Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG showing trojan threats constantly [Solved]


  • This topic is locked This topic is locked

#61
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I had to create a new profile, because when I went to delete the "Web Data" folder that was spoken of in the first option, I could not find the folder.

The picture problem: I can't insert a SD or camera card into the computer and upload the pictures, an error message always pops up and refuses to let the pictures upload. This started approximately 2-3 weeks ago I believe. But recently I've found that if I go to the pictures folder on the computer and try to view pictures that were uploaded previously, like last year for example, it lets me open the folder but in place of the picture is a windows logo. When you click on the picture it takes you to the Windows Live Photo Gallery but the screen is all white and it says "Photo Gallery can't open this photo because you do not have permission to access the file location." And it does that with all of the photos on the computer, no matter how long ago they were uploaded. The only pictures I can view are those that were saved or downloaded from the internet.

And also, I will be out of town from the 2-5th of October. And I will obviously not have access to this computer for that time frame. So assuming the computer isn't declared "clean" before the 2nd, I would like to be able to pick this back up after I return.
  • 0

Advertisements


#62
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I am assuming that tou are trying to view pictures in the C:\Users\FamilyRoom\Pictures folder, is that correct?
Can you copy one of those pictures to a different folder, like the desktop, and then see if you van view it please?

I think we are finished with everything except the viewing pictures issue. When / if we get that sorted I will get one last scan to make sure the system is clean then we will be ready to clean up.

Please answer my questions above.
  • 0

#63
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Yes, that is correct;I'm trying to go through the Family Room\Pictures folder.I have tried to copy several different pictures onto the desktop but I still was not able to view them.
  • 0

#64
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's see if there is a rouge program or remnants on the system that we haven't seen yet. If there isn't I will give you directions on how to get permissions on that folder but my research indicates that if you can't move a picture to a folder that you have permissions and then view it then the file has been corrupted and is gone. Sorry.


Run RogueKiller

NOTE: If using IE8 or better the Smartscreen Filter will need to be disabled. Directions for disabling the SmartScreen Filter in IE 8, 9 and 10 can be found: here

  • Click here to go to the RogueKiller download page.
  • Click the 64 bits (x64): download button and save the RogueKillerX64.exe file to the desktop.
  • Quit all programs and close all browsers.
  • Right click the RogueKiller icon and click Run as Administrator to run the program.
    NOTE: If this is the first time you have used the program you will need to accept the User Agreement.
  • Wait until Prescan has finished ...This may take a few minutes, especially if it is the first time you have used the program.
  • Click on Scan

    Posted Image
  • Wait for the end of the scan.
  • DO NOT delete anything at this time.
  • The report has been created on the desktop.
Please post:
All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Post the RKreport.txt log in your next reply.
  • 0

#65
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
RogueKiller V8.6.12 _x64_ [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : FamilyRoom [Admin rights]
Mode : Scan -- Date : 09/29/2013 14:29:21
| ARK || FAK || MBR |

Bad processes : 0

Registry Entries : 2
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost



MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD10 01FAES-75W7A0 SATA Disk Device +++++
--- User ---
[MBR] df9bc8f485b4effa14238177e64f5154
[BSP] 4556c1c5d7172108693fe5d86725391e : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10842 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 22286336 | Size: 942986 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: \\.\PHYSICALDRIVE1 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive2: \\.\PHYSICALDRIVE2 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive3: \\.\PHYSICALDRIVE3 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

+++++ PhysicalDrive4: \\.\PHYSICALDRIVE4 +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_09292013_142921.txt >>
  • 0

#66
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's take ownership of the Pictures folder and see if you can access it then. As we will be making changes to the registry we want to back it up first..


Step-1.

Download Tweking.com Registry Backup and Backup the Registry:

Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

  • Please download the installer for Registry Backup from one of the links below and save it to the desktop :

    Link 1 Click the Download Now button.
    Link 2 Click one of the Download buttons under Installer

    After the file has been downloaded, close the browser and all open windows
  • Right click the file and select Run as Administrator. OK any UAC prompts.
  • Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected. Click Next > then Finish
  • The GUI(graphical user interface) should open with the Backup Registry tab selected and all options checked (see the image below)
Posted Image

  • Click on Backup Now to create a backup of the Registry.
  • While the backup is being created you will see a screen similar to the one below ...

    Posted Image
  • When completed you should see a message saying something like ... Successful 12/12 Registry Files Backed Up ... (the number of files may vary)

    Posted Image
  • This means you have successfully backed up your Registry, and you can now exit out of the program.
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.
A tutorial for Registry Backup explaining the various features can be viewed here


Back Up The Registry

  • Right click the icon, click Run as Administrator and OK any UAC prompts to start the application.
  • The GUI(graphical user interface) should open with the Backup Registry tab selected and all options checked (see the image below)
Posted Image

  • Click on Backup Now to create a backup of the Registry.
  • While the backup is being created you will see a screen similar to the one below ...

    Posted Image
  • When completed you should see a message saying something like ... Successful 12/12 Registry Files Backed Up ... (the number of files may vary)

    Posted Image
  • This means you have successfully backed up your Registry, and you can now exit out of the program.
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.


Step-2.

Take Ownership of Folder

A.
  • Please download the attached Add_Take_Ownership.reg file and save it to the desktop.Attached File  Add_Take_Ownership.reg   1.74KB   33 downloads
  • Close the browser and all open windows.
  • Right click the Add_Take_Ownership.reg file and click Merge. You should get a message telling you that the file merged successfully.
  • Reboot the computer to make the changes effective.
B.
  • Click the Start Orb then click Computer. The Computer screen will open.
  • In the left column click the arrow beside OS(C:) or Windows(C:)
  • Click the arrow beside Users
  • Click the arrow beside FamilyRoom.
  • Find the Pictures folder, right click it and click Take Ownership on the context menu.
  • Reboot the computer.

Now see if you can access the Pictures folder. If you don't get the access denied message but you still can't view the photographs then the picture files are likely corrupted and thus lost.. Do the picture files have an extension like .jpg or some other image file extension?
  • 0

#67
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Still can't, thanks for trying to help me out with that problem though. Yeah the picture files are .jpg
  • 0

#68
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

Still can't, thanks for trying to help me out with that problem though. Yeah the picture files are .jpg

Sorry. That's all I can think of. When we are done here you can start a topic in the Windows Vista/7 Operating System forum and see if one of our Techs has some other ideas. Just be sure to tell them that you have already been to this forum and your system is clean. And provide a link back to this topic.

Let's get one last OTL scan. And please tell me if you have any other issues remaining.


Posted Image OTL Scan

Please re-open Posted Image on the desktop. To do that:
  • Right click the icon and click Run as Administrator.
Make sure all other windows are closed .
  • You will see a console like the one below:

    Posted Image
    Posted Image
  • At the top of the console, click the box beside Scan All Users and Include 64bit Scans
  • Make sure the Output box at the top is set to Standard Output.
  • Click the box beside LOP Check and Purity Check
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is saved in the same location as OTL.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right-click inside the forum post window then click Paste. This will paste the contents of the .txt file in the in the post window.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Tell me how the computer is running and if any other issues remain.
2. The new OTL.txt log
  • 0

#69
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 The computer is continuing to run very well. I cannot think of any remaining issues.

2 OTL logfile created on: 10/1/2013 5:03:35 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\FamilyRoom\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.69 Gb Available Physical Memory | 83.61% Memory free
16.00 Gb Paging File | 13.66 Gb Available in Paging File | 85.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920.88 Gb Total Space | 767.37 Gb Free Space | 83.33% Space Free | Partition Type: NTFS

Computer Name: FAMILYROOM-PC | User Name: FamilyRoom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/28 13:34:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\FamilyRoom\Desktop\OTL.exe
PRC - [2013/07/13 12:52:19 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/14 22:44:54 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/10/23 05:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
PRC - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010/03/10 17:26:30 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe
PRC - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/03/16 01:47:28 | 000,122,880 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonServer.exe
PRC - [2009/03/16 01:47:24 | 000,139,264 | ---- | M] () -- C:\Windows\SysWOW64\WinMsgBalloonClient.exe
PRC - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
PRC - [2009/03/16 01:47:20 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 07:36:52 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3d075c3b7d099aca217beecac1f66b4b\System.Web.Services.ni.dll
MOD - [2013/08/14 08:35:39 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
MOD - [2013/08/14 07:53:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/14 07:53:30 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/14 07:53:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/14 07:53:24 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/14 07:53:10 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/13 03:42:42 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/08/18 11:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2010/08/26 17:47:00 | 004,577,760 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2010/02/09 14:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2010/02/09 14:34:00 | 000,275,776 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.dll
MOD - [2010/02/09 14:34:00 | 000,152,896 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2010/02/09 14:34:00 | 000,095,552 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\SdbUI.dll
MOD - [2010/02/09 14:34:00 | 000,058,688 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\BalloonWindow.dll
MOD - [2010/02/09 14:34:00 | 000,017,728 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\CppUtils.dll
MOD - [2010/02/03 11:31:02 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/09/28 16:43:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/09/27 21:38:16 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/30 19:56:52 | 000,334,720 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Program Files\FileOpen\Services\FileOpenManagerSvc64.exe -- (FileOpenManagerSvc)
SRV:64bit: - [2009/06/09 10:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2013/09/19 20:13:15 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/16 12:29:40 | 003,273,088 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 10:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/23 05:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/04/22 08:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/10/22 17:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/08/30 15:36:20 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/26 17:48:00 | 000,285,152 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2010/02/24 16:42:56 | 000,386,424 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2009/09/08 13:48:24 | 000,383,544 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- c:\Program Files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe -- (AMDFusionSVC)
SRV - [2009/06/26 12:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/16 01:47:22 | 000,122,880 | ---- | M] (AMD) [Auto | Running] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/05/03 02:18:52 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\My Dell\pcdsrvc_x64.pkms -- (PCDSRVC{D3412D80-CF3B4A27-06020200}_0)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/14 07:18:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/01 19:19:00 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/01/01 19:19:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/03 15:30:42 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/27 22:21:20 | 010,697,216 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/09/27 21:12:52 | 000,460,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/04/09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV:64bit: - [2012/04/09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/08 08:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/11/06 08:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009/10/16 07:32:22 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/10/07 19:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/10/07 19:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 15:35:40 | 000,226,616 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/09 06:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/04/22 15:32:22 | 000,047,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmdLLD64.sys -- (AmdLLD64)
DRV:64bit: - [2007/01/19 18:24:24 | 000,025,312 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV:64bit: - [2006/11/01 13:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/01/28 17:46:44 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/01/28 17:46:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/06/26 11:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{295030CC-C74A-4EF6-914F-F91CBF810305}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{21A19E1F-C698-4F18-8150-EADC5C5BF1A0}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..\SearchScopes,DefaultScope = {B3E71C6A-E473-4E04-A727-EC486C8E7E5F}
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..\SearchScopes\{B3E71C6A-E473-4E04-A727-EC486C8E7E5F}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files\Musicnotes\npmusicn64.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@comrade.gamespy.com/comrade: C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.9: C:\Program Files (x86)\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.2.0.88: C:\Program Files (x86)\Musicnotes\npsibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\FamilyRoom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Users\FamilyRoom\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/07 23:19:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 01:55:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/07 23:19:09 | 000,000,000 | ---D | M]

[2011/02/07 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FamilyRoom\AppData\Roaming\Mozilla\Extensions
[2011/02/07 19:20:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\FamilyRoom\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/09/08 09:18:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\plugins\npMozCouponPrinter.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Comrade Plugin (Enabled) = C:\Program Files (x86)\GameSpy\Comrade\npcomrade.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files (x86)\Musicnotes\npmusicn.dll
CHR - plugin: ScorchPlugin (Enabled) = C:\Program Files (x86)\Musicnotes\npsibelius.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\FamilyRoom\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Users\FamilyRoom\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.12.0.13601_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\FamilyRoom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/12/29 23:51:09 | 000,000,797 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts:
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FileOpenBroker] C:\Program Files\FileOpen\Services\FileOpenBroker64.exe (FileOpen Systems Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry_EptMon] C:\Windows\SysNative\EptMon64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [RunDLLEntry_THXCfg] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Facebook Update] C:\Users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Spotify] C:\Users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000..\Run: [Spotify Web Helper] C:\Users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-3130090504-1924379729-1071845134-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2C922CD3-0950-44FE-83F9-E6F0529DBBFB}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A9C5A65-49BD-492C-9DDC-FCBB7D0C3278}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/06 00:00:03 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k:C *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/27 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/09/25 07:40:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/20 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\JRT_logs
[2013/09/20 19:07:47 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\FRST_FARBAR_logs
[2013/09/20 19:06:17 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\FSS_logslists
[2013/09/20 19:05:50 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\Adware_logslists
[2013/09/20 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\OTL_logslists
[2013/09/20 16:50:59 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/20 16:50:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2013/09/20 16:35:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/09/20 16:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/09/19 07:27:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/19 07:27:27 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/13 21:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/13 21:27:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/13 21:26:31 | 013,813,944 | ---- | C] (Microsoft Corporation) -- C:\Users\FamilyRoom\Desktop\mseinstall.exe
[2013/09/12 19:30:30 | 001,949,572 | ---- | C] (Farbar) -- C:\Users\FamilyRoom\Desktop\FRST64.exe
[2013/09/11 07:42:37 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 07:42:37 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 07:42:36 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 07:42:36 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 07:42:36 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 07:42:36 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 07:42:36 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 07:42:36 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 07:42:36 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 07:42:36 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 07:42:36 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 07:42:35 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 07:42:34 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/11 07:42:34 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 07:42:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 07:23:27 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/11 07:23:26 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/11 07:23:26 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/11 07:23:26 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/11 07:23:26 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/11 07:23:26 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/11 07:23:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/11 07:23:26 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/11 07:23:26 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/11 07:23:26 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/11 07:23:26 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/11 07:23:26 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/11 07:23:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/11 07:23:26 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/11 07:23:26 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/11 07:23:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/11 07:23:26 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:23:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:23:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 07:23:26 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/11 07:23:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:23:26 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:23:26 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 07:23:25 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/11 07:23:25 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/11 07:23:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/11 07:23:25 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/11 07:23:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:23:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:23:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/11 07:23:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/11 07:23:21 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013/09/10 20:08:23 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\AppData\Local\Avg2014
[2013/09/07 22:18:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/09/07 21:39:40 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/09/07 13:42:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/09/07 13:42:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/09/07 13:42:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/09/04 15:15:50 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/04 15:09:09 | 000,000,000 | ---D | C] -- C:\Users\FamilyRoom\Desktop\RK_Quarantine
[2013/09/04 07:31:05 | 000,110,080 | ---- | C] (Thomas Hoen - T-Tools) -- C:\Users\FamilyRoom\Desktop\BitRemover.exe
[2013/09/02 15:49:07 | 000,000,000 | ---D | C] -- C:\FRST
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\FamilyRoom\Desktop\*.tmp files -> C:\Users\FamilyRoom\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/01 16:22:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/01 16:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/01 15:43:46 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/01 15:29:25 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job
[2013/10/01 11:55:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job
[2013/09/30 21:01:01 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_FamilyRoom.job
[2013/09/30 20:24:18 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\!
[2013/09/30 19:25:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/30 19:25:31 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/30 19:18:26 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_FamilyRoom.job
[2013/09/30 19:17:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/30 19:17:45 | 2146,930,687 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/30 19:11:16 | 000,001,777 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\Add_Take_Ownership.reg
[2013/09/30 19:09:38 | 000,002,201 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/30 19:08:39 | 003,859,661 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\tweaking.com_registry_backup_setup.exe
[2013/09/30 14:55:46 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_FamilyRoom.job
[2013/09/29 14:23:44 | 003,812,352 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\RogueKillerX64.exe
[2013/09/27 16:54:06 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\b
[2013/09/27 07:08:39 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\U
[2013/09/25 07:41:01 | 000,001,981 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/24 16:38:22 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\
[2013/09/24 16:18:31 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O_
[2013/09/24 06:56:28 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\s
[2013/09/20 16:49:57 | 000,499,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/20 16:48:30 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/09/20 16:36:04 | 000,002,125 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/20 16:33:35 | 005,369,204 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/20 07:56:36 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O]
[2013/09/20 07:14:12 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O,
[2013/09/19 22:24:54 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\)i
[2013/09/19 20:13:15 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 20:13:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/19 07:31:19 | 000,891,144 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\SecurityCheck.exe
[2013/09/19 07:29:24 | 000,013,281 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\FSS.exe - Shortcut.lnk
[2013/09/19 07:27:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/13 21:28:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/13 21:26:31 | 013,813,944 | ---- | M] (Microsoft Corporation) -- C:\Users\FamilyRoom\Desktop\mseinstall.exe
[2013/09/12 19:30:31 | 001,949,572 | ---- | M] (Farbar) -- C:\Users\FamilyRoom\Desktop\FRST64.exe
[2013/09/11 07:50:08 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\9U3
[2013/09/11 07:27:48 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O$
[2013/09/11 07:24:36 | 000,001,575 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\adwcleaner (1).exe - Shortcut.lnk
[2013/09/11 07:16:49 | 000,001,466 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\JRT.exe - Shortcut.lnk
[2013/09/08 08:36:04 | 000,013,537 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\ComboFix.exe - Shortcut.lnk
[2013/09/04 14:47:26 | 000,000,512 | ---- | M] () -- C:\Users\FamilyRoom\Desktop\MBR.dat
[2013/09/04 07:31:03 | 000,110,080 | ---- | M] (Thomas Hoen - T-Tools) -- C:\Users\FamilyRoom\Desktop\BitRemover.exe
[2013/09/03 19:02:01 | 000,000,056 | ---- | M] () -- C:\Users\FamilyRoom\AppData\Roaming\WB.CFG
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Users\FamilyRoom\Desktop\*.tmp files -> C:\Users\FamilyRoom\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/30 20:24:18 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\!
[2013/09/30 19:11:15 | 000,001,777 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\Add_Take_Ownership.reg
[2013/09/30 19:09:38 | 000,002,201 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/09/30 19:08:37 | 003,859,661 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\tweaking.com_registry_backup_setup.exe
[2013/09/29 14:23:43 | 003,812,352 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\RogueKillerX64.exe
[2013/09/27 07:08:39 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\U
[2013/09/25 07:41:01 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/25 07:41:01 | 000,001,981 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/24 18:19:11 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\b
[2013/09/24 16:38:22 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\
[2013/09/24 16:18:31 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\O_
[2013/09/24 06:56:28 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\s
[2013/09/20 16:36:04 | 000,002,125 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2013/09/20 16:33:35 | 005,369,204 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2013/09/20 07:56:36 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\O]
[2013/09/20 07:14:12 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\O,
[2013/09/19 22:24:54 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\)i
[2013/09/19 07:31:13 | 000,891,144 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\SecurityCheck.exe
[2013/09/19 07:29:24 | 000,013,281 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\FSS.exe - Shortcut.lnk
[2013/09/19 07:27:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/13 21:28:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/13 21:28:07 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/11 07:50:08 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\9U3
[2013/09/11 07:27:35 | 000,047,416 | ---- | C] () -- C:\Windows\SysWow64\O$
[2013/09/11 07:24:27 | 000,001,575 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\adwcleaner (1).exe - Shortcut.lnk
[2013/09/11 07:16:12 | 000,001,466 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\JRT.exe - Shortcut.lnk
[2013/09/08 08:36:04 | 000,013,537 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\ComboFix.exe - Shortcut.lnk
[2013/09/07 13:42:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/09/07 13:42:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/09/07 13:42:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/09/07 13:42:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/09/07 13:42:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/09/04 14:47:26 | 000,000,512 | ---- | C] () -- C:\Users\FamilyRoom\Desktop\MBR.dat
[2013/09/03 19:56:17 | 000,000,396 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_FamilyRoom.job
[2013/09/03 19:56:16 | 000,000,390 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_FamilyRoom.job
[2013/09/03 19:56:15 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_FamilyRoom.job
[2013/09/03 19:02:01 | 000,000,056 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Roaming\WB.CFG
[2013/04/05 11:14:11 | 000,000,000 | ---- | C] () -- C:\Windows\setup32.INI
[2013/02/08 22:37:09 | 000,000,258 | R-S- | C] () -- C:\Users\FamilyRoom\ntuser.pol
[2013/01/24 16:32:40 | 000,230,740 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/01 17:44:06 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-FAMILYROOM-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/12/30 23:14:13 | 000,000,000 | ---- | C] () -- C:\Users\FamilyRoom\defogger_reenable
[2012/10/09 19:22:01 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2012/05/02 15:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/04/04 21:38:43 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/03/18 16:16:20 | 000,009,750 | ---- | C] () -- C:\Users\FamilyRoom\Talent_show.aup
[2012/03/18 15:35:03 | 002,541,421 | ---- | C] () -- C:\Users\FamilyRoom\Talent_show.mp3
[2012/02/14 22:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 22:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/20 14:45:17 | 000,000,292 | ---- | C] () -- C:\Windows\EReg077.dat
[2012/01/20 14:00:15 | 000,000,027 | ---- | C] () -- C:\Windows\TLCAPPS.INI
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2010/11/27 11:43:51 | 000,000,098 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\fusioncache.dat
[2010/10/29 00:49:41 | 000,007,605 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\Resmon.ResmonCfg
[2010/09/21 19:46:53 | 000,004,608 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/19 19:27:01 | 000,004,240 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\rx_audio.Cache
[2010/09/19 19:27:01 | 000,000,072 | ---- | C] () -- C:\Users\FamilyRoom\AppData\Local\rx_image32.Cache

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/16 16:36:03 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\adelantado_2_realore_bigfishgames_en
[2013/07/12 19:46:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\adelantado_big_fish_en
[2012/03/18 16:16:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Audacity
[2011/06/12 08:35:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Catalina Marketing Corp
[2010/09/05 19:56:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\CheckPoint
[2012/01/03 13:50:34 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Coby
[2012/01/12 17:20:22 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Coby Media Manager
[2011/05/14 16:31:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\CoffeeCup Software
[2012/07/15 08:44:59 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\FileOpen
[2011/12/03 20:44:07 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\FileZilla
[2011/03/18 19:26:05 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Gamelab
[2012/04/04 12:57:46 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Leadertech
[2013/03/04 16:35:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\MusicOasis
[2011/11/23 10:12:24 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Oberon Media
[2013/08/26 17:09:01 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\PCDr
[2012/02/09 21:51:20 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\PlayFirst
[2013/04/20 13:12:25 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Rovio
[2013/07/19 12:35:53 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Rovio Entertainment Ltd
[2010/09/08 00:06:30 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\SoftGrid Client
[2013/09/30 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Spotify
[2012/02/10 19:16:48 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TFS2
[2011/10/13 00:10:09 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Tific
[2011/02/07 19:20:44 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TomTom
[2010/09/07 23:06:33 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\TP
[2011/11/17 08:00:45 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Transparent
[2012/12/30 22:51:59 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\WildTangent
[2010/09/30 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\Windows Live Writer
[2012/02/04 23:13:58 | 000,000,000 | ---D | M] -- C:\Users\FamilyRoom\AppData\Roaming\ZumoDrive

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D9F6664C
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:89FC8EEB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2F5A06FD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:19C541B5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C9EC3958
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C602FACB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:02A78DF6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:298B8F0F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:241FA548
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D86B56BC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A74EDB32
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

#70
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Well look at that, some new nasties have showed up to the party. But before we deal with them I need to know if you are downloading the tools we use straight to the desktop or are you downloading some of them to a different directory, like Downloads, and then putting a shortcut link to the desktop? I ask because these shortcut links showed up in the last OTL scan:

C:\Users\FamilyRoom\Desktop\FSS.exe - Shortcut.lnk
C:\Users\FamilyRoom\Desktop\adwcleaner (1).exe - Shortcut.lnk
C:\Users\FamilyRoom\Desktop\JRT.exe - Shortcut.lnk
C:\Users\FamilyRoom\Desktop\ComboFix.exe - Shortcut.lnk
  • 0

Advertisements


#71
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I have been downloading them to the desktop to my knowledge, but before we straightened out the Google Chrome; one of the issues was it not saving any settings, including the setting that automatically downloads things directly to the desktop. So what I had been doing before we fixed the Chrome issue was going back every time I downloaded something and changing the settings, so it would go to the desktop, since the setting kept re-setting itself. So it is very possible that once or twice I downloaded things before I remembered to re-save the settings.
  • 0

#72
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Let's kill the new things that showed up in the last OTL scan.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint

:OTL
[2013/09/27 09:37:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Coupons
[2013/09/27 16:54:06 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\b
[2013/09/27 07:08:39 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\U
[2013/09/24 16:38:22 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\
[2013/09/24 16:18:31 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O_
[2013/09/24 06:56:28 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\s
[2013/09/20 07:56:36 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O]
[2013/09/20 07:14:12 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O,
[2013/09/19 22:24:54 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\)i
[2013/09/11 07:50:08 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\9U3
[2013/09/11 07:27:48 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\O$
@Alternate Data Stream - 231 bytes -> C:\ProgramData\TEMP:3C9B05C4
@Alternate Data Stream - 213 bytes -> C:\ProgramData\TEMP:60C897F3
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:D9F6664C
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:89FC8EEB
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:FF9C44FE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2F5A06FD
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:19C541B5
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C9EC3958
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C602FACB
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1F96ED45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:02A78DF6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:298B8F0F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:27F44544
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9857FAE3
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:241FA548
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D86B56BC
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A74EDB32
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Create and Run a Batch File

Please copy everything in the code box below into notepad. To do this highlight all text, then right click and click Copy.

@Echo Off
CLS
CD \
DIR /S /A:L > %USERPROFILE%\Desktop\JunctionPoints.txt
start %USERPROFILE%\Desktop\JunctionPoints.txt 
EXIT

  • Next, open Notepad, or click Start->Run and in the Open: box type notepad.exe and click OK.
  • Right click in the notepad window and click Paste, or put the cursor inside the notepad window and press the Ctrl-V keys to paste the text into notepad.
  • On the File menu, click Save
  • On the Save AS window that comes up, do the following:
    • On the left side, click the Desktop Icon. This will put "Desktop" in the Save In: box at the top.
    • At the bottom in the File Name: box type look.bat
    • In the Save as type: box, click the down arrow and click All Files(*.*)<---Very Important
    • Click Save
  • This will put a new file on the Desktop named look.bat

    The file icon will look like this: Posted Image
    Close all open windows and any open Browsers.
  • Right click the look.bat file on the desktop and click Run as Administrator and OK any UAC prompts to run the file. A command window will open briefly, then close. This is quite normal.
  • When the file has finished a text file named JunctionPoints.txt will open on the desktop.
  • Copy and Paste the contents of the JunctionPoints.txt file in your next reply.

Step-3.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The contents of the JunctionPoints.txt file
  • 0

#73
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 All processes killed
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint> in the current context!
========== OTL ==========
C:\Program Files (x86)\Coupons\Uninstall folder moved successfully.
C:\Program Files (x86)\Coupons folder moved successfully.
C:\Windows\SysWOW64\b moved successfully.
C:\Windows\SysWOW64\U moved successfully.
C:\Windows\SysWOW64\ moved successfully.
C:\Windows\SysWOW64\O_ moved successfully.
C:\Windows\SysWOW64\s moved successfully.
C:\Windows\SysWOW64\O] moved successfully.
C:\Windows\SysWOW64\O, moved successfully.
C:\Windows\SysWOW64\)i moved successfully.
C:\Windows\SysWOW64\9U3 moved successfully.
C:\Windows\SysWOW64\O$ moved successfully.
ADS C:\ProgramData\TEMP:3C9B05C4 deleted successfully.
ADS C:\ProgramData\TEMP:60C897F3 deleted successfully.
ADS C:\ProgramData\TEMP:D9F6664C deleted successfully.
ADS C:\ProgramData\TEMP:89FC8EEB deleted successfully.
ADS C:\ProgramData\TEMP:FF9C44FE deleted successfully.
ADS C:\ProgramData\TEMP:2F5A06FD deleted successfully.
ADS C:\ProgramData\TEMP:A18D1A5B deleted successfully.
ADS C:\ProgramData\TEMP:19C541B5 deleted successfully.
ADS C:\ProgramData\TEMP:C9EC3958 deleted successfully.
ADS C:\ProgramData\TEMP:C602FACB deleted successfully.
ADS C:\ProgramData\TEMP:1F96ED45 deleted successfully.
ADS C:\ProgramData\TEMP:02A78DF6 deleted successfully.
ADS C:\ProgramData\TEMP:298B8F0F deleted successfully.
ADS C:\ProgramData\TEMP:27F44544 deleted successfully.
ADS C:\ProgramData\TEMP:9857FAE3 deleted successfully.
ADS C:\ProgramData\TEMP:241FA548 deleted successfully.
ADS C:\ProgramData\TEMP:D86B56BC deleted successfully.
ADS C:\ProgramData\TEMP:A74EDB32 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FamilyRoom
->Temp folder emptied: 538927 bytes
->Temporary Internet Files folder emptied: 239949012 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 386897497 bytes
->Flash cache emptied: 184858 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10931276 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5752 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 7831661 bytes

Total Files Cleaned = 616.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10062013_201435

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_FAMILYROOM-PC$\2164 not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2kQ8fXSAxjbyBAgAA..%2526vpid%253D655%2526apid%253D180684%2526referrer%253Dhttp%25253A%25252F%25252Fads.adexchangemarket.com%25252Fshow_content[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


2 Volume in drive C is OS
Volume Serial Number is F0E0-3790

Directory of C:\

07/14/2009 01:08 AM <JUNCTION> Documents and Settings [..]
0 File(s) 0 bytes

Directory of C:\ProgramData

07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Desktop [..]
07/14/2009 01:08 AM <JUNCTION> Documents [..]
07/14/2009 01:08 AM <JUNCTION> Favorites [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes

Directory of C:\Users

07/14/2009 01:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 01:08 AM <JUNCTION> Default User [..]
0 File(s) 0 bytes

Directory of C:\Users\All Users

07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Desktop [..]
07/14/2009 01:08 AM <JUNCTION> Documents [..]
07/14/2009 01:08 AM <JUNCTION> Favorites [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes

Directory of C:\Users\Default

07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> Cookies [..]
07/14/2009 01:08 AM <JUNCTION> Local Settings [..]
07/14/2009 01:08 AM <JUNCTION> My Documents [..]
07/14/2009 01:08 AM <JUNCTION> NetHood [..]
07/14/2009 01:08 AM <JUNCTION> PrintHood [..]
07/14/2009 01:08 AM <JUNCTION> Recent [..]
07/14/2009 01:08 AM <JUNCTION> SendTo [..]
07/14/2009 01:08 AM <JUNCTION> Start Menu [..]
07/14/2009 01:08 AM <JUNCTION> Templates [..]
0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

07/14/2009 01:08 AM <JUNCTION> Application Data [..]
07/14/2009 01:08 AM <JUNCTION> History [..]
07/14/2009 01:08 AM <JUNCTION> Temporary Internet Files [..]
0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

07/14/2009 01:08 AM <JUNCTION> My Music [..]
07/14/2009 01:08 AM <JUNCTION> My Pictures [..]
07/14/2009 01:08 AM <JUNCTION> My Videos [..]
0 File(s) 0 bytes

Directory of C:\Users\FamilyRoom

09/04/2010 10:26 PM <JUNCTION> Application Data [C:\Users\FamilyRoom\AppData\Roaming]
09/04/2010 10:26 PM <JUNCTION> Cookies [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Cookies]
09/04/2010 10:26 PM <JUNCTION> Local Settings [C:\Users\FamilyRoom\AppData\Local]
09/04/2010 10:26 PM <JUNCTION> My Documents [C:\Users\FamilyRoom\Documents]
09/04/2010 10:26 PM <JUNCTION> NetHood [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/04/2010 10:26 PM <JUNCTION> PrintHood [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/04/2010 10:26 PM <JUNCTION> Recent [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Recent]
09/04/2010 10:26 PM <JUNCTION> SendTo [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\SendTo]
09/04/2010 10:26 PM <JUNCTION> Start Menu [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Start Menu]
09/04/2010 10:26 PM <JUNCTION> Templates [C:\Users\FamilyRoom\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes

Directory of C:\Users\FamilyRoom\AppData\Local

09/04/2010 10:26 PM <JUNCTION> Application Data [C:\Users\FamilyRoom\AppData\Local]
09/04/2010 10:26 PM <JUNCTION> History [C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\History]
09/04/2010 10:26 PM <JUNCTION> Temporary Internet Files [C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Directory of C:\Users\FamilyRoom\AppData\LocalLow

09/18/2010 01:21 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes

Directory of C:\Users\FamilyRoom\Documents

09/04/2010 10:26 PM <JUNCTION> My Music [C:\Users\FamilyRoom\Music]
09/04/2010 10:26 PM <JUNCTION> My Pictures [C:\Users\FamilyRoom\Pictures]
09/04/2010 10:26 PM <JUNCTION> My Videos [C:\Users\FamilyRoom\Videos]
0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

07/14/2009 01:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 01:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 01:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile

08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
08/30/2010 03:34 PM <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
08/30/2010 03:34 PM <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local

08/30/2010 03:34 PM <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
08/30/2010 03:34 PM <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
08/30/2010 03:34 PM <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
57 Dir(s) 832,699,281,408 bytes free
  • 0

#74
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi there. I missed a file that we need to delete. Then I want to try to get Combofix to run one last time.

Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
[2013/09/30 20:24:18 | 000,047,416 | ---- | M] () -- C:\Windows\SysWow64\!

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Please delete the ComboFix.exe file that is on the dekstop. We will download a fresh copy and see if the tool will run.


Step-3.

Posted Image Run ComboFix
***Read through this entire procedure and if you have any questions, please ask them before you begin. Then either print out, or copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.***

If you have a previous version of Combofix.exe, delete it and download a fresh copy.

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications before downloading ComboFix. This is usually done via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

Download ComboFix from one of the following locations:

Link 1
Link 2

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image
  • ComboFix will then extract it's files before beginning the scan.

    Posted Image
  • When the scan begins you will see a window like the image below. Although the program states that the scan typically doesn't take more than 10 minutes there are 50 stages or so that it goes through. On a severely infected machine it can take much longer so please be patient.

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If you recieve an error "Illegal operation attempted on a registry key that has been marked for deletion". Please restart the computer. That will cure it.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix Should Not be used unless requested by a forum helper

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Don't forget to reenable your Anti-Virus


Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. The OTL fixes log
2. The ComboFix.txt log
  • 0

#75
k_barta2005

k_barta2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
1 All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
C:\Windows\SysWOW64\! moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: FamilyRoom
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 148636916 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 64105541 bytes
->Flash cache emptied: 10371 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81604 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 5624 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 203.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10072013_182450

Files\Folders moved on Reboot...
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_BD43FA56-D4CA-47C1-BB2D-B476502EB791.0\C0145762. not found!
File\Folder C:\Users\FamilyRoom\AppData\Local\Temp\OICE_7F1630B9-40CC-40EF-80D3-C93E2647413E.0\809095A5. not found!
C:\Users\FamilyRoom\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_FAMILYROOM-PC$\1572 not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\%252F%253Fcid%253D62000.0001%2526utm_source%253D65687978_570033_272950_114486_2684_27264%2526utm_medium%253Dcpc%2526utm_campaign%253DEducation[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2kQ8fXSAxjbyBAgAA..%2526vpid%253D655%2526apid%253D180684%2526referrer%253Dhttp%25253A%25252F%25252Fads.adexchangemarket.com%25252Fshow_content[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3A%252F%252Fwww.chinaflix.com%252Fvideoplayer_movie.php%253Fpid%253D162%2526utm_source%253DADK%2526utm_medium%253DCPC%2526utm_campaign%253DADK[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\fpr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D8193319%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\pr%253De21b4e72bc680e3344d28e64925538e4%2526width%253D728%2526height%253D90%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[10].js not found!
File\Folder C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\r%253De21b4e72bc680e3344d28e64925538e4%2526width%253D300%2526height%253D250%2526informer%253D10424111%2526uri%253Dhttp%253A%252F%252Fwww.lijit[11].js not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

2
ComboFix 13-10-04.02 - FamilyRoom 10/07/2013 19:20:36.3.6 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6343 [GMT -4:00]
Running from: c:\users\FamilyRoom\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6308\AddOnDownloaded\0779eca6-695c-444d-8ef3-6621f5a112ee.dll
c:\programdata\PCDr\6308\AddOnDownloaded\244ec244-34e7-4b04-85aa-c16ea08f2533.dll
c:\programdata\PCDr\6308\AddOnDownloaded\3df85ce4-1732-4e9b-9fee-111cf95d7191.dll
c:\programdata\PCDr\6308\AddOnDownloaded\5ec8c7eb-8ac7-4252-bb47-87f22e27e4a9.dll
c:\programdata\PCDr\6308\AddOnDownloaded\646d4422-eb1f-4e32-8b16-f32fc711fbc0.dll
c:\programdata\PCDr\6308\AddOnDownloaded\aa7c4756-0f94-474f-8589-eb1b0e71c93b.dll
c:\programdata\PCDr\6308\AddOnDownloaded\ad245130-e9e2-4a7e-8912-a540560daf66.dll
c:\programdata\PCDr\6308\AddOnDownloaded\f39d056b-fbf9-40c5-806d-7d93eacdc251.dll
c:\windows\SysWow64\g
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2013-09-07 to 2013-10-07 )))))))))))))))))))))))))))))))
.
.
2013-10-07 23:26 . 2013-10-07 23:26 -------- d-----w- c:\users\FamilyRoom\AppData\Local\temp
2013-10-07 23:26 . 2013-10-07 23:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 00:09 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A0A49983-93D0-400D-9897-4EF2EFCEDF87}\mpengine.dll
2013-10-05 23:12 . 2013-09-05 05:32 9694160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-25 11:40 . 2013-09-25 11:40 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-09-20 20:50 . 2013-09-20 20:55 -------- d-----w- c:\windows\system32\catroot2
2013-09-20 20:35 . 2013-09-30 23:09 -------- d-----w- c:\program files (x86)\Tweaking.com
2013-09-19 11:27 . 2013-04-04 18:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-09-14 01:29 . 2013-09-14 01:29 965008 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C76939ED-6626-4EE0-AD65-F671A0EC6EE0}\gapaengine.dll
2013-09-14 01:27 . 2013-09-14 01:27 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-09-14 01:27 . 2013-09-14 01:28 -------- d-----w- c:\program files\Microsoft Security Client
2013-09-11 11:23 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys
2013-09-11 00:08 . 2013-09-11 00:08 -------- d-----w- c:\users\FamilyRoom\AppData\Local\Avg2014
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 20:48 . 2013-01-01 21:45 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-09-20 00:13 . 2012-04-20 21:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-20 00:13 . 2012-04-20 21:04 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-11 11:39 . 2010-09-18 04:33 79143768 ----a-w- c:\windows\system32\MRT.exe
2013-08-03 00:48 . 2013-08-03 00:44 652160 ----a-w- c:\windows\couponprinter_x64.ocx
2013-08-02 01:48 . 2013-09-11 11:23 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-13 22:00 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-13 22:00 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-13 22:00 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-13 22:00 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify Web Helper"="c:\users\FamilyRoom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-13 1104384]
"Facebook Update"="c:\users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-10-09 138096]
"Spotify"="c:\users\FamilyRoom\AppData\Roaming\Spotify\spotify.exe" [2013-07-13 4640768]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-11-15 296096]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
NETGEAR WNA3100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2012-4-4 4577760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [x]
R3 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys;c:\windows\SYSNATIVE\DRIVERS\ahcix64s.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 PCDSRVC{D3412D80-CF3B4A27-06020200}_0;PCDSRVC{D3412D80-CF3B4A27-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\my dell\pcdsrvc_x64.pkms;c:\program files\my dell\pcdsrvc_x64.pkms [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys;c:\windows\SYSNATIVE\drivers\ElRawDsk.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [x]
S2 AMDFusionSVC;AMD Fusion Utility Service;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe;c:\program files (x86)\AMD\AMD Fusion Utility for Desktops\FusionSVC.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe;c:\program files\Dell\DellDock\DockLogin.exe [x]
S2 FileOpenManagerSvc;FileOpen Manager Service;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe;c:\program files\FileOpen\Services\FileOpenManagerSvc64.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe;c:\program files\Common Files\Motive\McciCMService.exe [x]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys;c:\windows\SYSNATIVE\DRIVERS\PDFsFilter.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AmdLLD64;AMD Low Level Device Driver;c:\windows\system32\DRIVERS\AmdLLD64.sys;c:\windows\SYSNATIVE\DRIVERS\AmdLLD64.sys [x]
S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;c:\windows\system32\DRIVERS\bcmwlhigh664.sys;c:\windows\SYSNATIVE\DRIVERS\bcmwlhigh664.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C525(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - FileOpenWebPublisherScreenHookDriver
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-03 22:23 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 00:13]
.
2013-10-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000Core.job
- c:\users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-09 15:50]
.
2013-10-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3130090504-1924379729-1071845134-1000UA.job
- c:\users\FamilyRoom\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-09 15:50]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 23:26]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-12 23:26]
.
2013-10-06 c:\windows\Tasks\ReclaimerUpdateFiles_FamilyRoom.job
- c:\users\FamilyRoom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-03 20:55]
.
2013-10-07 c:\windows\Tasks\ReclaimerUpdateXML_FamilyRoom.job
- c:\users\FamilyRoom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-03 20:55]
.
2013-10-07 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_FamilyRoom.job
- c:\users\FamilyRoom\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-03 20:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-18 9608224]
"RunDLLEntry_THXCfg"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"RunDLLEntry_EptMon"="c:\windows\system32\EptMon64.dll" [2009-10-15 21504]
"FileOpenBroker"="c:\program files\FileOpen\Services\FileOpenBroker64.exe" [2012-04-30 1086848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-07-19 1356240]
.
------- Supplementary Scan -------
.
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-AMP
SafeBoot-AMPSE
SafeBoot-ioloSystemService
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-vseamps
SafeBoot-vsedsps
SafeBoot-vseqrts
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-Ad-Aware Browsing Protection - c:\programdata\Ad-Aware Browsing Protection\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-Scooby-Doo™, Jinx At The Sphinx™ - c:\program files (x86)\The Learning Company\Scooby-Doo™
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\PCDSRVC{D3412D80-CF3B4A27-06020200}_0]
"ImagePath"="\??\c:\program files\my dell\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:12,24,15,61,87,2a,ce,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Completion time: 2013-10-07 19:50:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-07 23:50
.
Pre-Run: 832,658,804,736 bytes free
Post-Run: 832,251,199,488 bytes free
.
- - End Of File - - BF8B87FAE6657F907D478A5E066C70B6


The computer is still running well, and I am thoroughly surprised to find that I am able to view all of my pictures again! I decided to try to view them again after I ran ComboFix and I found that they are now able to be viewed; so thank you! I do not know of any other remaining issues.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP