Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

SweetIM or other malware [Closed]

Started by rfair404 , Oct 23 2013 01:44 PM

  • This topic is locked This topic is locked

#1
rfair404
Posted 23 October 2013 - 01:44 PM

rfair404

    New Member

  • Member
  • Pip
  • 4 posts
I've been trying to take malware off of this computer for a while. I can remove most everything with malwarebytes but I'm afraid that I'm not getting to the root of the issue because it slows down again after a few weeks.

OTL logfile created on: 10/23/2013 3:36:39 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\antimalware\win
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.80 Gb Total Physical Memory | 6.14 Gb Available Physical Memory | 78.70% Memory free
15.60 Gb Paging File | 13.57 Gb Available in Paging File | 86.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.22 Gb Total Space | 785.28 Gb Free Space | 84.33% Space Free | Partition Type: NTFS
Drive F: | 1397.26 Gb Total Space | 1081.18 Gb Free Space | 77.38% Space Free | Partition Type: NTFS
Drive G: | 3.84 Gb Total Space | 2.10 Gb Free Space | 54.83% Space Free | Partition Type: FAT32

Computer Name: PARKTEVERN-PC | User Name: Terry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/08 20:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/10/01 08:14:39 | 012,631,904 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
PRC - [2013/10/01 08:05:43 | 000,195,936 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
PRC - [2013/08/16 00:37:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\antimalware\win\OTL.exe
PRC - [2013/06/04 21:32:30 | 000,559,072 | ---- | M] (Panda Security International) -- C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe
PRC - [2013/05/30 15:48:46 | 001,253,912 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/03/13 06:26:52 | 003,845,464 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2tray.exe
PRC - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe
PRC - [2013/03/13 06:26:50 | 002,511,192 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2pre.exe
PRC - [2013/03/13 06:26:46 | 002,613,080 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\GoToMyPC\g2comm.exe
PRC - [2013/02/05 16:18:22 | 001,065,480 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/01/08 18:32:22 | 000,436,040 | ---- | M] (Pervasive Software Inc.) -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe
PRC - [2012/12/14 17:18:50 | 001,481,200 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
PRC - [2012/12/14 15:26:06 | 000,887,352 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2012/12/14 15:24:56 | 000,383,544 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2012/12/12 14:37:10 | 000,054,320 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
PRC - [2012/09/23 20:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
PRC - [2012/09/20 22:56:34 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe
PRC - [2012/09/20 22:56:32 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe
PRC - [2012/09/20 22:32:42 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/10 03:30:36 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll
MOD - [2013/10/08 20:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 20:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 20:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 20:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 20:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/08/15 09:13:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 09:13:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/11 03:26:34 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/09/06 18:52:46 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/05 16:05:34 | 007,564,808 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2011/11/09 17:38:06 | 000,189,608 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/01 08:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/10 14:46:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/27 09:41:39 | 000,117,656 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/15 10:10:08 | 001,643,184 | ---- | M] (AVG Secure Search) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
SRV - [2013/06/04 21:32:30 | 000,559,072 | ---- | M] (Panda Security International) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WaAgent\WAHost\WAHost.exe -- (WAHost)
SRV - [2013/06/04 14:25:50 | 000,329,216 | R--- | M] (Sage Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Sage\Peachtree\SmartPostingService2014.exe -- (Sage 50 SmartPosting 2014)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/03/13 06:26:52 | 001,319,768 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2013/02/06 05:58:26 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Users\Terry\AppData\Local\Temp\7zS7E16\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2013/01/08 18:32:22 | 000,436,040 | ---- | M] (Pervasive Software Inc.) [Auto | Running] -- C:\Program Files (x86)\Pervasive Software\PSQL\bin\w3dbsmgr.exe -- (psqlWGE)
SRV - [2012/09/20 22:56:34 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSUAService.exe -- (PSUAService)
SRV - [2012/09/20 22:32:42 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\WAC\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/01/20 08:11:18 | 002,594,584 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/01/20 08:11:14 | 000,325,912 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/08/16 00:41:08 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2013/08/15 20:18:38 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/08/15 10:10:08 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/13 06:15:48 | 000,034,048 | ---- | M] (Citrix Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\monblanking.sys -- (monblanking)
DRV:64bit: - [2013/01/29 18:15:04 | 000,050,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/12/05 16:23:34 | 000,098,888 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2012/11/26 18:05:24 | 000,075,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/10/22 20:30:04 | 000,266,752 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PaniniUSB.sys -- (PaniniUSB)
DRV:64bit: - [2012/09/27 18:07:08 | 000,105,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNStlsc.sys -- (NNSTLSC)
DRV:64bit: - [2012/09/20 22:37:12 | 000,134,184 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)
DRV:64bit: - [2012/09/20 22:36:36 | 000,205,352 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)
DRV:64bit: - [2012/09/20 22:36:36 | 000,168,488 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)
DRV:64bit: - [2012/09/20 22:36:36 | 000,124,456 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)
DRV:64bit: - [2012/09/20 22:36:36 | 000,120,872 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)
DRV:64bit: - [2012/09/18 19:13:00 | 000,290,344 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSStrm.sys -- (NNSSTRM)
DRV:64bit: - [2012/09/18 19:12:58 | 000,397,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSProt.sys -- (NNSPROT)
DRV:64bit: - [2012/09/18 19:12:58 | 000,150,568 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPrv.sys -- (NNSPRV)
DRV:64bit: - [2012/09/18 19:12:58 | 000,139,304 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPop3.sys -- (NNSPOP3)
DRV:64bit: - [2012/09/18 19:12:58 | 000,135,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV:64bit: - [2012/09/18 19:12:56 | 000,154,152 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSIds.sys -- (NNSIDS)
DRV:64bit: - [2012/09/18 19:12:56 | 000,136,232 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSHttp.sys -- (NNSHTTP)
DRV:64bit: - [2012/09/18 19:12:56 | 000,134,696 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSpicc.sys -- (NNSPICC)
DRV:64bit: - [2012/09/18 19:12:56 | 000,083,496 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV:64bit: - [2012/09/18 19:12:54 | 000,127,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSAlpc.sys -- (NNSALPC)
DRV:64bit: - [2012/09/11 15:42:44 | 000,105,776 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dvctprov.sys -- (dvctprov)
DRV:64bit: - [2012/09/11 15:42:20 | 000,050,656 | ---- | M] (Panda Security, S.L.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PSINDvct.sys -- (PSINDvct)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/16 12:56:52 | 000,033,320 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV:64bit: - [2012/03/15 20:57:28 | 000,514,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/02 02:43:00 | 000,509,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/06 04:23:10 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/09 16:27:18 | 000,032,936 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iqvw64e.sys -- (NAL)
DRV:64bit: - [2011/10/25 09:57:38 | 000,213,504 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/10/25 09:57:38 | 000,096,768 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 18:05:04 | 000,057,928 | ---- | M] (Panda Security) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PSKMAD.sys -- (PSKMAD)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/11/16 07:45:24 | 000,042,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2)
DRV:64bit: - [2009/11/16 07:45:20 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/10/22 20:30:04 | 000,266,752 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PaniniUSB.sys -- (PaniniUSB)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://chaseonline....ure/LogOff.aspx
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://securedsearch...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.5.0.2
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:3.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Citrix.com/npican: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011/01/26 15:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/05/29 14:49:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/08/15 10:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/10 11:22:26 | 000,000,000 | ---D | M]

[2013/05/02 09:42:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Extensions
[2013/10/23 13:00:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions
[2013/10/23 12:15:32 | 000,000,000 | ---D | M] ("Plus-HD-1.6") -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
[2013/06/24 09:43:05 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\tidynetwork@tidynetwork
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\plugins
[2013/10/23 12:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com\extensionData\userCode
[2013/06/24 09:42:49 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/01 10:39:32 | 000,001,793 | ---- | M] () -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\searchplugins\Bing.xml
[2013/06/24 09:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/24 09:43:01 | 000,000,000 | ---D | M] (Unit Layers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2013/08/27 09:41:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/27 09:41:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/29 14:49:22 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/08/15 10:11:18 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\15.5.0.2
File not found (No name found) -- C:\USERS\TERRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K690H04N.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[2013/08/08 13:47:04 | 000,000,644 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013/08/15 10:11:18 | 000,003,697 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://google.com/
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\crossrider
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.25.81_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkgoipeflibinmadcecedifdonakgalk\2.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.5.0.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\1.1.5_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\2.0.2_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogokenmicnjdfhmhocanoemnddmpcjjm\2.0.4_0\
CHR - Extension: No name found = C:\Users\Terry\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Plus-HD-1.6) - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll File not found
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [PeachtreePrefetcher.exe] C:\Program Files (x86)\Sage\Peachtree\PeachtreePrefetcher.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files (x86)\Panda Security\WAC\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe (Hewlett-Packard)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: chase.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([chaseonline] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([payments] https in Trusted sites)
O15 - HKCU\..Trusted Domains: chase.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012-admin] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sharepoint.com ([parktavern2012-my] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_45)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1B14B96-5B3B-4218-8EB7-E460B4A4805C}: DhcpNameServer = 8.8.8.8 8.8.4.4
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica; charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=euc-jp - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=ISO-8859-1 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS936 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS949 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=MS950 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF8 - No CLSID value found
O18:64bit: - Protocol\Filter\application/x-ica;charset=UTF-8 - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - AppInit_DLLs: (c:\progra~2\citrix\icacli~1\rshook.dll) - c:\Program Files (x86)\Citrix\ICA Client\RSHook.dll (Citrix Systems, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Security Packages - (msoidssp) - C:\Windows\SysNative\msoidssp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (msoidssp) - C:\Windows\SysWow64\msoidssp.dll (Microsoft Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/11 02:34:24 | 000,000,162 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/23 12:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/10/23 12:16:06 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Programs
[2013/10/23 12:15:43 | 010,201,544 | ---- | C] (SurfRight B.V.) -- C:\Users\Terry\Desktop\HitmanPro_x64.exe
[2013/10/23 12:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/10/23 12:13:44 | 000,000,000 | ---D | C] -- C:\SpybotPortable
[2013/10/23 12:05:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/10/18 17:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
[2013/10/18 17:01:20 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\TeamViewer
[2013/10/18 16:58:12 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Oracle
[2013/10/18 16:57:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/18 16:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/18 16:57:13 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/18 16:57:10 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/18 16:57:10 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/18 16:57:10 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/18 16:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/10 03:29:40 | 000,057,928 | ---- | C] (Panda Security) -- C:\Windows\SysNative\drivers\PSKMAD.sys
[2013/10/09 18:48:37 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\ICAClient
[2013/10/09 18:48:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Citrix
[2013/10/09 18:48:21 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Local\Citrix
[2013/10/09 18:48:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Citrix
[2013/10/09 14:12:22 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/09 14:12:19 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/09 14:12:19 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/09 14:12:19 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2013/10/09 14:12:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2013/10/09 14:12:19 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/09 14:12:19 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2013/10/09 14:12:19 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2013/10/09 14:12:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2013/10/09 14:12:17 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys
[2013/10/09 14:12:17 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/09 14:12:16 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2013/10/09 14:12:14 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/09 14:12:14 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/09 14:12:14 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/09 14:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/09 14:12:13 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/09 14:12:13 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/09 14:12:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/09 14:12:07 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/10/09 14:12:06 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/10/09 14:12:06 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/10/09 14:12:06 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/10/09 14:12:06 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2013/10/09 14:12:06 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2013/10/09 14:12:06 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2013/10/09 14:12:06 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/10/09 14:12:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/10/09 14:12:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/10/09 14:12:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/10/09 14:12:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/10/09 14:12:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/10/09 14:12:02 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:12:02 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/09 14:12:01 | 000,461,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\scavengeui.dll
[2013/10/09 14:12:00 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/09 14:12:00 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/08 09:39:50 | 000,000,000 | R--D | C] -- C:\Users\Terry\Documents\HP Photo Creations
[2013/10/08 09:39:50 | 000,000,000 | ---D | C] -- C:\Users\Terry\AppData\Roaming\Visan
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Visan
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Photo Creations
[2013/10/08 09:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP Photo Creations
[2013/10/07 15:34:16 | 000,000,000 | ---D | C] -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt_files
[2013/09/24 04:05:55 | 000,911,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/24 04:05:55 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/24 04:05:55 | 000,609,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/09/17 15:11:48 | 012,556,224 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Terry\gosetup.exe

========== Files - Modified Within 30 Days ==========

[2013/10/23 15:40:25 | 000,780,690 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/23 15:40:25 | 000,661,058 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/23 15:40:25 | 000,121,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/23 15:36:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/10/23 15:35:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 15:35:43 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
[2013/10/23 15:34:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/23 15:34:27 | 1988,087,807 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/23 14:55:54 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 14:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/23 13:33:28 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 13:33:28 | 000,032,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 12:16:34 | 010,201,544 | ---- | M] (SurfRight B.V.) -- C:\Users\Terry\Desktop\HitmanPro_x64.exe
[2013/10/23 12:07:53 | 000,007,602 | ---- | M] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2013/10/23 12:04:32 | 000,087,462 | ---- | M] () -- C:\Users\Terry\Documents\cc_20131023_120429.reg
[2013/10/22 10:51:32 | 000,061,193 | ---- | M] () -- C:\Users\Terry\Documents\Santa Tom and Mrs. Terry Claus.png
[2013/10/22 10:38:38 | 000,188,419 | ---- | M] () -- C:\Users\Terry\Desktop\High Res Santa Closeup with Sack482.tif
[2013/10/22 10:28:05 | 000,506,442 | ---- | M] () -- C:\Users\Terry\Desktop\SWEET_TEA_RIDER.pdf
[2013/10/22 10:27:10 | 000,139,674 | ---- | M] () -- C:\Users\Terry\Desktop\ED ROLAND & THE SWEET TEA PROJECT - Nov 02 2013 - Private Residence _ Michael Robison - Atlanta, GA - Contract.pdf
[2013/10/21 15:18:38 | 000,039,734 | ---- | M] () -- C:\Users\Terry\Documents\Scan0005.rtf
[2013/10/18 17:09:07 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\Panda Cloud Office Protection Distribution Tool.lnk
[2013/10/18 15:30:11 | 000,030,167 | ---- | M] () -- C:\Users\Terry\Documents\Scan0004.rtf
[2013/10/18 13:21:56 | 002,509,707 | ---- | M] () -- C:\Users\Terry\Documents\Scan0222.pdf
[2013/10/18 10:35:53 | 002,063,806 | ---- | M] () -- C:\Users\Terry\Desktop\Piedmont Room Sconce.JPG
[2013/10/16 17:41:36 | 000,299,449 | ---- | M] () -- C:\Users\Terry\Desktop\Chick-fil-A Receipt from Oct 14, 2013.pdf
[2013/10/16 17:41:03 | 000,295,092 | ---- | M] () -- C:\Users\Terry\Documents\Scan0221.pdf
[2013/10/16 16:50:16 | 000,184,228 | ---- | M] () -- C:\Users\Terry\Desktop\Receipts for Rachel Paccione from Oct 9, 2013.pdf
[2013/10/16 16:48:24 | 000,220,559 | ---- | M] () -- C:\Users\Terry\Documents\Scan0019.jpg
[2013/10/16 12:22:56 | 002,560,946 | ---- | M] () -- C:\Users\Terry\Documents\Scan0220.pdf
[2013/10/15 12:52:53 | 000,542,425 | ---- | M] () -- C:\Users\Terry\Documents\Scan0219.pdf
[2013/10/15 11:14:29 | 000,577,319 | ---- | M] () -- C:\Users\Terry\Desktop\Wynalda CC Auth Oct 15, 2013.pdf
[2013/10/15 11:13:44 | 000,573,001 | ---- | M] () -- C:\Users\Terry\Documents\Scan0218.pdf
[2013/10/15 09:35:01 | 000,011,370 | ---- | M] () -- C:\Users\Terry\Desktop\Home Depot Gate.pdf
[2013/10/14 10:35:43 | 000,108,034 | ---- | M] () -- C:\Users\Terry\Desktop\Santa Tom and Mrs. Terry Claus.png
[2013/10/14 09:38:20 | 000,004,891 | ---- | M] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013-a.jpg
[2013/10/14 09:29:48 | 000,005,870 | ---- | M] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013.jpg
[2013/10/11 16:59:04 | 000,435,208 | ---- | M] () -- C:\Users\Terry\Documents\Scan0217.pdf
[2013/10/11 14:13:43 | 000,261,063 | ---- | M] () -- C:\Users\Terry\Documents\Scan0216.pdf
[2013/10/11 10:22:28 | 000,340,278 | ---- | M] () -- C:\Users\Terry\Desktop\WC Dec Page.pdf
[2013/10/11 10:22:06 | 000,335,921 | ---- | M] () -- C:\Users\Terry\Documents\Scan0215.pdf
[2013/10/10 16:27:58 | 000,000,000 | ---- | M] () -- C:\Users\Terry\Documents\4662f55f-be48-4b67-8649-81b87ce9d68b
[2013/10/10 15:14:07 | 000,719,301 | ---- | M] () -- C:\Users\Terry\Documents\Scan0018.jpg
[2013/10/10 03:26:38 | 000,497,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/10/10 03:06:41 | 000,774,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 16:12:48 | 000,144,548 | ---- | M] () -- C:\Users\Terry\Documents\Scan0017.jpg
[2013/10/09 15:30:58 | 000,509,612 | ---- | M] () -- C:\Users\Terry\Documents\Scan0016.jpg
[2013/10/09 11:06:45 | 000,188,600 | ---- | M] () -- C:\Users\Terry\Documents\Scan0214.pdf
[2013/10/09 09:24:54 | 000,232,421 | ---- | M] () -- C:\Users\Terry\Documents\Scan0213.pdf
[2013/10/08 12:10:20 | 001,215,908 | ---- | M] () -- C:\Users\Terry\Documents\Scan0212.pdf
[2013/10/08 11:30:41 | 000,364,627 | ---- | M] () -- C:\Users\Terry\Documents\Scan0015.jpg
[2013/10/08 09:51:31 | 000,408,834 | ---- | M] () -- C:\Users\Terry\Documents\Scan0211.pdf
[2013/10/08 09:39:37 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/08 07:50:37 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 07:46:52 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 07:46:47 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 07:46:23 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/07 15:34:16 | 000,004,469 | ---- | M] () -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt.htm
[2013/10/07 13:35:26 | 000,533,836 | ---- | M] () -- C:\Users\Terry\Documents\Scan0210.pdf
[2013/10/07 10:06:33 | 008,909,700 | ---- | M] () -- C:\Users\Terry\Documents\Scan0209.pdf
[2013/09/27 19:00:58 | 001,390,367 | ---- | M] () -- C:\Users\Terry\Documents\Scan0208.pdf
[2013/09/27 18:35:04 | 000,611,905 | ---- | M] () -- C:\Users\Terry\Documents\Scan0207.pdf
[2013/09/27 18:33:19 | 000,670,541 | ---- | M] () -- C:\Users\Terry\Documents\Scan0206.pdf
[2013/09/27 18:31:31 | 000,657,621 | ---- | M] () -- C:\Users\Terry\Documents\Scan0205.pdf
[2013/09/27 17:03:29 | 000,307,214 | ---- | M] () -- C:\Users\Terry\Documents\Scan0204.pdf
[2013/09/27 15:46:05 | 001,940,399 | ---- | M] () -- C:\Users\Terry\Documents\Scan0203.pdf
[2013/09/27 15:08:59 | 001,924,856 | ---- | M] () -- C:\Users\Terry\Documents\Scan0202.pdf
[2013/09/26 14:10:29 | 002,783,562 | ---- | M] () -- C:\Users\Terry\Documents\Scan0201.pdf
[2013/09/24 16:48:30 | 000,262,237 | ---- | M] () -- C:\Users\Terry\Documents\Scan0200.pdf
[2013/09/24 16:42:46 | 011,735,017 | ---- | M] () -- C:\Users\Terry\Documents\Scan0199.pdf
[2013/09/24 16:21:08 | 001,320,314 | ---- | M] () -- C:\Users\Terry\Documents\Scan0198.pdf
[2013/09/24 16:14:12 | 000,080,810 | ---- | M] () -- C:\Users\Terry\Documents\Scan0197.pdf
[2013/09/24 14:44:51 | 001,376,620 | ---- | M] () -- C:\Users\Terry\Documents\Scan0196.pdf
[2013/09/24 12:19:34 | 000,332,749 | ---- | M] () -- C:\Users\Terry\Documents\Scan0195.pdf
[2013/09/24 05:23:15 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/09/24 05:21:24 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/09/24 05:21:22 | 000,735,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/24 05:20:50 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/24 04:58:14 | 000,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/09/24 04:56:26 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/09/24 04:55:51 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/23 17:44:55 | 000,634,181 | ---- | M] () -- C:\Users\Terry\Documents\Scan0194.pdf
[2013/09/23 17:43:08 | 000,621,362 | ---- | M] () -- C:\Users\Terry\Documents\Scan0193.pdf

========== Files Created - No Company Name ==========

[2013/10/23 12:04:31 | 000,087,462 | ---- | C] () -- C:\Users\Terry\Documents\cc_20131023_120429.reg
[2013/10/22 10:38:36 | 000,188,419 | ---- | C] () -- C:\Users\Terry\Desktop\High Res Santa Closeup with Sack482.tif
[2013/10/22 10:28:05 | 000,506,442 | ---- | C] () -- C:\Users\Terry\Desktop\SWEET_TEA_RIDER.pdf
[2013/10/22 10:27:10 | 000,139,674 | ---- | C] () -- C:\Users\Terry\Desktop\ED ROLAND & THE SWEET TEA PROJECT - Nov 02 2013 - Private Residence _ Michael Robison - Atlanta, GA - Contract.pdf
[2013/10/21 15:18:38 | 000,039,734 | ---- | C] () -- C:\Users\Terry\Documents\Scan0005.rtf
[2013/10/21 09:48:42 | 000,061,193 | ---- | C] () -- C:\Users\Terry\Documents\Santa Tom and Mrs. Terry Claus.png
[2013/10/18 17:09:07 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\Panda Cloud Office Protection Distribution Tool.lnk
[2013/10/18 15:30:11 | 000,030,167 | ---- | C] () -- C:\Users\Terry\Documents\Scan0004.rtf
[2013/10/18 13:21:55 | 002,509,707 | ---- | C] () -- C:\Users\Terry\Documents\Scan0222.pdf
[2013/10/18 10:35:53 | 002,063,806 | ---- | C] () -- C:\Users\Terry\Desktop\Piedmont Room Sconce.JPG
[2013/10/16 17:41:36 | 000,299,449 | ---- | C] () -- C:\Users\Terry\Desktop\Chick-fil-A Receipt from Oct 14, 2013.pdf
[2013/10/16 17:41:03 | 000,295,092 | ---- | C] () -- C:\Users\Terry\Documents\Scan0221.pdf
[2013/10/16 16:50:11 | 000,184,228 | ---- | C] () -- C:\Users\Terry\Desktop\Receipts for Rachel Paccione from Oct 9, 2013.pdf
[2013/10/16 16:48:24 | 000,220,559 | ---- | C] () -- C:\Users\Terry\Documents\Scan0019.jpg
[2013/10/16 12:22:54 | 002,560,946 | ---- | C] () -- C:\Users\Terry\Documents\Scan0220.pdf
[2013/10/15 12:52:53 | 000,542,425 | ---- | C] () -- C:\Users\Terry\Documents\Scan0219.pdf
[2013/10/15 11:14:29 | 000,577,319 | ---- | C] () -- C:\Users\Terry\Desktop\Wynalda CC Auth Oct 15, 2013.pdf
[2013/10/15 11:13:43 | 000,573,001 | ---- | C] () -- C:\Users\Terry\Documents\Scan0218.pdf
[2013/10/15 09:35:01 | 000,011,370 | ---- | C] () -- C:\Users\Terry\Desktop\Home Depot Gate.pdf
[2013/10/14 10:35:43 | 000,108,034 | ---- | C] () -- C:\Users\Terry\Desktop\Santa Tom and Mrs. Terry Claus.png
[2013/10/14 09:38:20 | 000,004,891 | ---- | C] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013-a.jpg
[2013/10/14 09:29:48 | 000,005,870 | ---- | C] () -- C:\Users\Terry\Desktop\Boy George Oct 12, 2013.jpg
[2013/10/11 16:59:04 | 000,435,208 | ---- | C] () -- C:\Users\Terry\Documents\Scan0217.pdf
[2013/10/11 14:13:43 | 000,261,063 | ---- | C] () -- C:\Users\Terry\Documents\Scan0216.pdf
[2013/10/11 10:22:28 | 000,340,278 | ---- | C] () -- C:\Users\Terry\Desktop\WC Dec Page.pdf
[2013/10/11 10:22:06 | 000,335,921 | ---- | C] () -- C:\Users\Terry\Documents\Scan0215.pdf
[2013/10/10 15:14:07 | 000,719,301 | ---- | C] () -- C:\Users\Terry\Documents\Scan0018.jpg
[2013/10/09 18:48:47 | 000,001,515 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk
[2013/10/09 16:12:48 | 000,144,548 | ---- | C] () -- C:\Users\Terry\Documents\Scan0017.jpg
[2013/10/09 15:30:57 | 000,509,612 | ---- | C] () -- C:\Users\Terry\Documents\Scan0016.jpg
[2013/10/09 11:06:45 | 000,188,600 | ---- | C] () -- C:\Users\Terry\Documents\Scan0214.pdf
[2013/10/09 09:24:54 | 000,232,421 | ---- | C] () -- C:\Users\Terry\Documents\Scan0213.pdf
[2013/10/08 12:10:19 | 001,215,908 | ---- | C] () -- C:\Users\Terry\Documents\Scan0212.pdf
[2013/10/08 11:30:41 | 000,364,627 | ---- | C] () -- C:\Users\Terry\Documents\Scan0015.jpg
[2013/10/08 09:51:31 | 000,408,834 | ---- | C] () -- C:\Users\Terry\Documents\Scan0211.pdf
[2013/10/08 09:39:37 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/10/08 09:39:36 | 000,000,338 | ---- | C] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013/10/07 15:34:16 | 000,004,469 | ---- | C] () -- C:\Users\Terry\Desktop\Airport Area Chamber of Commerce Payment receipt.htm
[2013/10/07 13:35:26 | 000,533,836 | ---- | C] () -- C:\Users\Terry\Documents\Scan0210.pdf
[2013/10/07 10:06:29 | 008,909,700 | ---- | C] () -- C:\Users\Terry\Documents\Scan0209.pdf
[2013/09/27 19:00:57 | 001,390,367 | ---- | C] () -- C:\Users\Terry\Documents\Scan0208.pdf
[2013/09/27 18:35:04 | 000,611,905 | ---- | C] () -- C:\Users\Terry\Documents\Scan0207.pdf
[2013/09/27 18:33:19 | 000,670,541 | ---- | C] () -- C:\Users\Terry\Documents\Scan0206.pdf
[2013/09/27 18:31:31 | 000,657,621 | ---- | C] () -- C:\Users\Terry\Documents\Scan0205.pdf
[2013/09/27 17:03:29 | 000,307,214 | ---- | C] () -- C:\Users\Terry\Documents\Scan0204.pdf
[2013/09/27 15:46:04 | 001,940,399 | ---- | C] () -- C:\Users\Terry\Documents\Scan0203.pdf
[2013/09/27 15:08:58 | 001,924,856 | ---- | C] () -- C:\Users\Terry\Documents\Scan0202.pdf
[2013/09/26 14:10:28 | 002,783,562 | ---- | C] () -- C:\Users\Terry\Documents\Scan0201.pdf
[2013/09/24 16:48:29 | 000,262,237 | ---- | C] () -- C:\Users\Terry\Documents\Scan0200.pdf
[2013/09/24 16:42:39 | 011,735,017 | ---- | C] () -- C:\Users\Terry\Documents\Scan0199.pdf
[2013/09/24 16:21:07 | 001,320,314 | ---- | C] () -- C:\Users\Terry\Documents\Scan0198.pdf
[2013/09/24 16:14:12 | 000,080,810 | ---- | C] () -- C:\Users\Terry\Documents\Scan0197.pdf
[2013/09/24 14:44:50 | 001,376,620 | ---- | C] () -- C:\Users\Terry\Documents\Scan0196.pdf
[2013/09/24 12:19:33 | 000,332,749 | ---- | C] () -- C:\Users\Terry\Documents\Scan0195.pdf
[2013/09/23 17:44:55 | 000,634,181 | ---- | C] () -- C:\Users\Terry\Documents\Scan0194.pdf
[2013/09/23 17:43:08 | 000,621,362 | ---- | C] () -- C:\Users\Terry\Documents\Scan0193.pdf
[2013/08/22 10:04:46 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\PaniniULD.dll
[2013/08/15 23:40:28 | 000,000,000 | ---- | C] () -- C:\ProgramData\0x0304A000.sfl
[2013/08/15 12:40:05 | 000,007,602 | ---- | C] () -- C:\Users\Terry\AppData\Local\resmon.resmoncfg
[2013/06/17 10:48:14 | 000,000,005 | ---- | C] () -- C:\Users\Terry\AppData\Roaming\WBPU-TTL.DAT
[2013/04/23 12:32:04 | 000,774,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/23 11:53:24 | 000,000,064 | ---- | C] () -- C:\Windows\AdminIE.ini
[2013/04/23 10:14:46 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/04/22 16:04:59 | 000,000,519 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/06/20 20:49:10 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/06/20 17:14:03 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini
[2012/03/19 16:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/17 10:27:56 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/17 10:27:56 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/04/04 17:03:34 | 000,060,304 | ---- | C] () -- C:\Users\Terry\g2mdlhlpx.exe
[2011/04/01 14:26:34 | 000,103,784 | ---- | C] () -- C:\Users\Terry\GoToAssistDownloadHelper.exe

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 22:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 21:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Attached Files

  • Attached File  OTL.Txt   137.38KB   104 downloads
  • Attached File  Extras.Txt   42.43KB   153 downloads

  • 0

Advertisements

#2
godawgs
Posted 24 October 2013 - 08:27 PM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello rfair404, :wave: Welcome back to the forums!

Is this your computer or do you have a computer business or work for one and this is a computer that you are cleaning for a fee?
  • 0

#3
rfair404
Posted 24 October 2013 - 10:31 PM

rfair404

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
It is not my computer it is a friend of mine who does not know anything about computers. I'm a web developer so all of my friends think that I know "everything" about computers. I told them that I;d give it a shot. As for charging fees, it will probably equate to "beer money," which I'd gladly split (the beers) with anyone who offers help!
  • 0

#4
godawgs
Posted 25 October 2013 - 07:55 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the clarification. While we aren't here to support companies or individuals who repair computers as a business, we are happy to help in a case like this. We just like to know what we are dealing with.

Let's see what we can do. :)

Registry Cleaning Tools

I see CCleaner is installed on the system. Please inform the owner that we recommend he not use the registry cleaner in this tool. And for that matter do not use registry cleaners at all:
A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
We strongly advise that people stay away from any of the registry cleaners out there.
Go HERE to get more information about why registry cleaners aren't needed.

First off, OTL is designed to be downloaded to and run from the desktop of the drive with the operating system on it, in this case the C:\ drive. I need you to move the OTL exe file from the G:\antimalware\win folder to the desktop. Then you can delete the OTL exe file and the OTL.txt and Extras.txt files. After that is done:


Step-1.

Malicious program uninstalls

1. Please click the Start Orb Posted Image, click Control Panel. Under the Programs or Programs and Features heading click Uninstall a program
2. In the list of programs installed, locate the following program(s):

Plus-HD-1.6

3. Right click each program and click Uninstall
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:OTL
PRC - [2013/05/30 15:48:46 | 001,253,912 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
SRV - [2013/08/15 10:10:08 | 001,643,184 | ---- | M] (AVG Secure Search) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe -- (vToolbarUpdater15.5.0)
DRV:64bit: - [2013/08/15 10:10:08 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
FF - prefs.js..extensions.enabledAddons: tidynetwork%40tidynetwork:5.0
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7D4F1959-3F72-49d5-8E59-F02F8AA6815D}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/08/15 10:11:18 | 000,000,000 | ---D | M]
[2013/10/23 12:15:32 | 000,000,000 | ---D | M] ("Plus-HD-1.6") -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
[2013/06/24 09:43:05 | 000,000,000 | ---D | M] (Tidy Network) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\tidynetwork@tidynetwork
[2013/06/24 09:42:49 | 000,195,976 | ---- | M] () (No name found) -- C:\Users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\k690h04n.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/06/24 09:43:01 | 000,000,000 | ---D | M] (Unit Layers) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
File not found (No name found) -- C:\USERS\TERRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K690H04N.DEFAULT\EXTENSIONS\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
[2013/08/08 13:47:04 | 000,000,644 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2013/08/15 10:11:18 | 000,003,697 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
O2:64bit: - BHO: (Plus-HD-1.6) - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll File not found
O2 - BHO: (no name) - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - No CLSID value found.
O2 - BHO: (no name) - {7736C7FA-512D-11E2-B871-DEC36088709B} - No CLSID value found.
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O4 - HKLM..\Run: [Search Protection] C:\ProgramData\Search Protection\SearchProtection.exe File not found
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.5.0.cab (Reg Error: Key error.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/10/23 12:15:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013/10/23 15:35:43 | 000,000,352 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job

:FILES
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state ON /c
C:\Program Files (x86)\AVG SafeGuard toolbar
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\PROGRAM FILES\UPDATER BY SWEETPACKS
C:\Program Files (x86)\Plus-HD-1.6
C:\ProgramData\Search Protection

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-3.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Right click the aswMBR.exe file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click "No"
    Posted Image
  • Be sure the A/V Scan: is set to QuickScan
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename the executable (aswMBR.exe) to iexplore.exe and try it again.


Step-4.

AdwCleaner by Xplode

Download AdwCleaner. Click here and then click the Download Now @ BleepingComputer button. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.
  • Right click the AdwCleaner icon Posted Image on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.

    Posted Image
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending. Please uncheck elements you don't want to remove. Do Not delete anything at this time.
  • Click the Report button to get the log.
  • Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.
  • Click the X in the upper right corner of the program or click the File menu and click Exit to close the program.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.


Step-5.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

createrestorepoint
netsvcs
baseservices
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C


2. Re-open Posted Imageon the desktop. To do that:
  • Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Click the box beside Scan All Users at the top of the console<---Very Important
  • Click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt. This file is also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.

Step-6.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the program uninstall went
2. The OTL fixes log
3. The aswMBR log
4. The AdwCleaner[R0].txt log
5. The new OTL.txt log
  • 0

#5
godawgs
Posted 29 October 2013 - 08:25 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP