step away to take care of a personal matter and has asked me to step in for him. It looks like you guys have done a lot of work here. The ESET scan you ran showed things that had already been taken care of by FRST. The rest look to be toolbars that were bundled with other software.

The last OTL fix shows that the System Restore service is not available for some reason so let's check that out.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The FSS.txt log
  • 0

#28
Down_with_malware

Down_with_malware

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 152 posts
Here you are my good sir. :)

Farbar Service Scanner Version: 13-07-2013
Ran by Angelina (administrator) on 13-07-2013 at 09:31:52
Running from "C:\Users\Angelina\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#29
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello,

Thanks for the log. The FSS log doesn't show anything amiss in the System Restore. Let's get one last OTL scan and check for any programs that may need updating.


Step-1.

Posted Image OTL Custom Scan

NOTE: There will only be one log created this time, the OTL.txt log

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.

Step-2.

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL.txt log
2. The checkup.txt log
  • 0

#30
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
My personal thanks to godawgs for the cover during my absence... :thumbsup:

--------------

@ Down_with_malware, do you still require assistance or not ? If so please carry out my colleagues prior advice/instructions when ready. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP