Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus..followed removeal instructions on geektogo...st

Started by chantelleu , Jul 31 2013 01:10 PM

  • Please log in to reply

#1
chantelleu
Posted 31 July 2013 - 01:10 PM

chantelleu

    New Member

  • Member
  • Pip
  • 6 posts
When I open my browser (google chrome) it redirects me to a page called aot.im I tried to get rid of the virus by using Avast and Maleware. It did find some sort of PUP virus that I quarantined. I used hitmanpro I used aro13. I also followed the instructions on geekstogo website on how to get rid of this virus but it didn't work. Now I am following the instructions on what to do if it didn't work : ) I just ran OTL by OldTimer and here are the results....

OTL logfile created on: 7/31/2013 2:54:21 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\chantelle\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.29% Memory free
5.50 Gb Paging File | 3.20 Gb Available in Paging File | 58.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.07 Gb Total Space | 385.91 Gb Free Space | 85.55% Space Free | Partition Type: NTFS

Computer Name: CHANTELLE-PC | User Name: chantelle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/31 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chantelle\Desktop\OTL.exe
PRC - [2013/07/29 06:43:10 | 000,168,400 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/07/29 06:42:56 | 001,558,480 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 04:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/03/17 13:17:49 | 000,132,504 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe
PRC - [2012/09/28 15:42:08 | 000,298,376 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/02/17 20:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
PRC - [2011/12/09 13:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/09/06 13:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 13:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010/02/02 01:10:14 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/02 01:10:10 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2009/11/13 18:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/15 05:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/06/24 22:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 03:37:24 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2c5c86bb5156ff508ca8045aff50a482\System.Core.ni.dll
MOD - [2013/07/11 03:37:19 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll
MOD - [2013/07/11 03:37:10 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\47c7540264ba3b75745b066de260fa90\System.Web.Services.ni.dll
MOD - [2013/07/11 03:36:51 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll
MOD - [2013/07/11 03:36:37 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/11 03:36:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/11 03:36:28 | 012,238,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll
MOD - [2013/07/11 03:36:19 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/11 03:36:14 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/11 03:36:11 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/11 03:36:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/11 03:36:01 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/05/16 11:11:14 | 000,169,304 | ---- | M] () -- C:\Program Files\Updater By SweetPacks\Extension32.dll
MOD - [2013/04/06 23:09:30 | 000,830,312 | ---- | M] () -- C:\Users\chantelle\AppData\Local\SySaver\temp.dat
MOD - [2012/02/17 20:54:46 | 001,150,464 | ---- | M] () -- C:\Program Files (x86)\WinRAR\WinRAR.exe
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/05/02 17:14:49 | 000,970,752 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/13 18:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 18:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 18:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 18:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 18:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2009/10/15 05:10:28 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/09/11 14:05:00 | 000,058,608 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll


========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 04:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/11/16 16:44:58 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/11/16 16:27:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/06/09 12:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/07/29 17:57:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/29 06:43:10 | 000,168,400 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2013/03/17 13:17:49 | 000,132,504 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/28 15:19:16 | 007,392,648 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2012/08/03 17:22:18 | 000,352,248 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/12 00:58:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 15:09:58 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 15:09:58 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 15:09:58 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 04:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 04:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/05/03 02:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/11/16 17:08:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/11/16 15:39:12 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/27 16:33:54 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 15:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010/02/18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/10/09 22:22:42 | 000,040,320 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btblan.sys -- (LeapFrog-USBLAN)
DRV:64bit: - [2009/07/25 00:23:40 | 001,224,704 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/23 02:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2006/12/12 13:29:02 | 000,097,280 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIf.sys -- (BrSerIf)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {10C41C40-F3A7-4B52-8E87-34254BD9F1DA}
IE:64bit: - HKLM\..\SearchScopes\{10C41C40-F3A7-4B52-8E87-34254BD9F1DA}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {6C1CB16F-3065-4E0F-A6D2-9264C9DE0DC0}
IE - HKLM\..\SearchScopes\{2914348B-70A7-4792-85D0-BE18E9E2E31C}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=17-06-2012

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...DC-A154A14E657E
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6C1CB16F-3065-4E0F-A6D2-9264C9DE0DC0}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...30-1A23758CFED3
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.c...n=2.5.10000.504
IE - HKCU\..\SearchScopes\{6C1CB16F-3065-4E0F-A6D2-9264C9DE0DC0}: "URL" = http://search.condui...3757364276&UM=2
IE - HKCU\..\SearchScopes\{923ec3bd-61a9-4d9e-bfb6-37e3857c40ae}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{92464B59-4AC2-4CF4-BCFD-9CD23D78E83B}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=17-06-2012
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\chantelle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\chantelle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\chantelle\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/20 14:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/20 14:46:20 | 000,000,000 | ---D | M]

[2010/10/28 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chantelle\AppData\Roaming\Mozilla\Extensions
[2010/10/28 13:10:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chantelle\AppData\Roaming\Mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Ask Search (Enabled)
CHR - default_search_provider: search_url = http://www.search.as...q={searchTerms}
CHR - default_search_provider: suggest_url = http://ss.websearch....q={searchTerms}
CHR - homepage: http://search.condui...M=2&sspv=CHNTI2
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\McChPlg.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\chantelle\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\chantelle\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\chantelle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Sammsoft Toolbar = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajkpnblldhfogjbbcnbbjniflpdej\20.50395_0\
CHR - Extension: JukeBox = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aimebakjjgcdekhjjbmkalflmnhppdlh\0.5_0\
CHR - Extension: Splendid = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_1\
CHR - Extension: YouTube = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Solid Savings = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\crossrider
CHR - Extension: Solid Savings = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cijeeimilokkhlfjombmalgpabbonmah\1.23.13_0\
CHR - Extension: Thumba = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknjefpegpoihiefochddkkakifpafhb\1.0_0\
CHR - Extension: Google Search = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SySaver = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\
CHR - Extension: avast! Online Security = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Thumba Photo Editor = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\homaefhmjlfcpiohmhmlnpfaknmibecf\2.0.0.0_0\
CHR - Extension: We-Care.com Reminder = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.34_0\
CHR - Extension: MOG Music = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgljcanfdcmdnncaneopdlcgjlkgpenj\0.9.10_0\
CHR - Extension: DefaultTab = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.19_0\
CHR - Extension: Until AM = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\kodigjkcpaoeodlnmcnekemakpnmegnk\0.203_0\
CHR - Extension: Skype Click to Call = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: InternetHelper3.1 = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nemfjadlboooiffmcelkafilagddogim\10.16.70.501_0\
CHR - Extension: Gmail = C:\Users\chantelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/07/31 14:22:03 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\chantelle\AppData\Local\SySaver\temp.dat ()
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\ARO 2013\ARO.exe (Support.com, Inc.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [limewire plus+] "C:\Program Files (x86)\Limewire Plus+\limewire.exe" -h File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - Startup: C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = File not found
O4 - Startup: C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {50647AB5-18FD-4142-82B0-5852478DD0D5} http://webeffective....torLauncher.cab (Keynote Connector Launcher 2)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1529199-7FCF-4B8A-93F1-83FE5325F4DA}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/31 14:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\chantelle\Desktop\OTL.exe
[2013/07/31 14:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon
[2013/07/31 14:34:44 | 000,000,000 | ---D | C] -- C:\Users\chantelle\Desktop\GooredFix Backups
[2013/07/31 14:22:01 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/07/31 14:21:19 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\chantelle\Desktop\OTM.exe
[2013/07/31 14:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/07/31 14:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/07/28 13:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2013/07/28 13:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2013/07/28 13:12:23 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Roaming\Sammsoft
[2013/07/28 13:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
[2013/07/28 13:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ARO 2013
[2013/07/28 13:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ARO 2013
[2013/07/28 13:11:15 | 000,489,392 | ---- | C] (Ask Partner Network) -- C:\Users\chantelle\Documents\APNSetup.exe
[2013/07/27 14:17:49 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/07/27 14:17:47 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/07/27 14:16:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/07/27 12:26:26 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\{9D35AD85-D3F4-4651-AAC6-993ADF41E53B}
[2013/07/26 12:37:27 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\Programs
[2013/07/26 10:33:14 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\{1729CFB0-F9E5-4C9A-94A6-67206911877C}
[2013/07/16 20:14:42 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SySaver
[2013/07/16 20:14:38 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\SySaver
[2013/07/16 20:14:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/07/16 20:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DefaultTab
[2013/07/16 20:13:13 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Roaming\DefaultTab
[2013/07/16 20:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2013/07/16 20:12:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2013/07/16 20:11:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InternetHelper3.1
[2013/07/16 20:11:24 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\Conduit
[2013/07/16 20:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect
[2013/07/16 20:10:56 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Roaming\SearchProtect
[2013/07/16 20:10:54 | 000,000,000 | ---D | C] -- C:\Users\chantelle\AppData\Local\CRE
[2013/07/16 19:02:03 | 000,000,000 | R--D | C] -- C:\Users\chantelle\Desktop\FB COV
[2010/02/01 11:58:19 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\chantelle\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2013/07/31 14:54:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\chantelle\Desktop\OTL.exe
[2013/07/31 14:37:05 | 002,218,636 | ---- | M] () -- C:\Users\chantelle\Desktop\tdsskiller.zip
[2013/07/31 14:35:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 14:35:49 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/31 14:28:09 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/31 14:27:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/31 14:27:43 | 2213,896,192 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/31 14:22:03 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/07/31 14:22:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/31 14:21:22 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\chantelle\Desktop\OTM.exe
[2013/07/31 14:14:57 | 000,001,106 | ---- | M] () -- C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/07/31 14:14:52 | 000,000,926 | ---- | M] () -- C:\Users\chantelle\Desktop\NTREGOPT.lnk
[2013/07/31 14:14:52 | 000,000,907 | ---- | M] () -- C:\Users\chantelle\Desktop\ERUNT.lnk
[2013/07/31 14:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/31 11:45:56 | 000,001,162 | ---- | M] () -- C:\Users\chantelle\Desktop\Get Live PC Help Now.lnk
[2013/07/28 13:12:16 | 000,001,076 | ---- | M] () -- C:\Users\chantelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2013/07/28 13:12:16 | 000,001,070 | ---- | M] () -- C:\Users\chantelle\Desktop\Check PC For Errors.lnk
[2013/07/27 14:17:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/27 14:16:25 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/26 12:37:48 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/26 10:09:46 | 000,000,842 | ---- | M] () -- C:\Users\chantelle\AppData\Local\recently-used.xbel
[2013/07/16 20:13:18 | 000,000,258 | RHS- | M] () -- C:\Users\chantelle\ntuser.pol
[2013/07/16 20:12:41 | 000,000,009 | ---- | M] () -- C:\END
[2013/07/14 02:24:39 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/13 21:15:27 | 000,001,319 | ---- | M] () -- C:\Users\Public\Desktop\Firestorm-Release.lnk
[2013/07/11 03:35:03 | 000,366,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 03:15:36 | 000,753,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 03:15:36 | 000,632,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 03:15:36 | 000,110,564 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2013/07/31 14:37:04 | 002,218,636 | ---- | C] () -- C:\Users\chantelle\Desktop\tdsskiller.zip
[2013/07/31 14:14:57 | 000,001,106 | ---- | C] () -- C:\Users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/07/31 14:14:52 | 000,000,926 | ---- | C] () -- C:\Users\chantelle\Desktop\NTREGOPT.lnk
[2013/07/31 14:14:52 | 000,000,907 | ---- | C] () -- C:\Users\chantelle\Desktop\ERUNT.lnk
[2013/07/31 11:45:56 | 000,001,162 | ---- | C] () -- C:\Users\chantelle\Desktop\Get Live PC Help Now.lnk
[2013/07/28 13:12:16 | 000,001,076 | ---- | C] () -- C:\Users\chantelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk
[2013/07/28 13:12:16 | 000,001,070 | ---- | C] () -- C:\Users\chantelle\Desktop\Check PC For Errors.lnk
[2013/07/27 14:16:25 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/07/26 12:37:48 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/26 10:09:46 | 000,000,842 | ---- | C] () -- C:\Users\chantelle\AppData\Local\recently-used.xbel
[2013/07/16 20:13:18 | 000,000,258 | RHS- | C] () -- C:\Users\chantelle\ntuser.pol
[2013/07/16 20:10:39 | 000,000,009 | ---- | C] () -- C:\END
[2013/05/28 22:11:17 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/06 15:08:33 | 000,000,153 | ---- | C] () -- C:\ProgramData\3954406.reg
[2013/02/06 15:08:33 | 000,000,063 | ---- | C] () -- C:\ProgramData\3954406.bat
[2013/02/06 15:07:59 | 095,023,320 | ---- | C] () -- C:\ProgramData\3954406.pad
[2012/11/16 16:01:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/11/16 16:01:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/09/26 19:29:23 | 000,005,120 | ---- | C] () -- C:\Users\chantelle\AppData\Local\Databases.db
[2012/04/18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/03 18:54:12 | 000,044,218 | ---- | C] () -- C:\Users\chantelle\AppData\Local\RAContactHistory.xml
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/07/09 23:11:53 | 000,012,010 | -HS- | C] () -- C:\Users\chantelle\AppData\Local\rq7p2xqf86x51s17d810138g63orst503b
[2011/07/09 23:11:53 | 000,012,010 | -HS- | C] () -- C:\ProgramData\rq7p2xqf86x51s17d810138g63orst503b
[2010/01/26 20:00:15 | 000,003,584 | ---- | C] () -- C:\Users\chantelle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 20:13:13 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\DefaultTab
[2010/03/07 12:41:04 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\Facebook
[2013/07/14 16:48:10 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\Firestorm
[2012/07/20 14:03:35 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\FrostWire
[2010/05/12 15:08:15 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\Keynote Systems
[2013/03/07 15:38:45 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\LimeWire
[2012/06/16 23:10:55 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\OpenCandy
[2010/05/02 22:35:18 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\OpenOffice.org
[2013/02/22 12:40:59 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\PCCUStubInstaller
[2011/05/24 17:11:10 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\PCDr
[2011/10/03 18:54:12 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\PeerNetworking
[2013/07/28 13:12:23 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\Sammsoft
[2013/07/16 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\SearchProtect
[2013/01/09 14:02:40 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\TechWizard
[2011/04/10 19:55:23 | 000,000,000 | ---D | M] -- C:\Users\chantelle\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
THANK YOU FOR YOUR HELP!
  • 0

Advertisements

#2
RKinner
Posted 31 July 2013 - 02:42 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/06/20 14:46:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\Program Files\Updater By SweetPacks\Firefox [2013/06/20 14:46:20 | 000,000,000 | ---D | M]
O2:64bit: - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension64.dll ()
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O2 - BHO: (ALOT Toolbar Helper) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll (Vertro)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (SySaver) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\chantelle\AppData\Local\SySaver\temp.dat ()
O2 - BHO: (Updater By SweetPacks) - {7D4F1959-3F72-49d5-8E59-F02F8AA6815D} - C:\Program Files\Updater By SweetPacks\Extension32.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (InternetHelper3.1 Toolbar) - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (ALOT Toolbar) - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll (Vertro)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InternetHelper3.1 Toolbar) - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKCU..\Run: [limewire plus+] "C:\Program Files (x86)\Limewire Plus+\limewire.exe" -h File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_18)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
[2011/07/09 23:11:53 | 000,012,010 | -HS- | C] () -- C:\Users\chantelle\AppData\Local\rq7p2xqf86x51s17d810138g63orst503b
[2011/07/09 23:11:53 | 000,012,010 | -HS- | C] () -- C:\ProgramData\rq7p2xqf86x51s17d810138g63orst503b

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
at /c
type C:\ProgramData\3954406.reg /c
type C:\ProgramData\3954406.bat /c
C:\ProgramData\3954406.reg
C:\ProgramData\3954406.bat
C:\ProgramData\3954406.pad


:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\07312013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option     Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
chantelleu
Posted 01 August 2013 - 12:24 PM

chantelleu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Ron : ) Thank you so much for replying back. Please bare with me for I know nothing about computers and im a little nervous but will be very careful to follow your instructions to the T..here is OTL log from 1st step

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults\preferences folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\defaults folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\skin folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale\en-US folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\locale folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\resources folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content\libraries folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome\content folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox\chrome folder moved successfully.
C:\Program Files\Updater By SweetPacks\Firefox folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
C:\Program Files\Updater By SweetPacks\Extension64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ deleted successfully.
C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}\ deleted successfully.
C:\Program Files (x86)\Winamp Toolbar\winamptb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}\ deleted successfully.
C:\Users\chantelle\AppData\Local\SySaver\temp.dat moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}\ not found.
C:\Program Files\Updater By SweetPacks\Extension32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}\ deleted successfully.
C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3}\ not found.
File C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7}\ deleted successfully.
C:\Program Files (x86)\alot\bin\alot.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2}\ deleted successfully.
File C:\Program Files (x86)\Winamp Toolbar\winamptb.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07CBF788-1359-421B-A4E3-5A8D041B90A3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3}\ not found.
File C:\Program Files (x86)\InternetHelper3.1\prxtbInte.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AMD AVT deleted successfully.
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\limewire plus+ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ deleted successfully.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\dssrequest\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ deleted successfully.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found.
File {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
C:\Users\chantelle\AppData\Local\rq7p2xqf86x51s17d810138g63orst503b moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< at /c >
There are no entries in the list.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< type C:\ProgramData\3954406.reg /c >
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="C:\\PROGRA~3\\3954406.bat"
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
< type C:\ProgramData\3954406.bat /c >
START "ok" rundll32.exe C:\Users\CHANTE~1\6044593.dll,M1N1 /B
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.bat deleted successfully.
C:\Users\chantelle\Desktop\Stuff regarding Virus\cmd.txt deleted successfully.
C:\ProgramData\3954406.reg moved successfully.
C:\ProgramData\3954406.bat moved successfully.
C:\ProgramData\3954406.pad moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: chantelle
->Flash cache emptied: 5219 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: chantelle
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08012013_135627

Files\Folders moved on Reboot...
File move failed. C:\Windows\SysWOW64\cmd.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Doing next step now..
  • 0

#4
chantelleu
Posted 01 August 2013 - 12:32 PM

chantelleu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
the fix button was not highlighted so I clicked save...here are the results...

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-01 14:26:42
-----------------------------
14:26:42.542 OS Version: Windows x64 6.1.7601 Service Pack 1
14:26:42.542 Number of processors: 2 586 0x602
14:26:42.542 ComputerName: CHANTELLE-PC UserName: chantelle
14:26:49.172 Initialize success
14:26:49.281 AVAST engine defs: 13080101
14:27:12.728 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
14:27:12.728 Disk 0 Vendor: ST3500418AS CC45 Size: 476940MB BusType: 3
14:27:12.821 Disk 0 MBR read successfully
14:27:12.821 Disk 0 MBR scan
14:27:12.837 Disk 0 Windows VISTA default MBR code
14:27:12.837 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
14:27:12.852 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 81920
14:27:12.868 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461899 MB offset 30801920
14:27:12.899 Disk 0 scanning C:\Windows\system32\drivers
14:27:24.896 Service scanning
14:27:43.865 Modules scanning
14:27:44.723 AVAST engine scan C:\Windows
14:27:47.361 AVAST engine scan C:\Windows\system32
14:30:32.378 AVAST engine scan C:\Windows\system32\drivers
14:30:45.238 AVAST engine scan C:\Users\chantelle
14:31:18.650 Disk 0 MBR has been saved successfully to "C:\Users\chantelle\Desktop\MBR.dat"
14:31:18.665 The log file has been saved successfully to "C:\Users\chantelle\Desktop\aswMBR.txt"
  • 0

#5
chantelleu
Posted 01 August 2013 - 01:30 PM

chantelleu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ok Im at a standstill...I disabled shields in avast but cannot find the enable resident shield box to uncheck....also I downloaded combofix and it says it detected the following real time scanner to be active and McAfee Anit virus/spyware is listed. Problem is I uninstalled that program and can't find any trace of mcafee on my computer. Like I said I know nothing about computers and im not able to fix this by myself. Please help...thanks ron!!
  • 0

#6
RKinner
Posted 01 August 2013 - 01:52 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You can try the removal tool for McAfee:

Download and Save the McAfee Removal tool
http://download.mcaf...atches/MCPR.exe
Then Right click on the tool and Run As Admin. Reboot when done.

To disable Avast just right click on the Avast ball and Avast Shields Control => Disable until computer is restarted.

IF Combofix still complains then just let it go ahead and run.
  • 0

#7
chantelleu
Posted 01 August 2013 - 02:22 PM

chantelleu

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK ran combofix here's the results....also I went to google chrome just to see and it is not redirecting me anymore...does that mean the virus is gone or should I continue with the steps....

ComboFix 13-08-01.01 - chantelle 08/01/2013 15:49:18.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1554 [GMT -4:00]
Running from: c:\users\chantelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV3VKHMX\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\DefaultTab
c:\program files (x86)\DefaultTab\DefaultTab.crx
c:\program files (x86)\DefaultTab\uid
c:\programdata\PCDr\6280\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabUninstaller.exe
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\chantelle\AppData\Roaming\Microsoft\Windows\Recent\fancy resume.doc.url
.
.
((((((((((((((((((((((((( Files Created from 2013-07-01 to 2013-08-01 )))))))))))))))))))))))))))))))
.
.
2013-08-01 20:04 . 2013-08-01 20:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-01 17:56 . 2013-08-01 17:56 -------- d-----w- C:\_OTL
2013-07-31 18:22 . 2013-07-31 18:22 -------- d-----w- C:\_OTM
2013-07-31 18:14 . 2013-07-31 18:14 -------- d-----w- c:\program files (x86)\ERUNT
2013-07-28 17:12 . 2013-07-28 17:12 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-07-28 17:12 . 2013-07-28 17:12 -------- d-----w- c:\program files (x86)\AskPartnerNetwork
2013-07-28 17:12 . 2013-07-28 17:12 -------- d-----w- c:\users\chantelle\AppData\Roaming\Sammsoft
2013-07-28 17:12 . 2013-07-28 17:12 -------- d-----w- c:\programdata\APN
2013-07-28 17:11 . 2013-07-28 17:11 -------- d-----w- c:\program files (x86)\ARO 2013
2013-07-27 18:17 . 2013-05-09 08:59 270824 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2013-07-27 18:17 . 2013-05-09 08:59 131232 ----a-w- c:\windows\system32\drivers\aswFW.sys
2013-07-26 16:37 . 2013-07-26 16:37 -------- d-----w- c:\users\chantelle\AppData\Local\Programs
2013-07-17 00:14 . 2013-08-01 17:56 -------- d-----w- c:\users\chantelle\AppData\Local\SySaver
2013-07-17 00:14 . 2013-07-17 00:16 -------- d-----w- c:\program files (x86)\MyPC Backup
2013-07-17 00:13 . 2013-08-01 19:59 -------- d-----w- c:\users\chantelle\AppData\Roaming\DefaultTab
2013-07-17 00:12 . 2013-07-26 19:22 -------- d-----w- c:\programdata\Tarma Installer
2013-07-17 00:12 . 2013-07-17 00:12 -------- d-----w- c:\program files (x86)\Conduit
2013-07-17 00:11 . 2013-08-01 17:56 -------- d-----w- c:\program files (x86)\InternetHelper3.1
2013-07-17 00:11 . 2013-07-17 00:11 -------- d-----w- c:\users\chantelle\AppData\Local\Conduit
2013-07-17 00:11 . 2013-07-17 00:11 -------- d-----w- c:\program files (x86)\SearchProtect
2013-07-17 00:10 . 2013-07-17 00:16 -------- d-----w- c:\users\chantelle\AppData\Roaming\SearchProtect
2013-07-17 00:10 . 2013-07-17 00:10 -------- d-----w- c:\users\chantelle\AppData\Local\CRE
2013-07-10 19:29 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 19:29 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 19:29 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 19:29 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 19:29 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 19:29 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 19:29 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 19:29 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 19:29 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 19:29 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 19:29 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 19:28 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 19:28 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 19:28 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:28 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 19:28 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 19:28 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 19:28 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-10 19:28 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 21:57 . 2013-02-27 18:09 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-29 21:57 . 2011-09-10 23:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-11 07:11 . 2011-09-11 17:50 78185248 ----a-w- c:\windows\system32\MRT.exe
2013-06-27 19:09 . 2013-03-22 18:35 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:09 . 2011-09-11 00:03 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:09 . 2011-09-11 00:03 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-11 21:02 . 2013-06-11 21:02 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-29 02:11 . 2013-05-29 02:11 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2013-05-27 08:58 . 2013-06-20 18:45 1447728 ----a-w- c:\windows\system32\dmwu.exe
2013-05-27 08:57 . 2013-06-20 18:45 33792 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-05-25 00:08 . 2011-03-28 22:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-23 07:05 . 2013-05-23 07:05 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-23 07:05 . 2013-05-23 07:05 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-05-23 07:05 . 2013-05-23 07:05 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-05-23 07:05 . 2013-05-23 07:05 81408 ----a-w- c:\windows\system32\icardie.dll
2013-05-23 07:05 . 2013-05-23 07:05 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-05-23 07:05 . 2013-05-23 07:05 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-05-23 07:05 . 2013-05-23 07:05 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-05-23 07:05 . 2013-05-23 07:05 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-05-23 07:05 . 2013-05-23 07:05 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-05-23 07:05 . 2013-05-23 07:05 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-05-23 07:05 . 2013-05-23 07:05 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-05-23 07:05 . 2013-05-23 07:05 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-05-23 07:05 . 2013-05-23 07:05 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-05-23 07:05 . 2013-05-23 07:05 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-05-23 07:05 . 2013-05-23 07:05 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-05-23 07:05 . 2013-05-23 07:05 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-05-23 07:05 . 2013-05-23 07:05 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-05-23 07:05 . 2013-05-23 07:05 441856 ----a-w- c:\windows\system32\html.iec
2013-05-23 07:05 . 2013-05-23 07:05 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-05-23 07:05 . 2013-05-23 07:05 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-05-23 07:05 . 2013-05-23 07:05 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-05-23 07:05 . 2013-05-23 07:05 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-23 07:05 . 2013-05-23 07:05 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-05-23 07:05 . 2013-05-23 07:05 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-05-23 07:05 . 2013-05-23 07:05 235008 ----a-w- c:\windows\system32\url.dll
2013-05-23 07:05 . 2013-05-23 07:05 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-05-23 07:05 . 2013-05-23 07:05 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-05-23 07:05 . 2013-05-23 07:05 216064 ----a-w- c:\windows\system32\msls31.dll
2013-05-23 07:05 . 2013-05-23 07:05 197120 ----a-w- c:\windows\system32\msrating.dll
2013-05-23 07:05 . 2013-05-23 07:05 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-05-23 07:05 . 2013-05-23 07:05 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-23 07:05 . 2013-05-23 07:05 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-05-23 07:05 . 2013-05-23 07:05 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-05-23 07:05 . 2013-05-23 07:05 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-23 07:05 . 2013-05-23 07:05 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-05-23 07:05 . 2013-05-23 07:05 149504 ----a-w- c:\windows\system32\occache.dll
2013-05-23 07:05 . 2013-05-23 07:05 144896 ----a-w- c:\windows\system32\wextract.exe
2013-05-23 07:05 . 2013-05-23 07:05 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-05-23 07:05 . 2013-05-23 07:05 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-05-23 07:05 . 2013-05-23 07:05 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-05-23 07:05 . 2013-05-23 07:05 13824 ----a-w- c:\windows\system32\mshta.exe
2013-05-23 07:05 . 2013-05-23 07:05 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-05-23 07:05 . 2013-05-23 07:05 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-05-23 07:05 . 2013-05-23 07:05 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-05-23 07:05 . 2013-05-23 07:05 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-05-23 07:05 . 2013-05-23 07:05 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-05-23 07:05 . 2013-05-23 07:05 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-05-23 07:05 . 2013-05-23 07:05 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-05-23 07:05 . 2013-05-23 07:05 102912 ----a-w- c:\windows\system32\inseng.dll
2013-05-13 05:51 . 2013-06-12 04:12 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 04:12 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 04:12 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 04:12 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 04:12 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 04:12 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 04:45 . 2013-06-12 04:12 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 03:43 . 2013-06-12 04:12 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:12 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 04:12 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 04:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 04:12 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-03-22 18:35 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2012-02-26 20:31 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2011-09-11 00:03 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-08-13 00:36 22600 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2013-05-09 08:59 . 2011-09-11 00:03 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2011-09-11 00:03 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2011-09-11 00:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2011-09-11 00:03 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:39 . 2013-06-12 04:12 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Driver Manager"="c:\program files (x86)\Driver Manager\Driver Manager\DriverManager.exe" [2013-05-02 3596152]
"AROReminder"="c:\program files (x86)\ARO 2013\ARO.exe" [2013-07-03 3157336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\vdeck.exe" [2009-07-28 2243584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-10-15 498160]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]
"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-11-16 641704]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616]
.
c:\users\chantelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-9-21 1316192]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GPU-Z;GPU-Z;c:\users\CHANTE~1\AppData\Local\Temp\GPU-Z.sys;c:\users\CHANTE~1\AppData\Local\Temp\GPU-Z.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]
R3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys;c:\windows\SYSNATIVE\DRIVERS\btblan.sys [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S0 aswKbd;aswKbd; [x]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys;c:\windows\SYSNATIVE\drivers\aswNdis2.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswFW;avast! TDI Firewall Driver;c:\windows\system32\drivers\aswFW.sys;c:\windows\SYSNATIVE\drivers\aswFW.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 APNMCP;Ask Update Service;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 21:23 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 21:57]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 19:28]
.
2013-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-15 19:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com/?ctid=CT3289663&octid=CT3289663&SearchSource=61&CUI=UN37901803757364276&UM=2&UP=SP80241AC3-9493-4BA7-83DC-A154A14E657E
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files (x86)\Ask.com\GenericAskToolbar.dll
URLSearchHooks-{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files (x86)\Winamp Toolbar\winamptb.dll
URLSearchHooks-{07cbf788-1359-421b-a4e3-5a8d041b90a3} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-DefaultTab - c:\users\chantelle\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-08-01 16:19:40
ComboFix-quarantined-files.txt 2013-08-01 20:19
.
Pre-Run: 412,712,296,448 bytes free
Post-Run: 412,560,613,376 bytes free
.
- - End Of File - - D23790C4883B95F40DC0C421BF81D7FA
CDB4DE4BBD714F152979DA2DCBEF57EB
  • 0

#8
RKinner
Posted 01 August 2013 - 02:59 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If the redirect is gone and you want to stop I guess it's OK.

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"c:\users\chantelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YV3VKHMX\ComboFix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.
then right click, Paste, then hit Enter.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 9 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP