Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

low/no memory error suspect malware [Closed] [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looks good! :)

Please proceed with the steps in post number 7 and post the logs when they are completed. :)
  • 0

Advertisements


#17
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
ITL Results - Thank you :thumbsup:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@doubletwist.com/NPPodcast\ deleted successfully.
C:\Program Files\Common Files\doubleTwist\NPPodcast.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13D095-45C3-4271-9475-F3B48227DD9F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5911488E-9D1E-40ec-8CBB-06B231CC153F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\ deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate folder moved successfully.
C:\Program Files\DriverUpdate folder moved successfully.
C:\Users\Public\Documents\Downloaded Installers\{850A14FC-F410-47F7-94E4-38F4D3F270D4} folder moved successfully.
C:\Users\Public\Documents\Downloaded Installers folder moved successfully.
C:\Windows\Tasks\DriverUpdate Startup.job moved successfully.
File C:\Windows\tasks\DriverUpdate Startup.job not found.
C:\Users\Public\Desktop\DriverUpdate.lnk moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\OpenCandy\OpenCandy_CEC3820DA1FB4186A5BD33514C04B87A folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\OpenCandy\OpenCandy_4912CDF94B5642FF96BD169E6EEFDCB1 folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Alonso Alienware\AppData\Roaming\Uniblue folder moved successfully.
File C:\Windows\System32\??7AEI.exe.000003.dmp not found.
File C:\Windows\System32\??7AEI.exe.000003.dmp not found.
File C:\Windows\System32\??7aei.exe.000002.xml not found.
File C:\Windows\System32\??7AEI.exe.000002.dmp not found.
File C:\Windows\System32\??7aei.exe.000002.xml not found.
File C:\Windows\System32\??7AEI.exe.000002.dmp not found.
ADS C:\ProgramData\TEMP:0FF263E8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Alonso Alienware
->Temp folder emptied: 412603 bytes
->Temporary Internet Files folder emptied: 2961753 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 22011074 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: bob
->Temp folder emptied: 411487 bytes
->Temporary Internet Files folder emptied: 10014133 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 506 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-ALONSOALIENWARE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

User: Public

User: Sarah
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

User: UpdatusUser.AlonsoAlienware
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4582 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 34.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11262013_150049

Files\Folders moved on Reboot...
C:\Users\Alonso Alienware\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Looking good :thumbsup: Have you had the opportunity to run the other steps? :)
  • 0

#19
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I'm sorry I missed steps 3, 4 and 5 when I initially printed out the instructions. Below please find the content of the missing files. Thank you :happy:



AdvCleaner:
# AdwCleaner v3.013 - Report created 28/11/2013 at 11:17:12
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Alonso Alienware - ALONSOALIENWARE
# Running from : C:\Users\Alonso Alienware\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Updater Service for StartNow Toolbar

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\~0
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Folder Deleted : C:\Program Files\Guffins
Folder Deleted : C:\Program Files\myfree codec
Folder Deleted : C:\Program Files\openit
Folder Deleted : C:\Program Files\Common Files\FreeCause
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\apn
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\Conduit
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\PackageAware
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Alonso Alienware\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alonso Alienware\AppData\Roaming\DSite
Folder Deleted : C:\Users\bob\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Sarah\AppData\Local\Conduit
Folder Deleted : C:\Users\Sarah\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
[!] Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
[!] Folder Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\Open It!.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{833A6DD2-10B4-485C-87A7-F442CAD29C2C}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{833A6DD2-10B4-485C-87A7-F442CAD29C2C}
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Alonso Alienware\AppData\Roaming\Mozilla\Firefox\Profiles\5f7x20jf.default\prefs.js ]


[ File : C:\Users\bob\AppData\Roaming\Mozilla\Firefox\Profiles\jtklmqwz.default\prefs.js ]


[ File : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\wcmacv8j.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

[ File : C:\Users\bob\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [10831 octets] - [28/11/2013 11:13:22]
AdwCleaner[S0].txt - [10668 octets] - [28/11/2013 11:17:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10729 octets] ##########

Junkware Removal Tool:
[/b
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by Alonso Alienware on Thu 11/28/2013 at 11:49:00.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211621176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Deal Spy_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211621176}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] C:\Users\Alonso Alienware\AppData\Roaming\FCTB000000001
Successfully deleted: [Folder] "C:\Users\Alonso Alienware\AppData\Roaming\zip opener packages"
Successfully deleted: [Folder] "C:\Users\Alonso Alienware\appdata\local\cre"
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{10025C99-6C60-4275-9E69-FED3882B8F75}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{1337614B-258E-47C5-9CAC-1C83EE7263D1}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{3634C027-8EC5-4013-B3F4-DE19C5AECC47}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{54C66E75-3B5C-4F3E-B97C-AFC12277ED0C}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{60215095-B65F-4259-8B86-CDF137FB0F63}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{6FCBB362-29A7-49EA-B62F-85C4671C5F84}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{846F0882-C811-4959-A10E-6B5945878EFD}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{9278CEB3-0517-419B-ABEA-7568508B5219}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{C4CA69E6-2D3B-49CE-A876-B753B7E5F8E6}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{E81ABC72-82C7-4E01-8204-E2F90202829E}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{F0249C7D-38B7-46EF-B100-442651F81FAB}
Successfully deleted: [Empty Folder] C:\Users\Alonso Alienware\appdata\local\{FF83BC16-507A-414B-95DA-7B9454C57341}



~~~ FireFox

Emptied folder: C:\Users\Alonso Alienware\AppData\Roaming\mozilla\firefox\profiles\5f7x20jf.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 11/28/2013 at 12:06:25.25
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[b]OTL Quick Scan log


OTL logfile created on: 11/28/2013 12:08:13 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alonso Alienware\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 63.86% Memory free
5.50 Gb Paging File | 4.32 Gb Available in Paging File | 78.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 176.37 Gb Free Space | 59.17% Space Free | Partition Type: NTFS

Computer Name: ALONSOALIENWARE | User Name: Alonso Alienware | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/12 10:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso Alienware\Desktop\OTL (1).exe
PRC - [2013/10/29 16:19:57 | 000,241,360 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe
PRC - [2013/10/14 08:33:12 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/09 20:02:12 | 001,621,512 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\casc.exe
PRC - [2013/10/09 20:02:09 | 000,257,544 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2013/10/09 20:02:09 | 000,208,392 | ---- | M] (Total Defense, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/23 16:15:18 | 007,342,592 | ---- | M] (Google Inc.) -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/03 22:09:34 | 002,763,152 | ---- | M] () -- C:\Windows\System32\svcprs32.exe
PRC - [2013/09/03 22:01:18 | 003,213,712 | ---- | M] () -- C:\Windows\System32\mdmcls32.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alonso Alienware\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/13 14:33:02 | 001,693,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
PRC - [2013/05/13 14:33:02 | 001,113,296 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
PRC - [2013/01/18 09:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/18 09:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/09 11:30:28 | 000,032,368 | ---- | M] (Sanford, L.P.) -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
PRC - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
PRC - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe
PRC - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/08 13:21:52 | 000,025,824 | ---- | M] (Memeo) -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
PRC - [2010/01/18 10:27:10 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
PRC - [2010/01/07 14:36:50 | 000,598,696 | ---- | M] ( ) -- C:\Windows\System32\lxeccoms.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/09 20:02:12 | 000,589,824 | ---- | M] () -- C:\Program Files\CA\CA Internet Security Suite\log4cplusU.dll
MOD - [2013/09/23 16:03:42 | 000,344,064 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/09/23 16:03:22 | 000,231,936 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/09/23 16:02:32 | 000,253,440 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/09/23 16:01:52 | 000,117,248 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/07/14 15:33:45 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 15:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 15:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 15:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 15:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 15:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/28 17:57:46 | 000,091,520 | ---- | M] () -- C:\Program Files\SOS Online Backup\ClientApi.dll
MOD - [2011/01/23 18:47:42 | 000,770,728 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe
MOD - [2010/04/05 04:56:17 | 002,203,803 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizres.dll
MOD - [2010/04/01 11:24:28 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecdrs.dll
MOD - [2010/04/01 11:23:27 | 000,389,120 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecscw.dll
MOD - [2010/01/18 10:27:10 | 000,139,944 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe
MOD - [2009/05/27 11:16:52 | 000,192,512 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\lxecdatr.dll
MOD - [2009/04/07 13:25:27 | 000,409,600 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\iptk.dll
MOD - [2009/03/30 06:37:47 | 000,094,208 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epoemdll.dll
MOD - [2009/03/30 06:37:46 | 000,045,056 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epstring.dll
MOD - [2009/03/30 06:37:28 | 000,708,608 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epwizard.dll
MOD - [2009/03/30 06:35:40 | 000,159,744 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\customui.dll
MOD - [2009/03/30 06:35:22 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\epfunct.dll
MOD - [2009/03/30 06:35:17 | 000,118,784 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\eputil.dll
MOD - [2009/03/30 06:35:05 | 000,139,264 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\imagutil.dll
MOD - [2009/03/09 23:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxeccaps.dll
MOD - [2009/03/02 08:25:47 | 000,151,552 | ---- | M] () -- C:\Program Files\Lexmark Pro800-Pro900 Series\lxecptp.dll
MOD - [2009/02/20 02:48:43 | 000,023,552 | ---- | M] () -- C:\Windows\System32\LXECsmr.dll
MOD - [2009/02/20 02:48:03 | 000,299,008 | ---- | M] () -- C:\Windows\System32\LXECsm.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54GS.exe -- (WUSB54GSSVC)
SRV - [2013/11/25 08:17:32 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/21 15:02:44 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/30 14:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/29 16:19:57 | 000,241,360 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2013/10/09 20:02:09 | 000,257,544 | ---- | M] (Total Defense, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2013/10/09 20:02:09 | 000,208,392 | ---- | M] (Total Defense, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/03 22:09:34 | 002,763,152 | ---- | M] () [Auto | Running] -- C:\Windows\System32\svcprs32.exe -- (WinSvchostManager)
SRV - [2013/09/03 22:01:18 | 003,213,712 | ---- | M] () [Auto | Running] -- C:\Windows\System32\mdmcls32.exe -- (WinExtManager)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/10/09 11:30:28 | 000,032,368 | ---- | M] (Sanford, L.P.) [Auto | Running] -- C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService)
SRV - [2012/08/23 11:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/08/12 02:01:50 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/06/27 22:58:16 | 000,804,536 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2011/06/13 21:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/30 03:01:26 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/05/06 13:07:18 | 000,460,144 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2011/05/06 12:58:52 | 001,085,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2011/04/04 11:42:28 | 000,662,096 | ---- | M] (CA) [Auto | Running] -- C:\Program Files\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/08 13:21:52 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/04/14 19:08:06 | 000,193,192 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxecserv.exe -- (lxecCATSCustConnectService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)


========== Driver Services (SafeList) ==========

DRV - [2013/11/26 14:35:21 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/02/25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/10/12 15:33:50 | 000,064,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2012/09/09 10:22:09 | 000,009,072 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\15434 -- (15434)
DRV - [2012/06/11 10:06:35 | 000,107,088 | ---- | M] (CA) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\KmxFw.sys -- (KmxFw)
DRV - [2011/10/27 15:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot | Running] -- C:\Windows\System32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 11:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/09/06 21:04:20 | 000,152,656 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxCF.sys -- (KmxCF)
DRV - [2011/09/06 21:04:20 | 000,066,128 | ---- | M] (CA) [Kernel | System | Running] -- C:\Windows\System32\drivers\KmxFilter.sys -- (KmxFilter)
DRV - [2011/09/06 21:03:38 | 000,081,488 | ---- | M] (CA) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KmxSbx.sys -- (KmxSbx)
DRV - [2011/09/06 21:03:38 | 000,063,056 | ---- | M] (CA) [File_System | System | Running] -- C:\Windows\System32\drivers\KmxFile.sys -- (KmxFile)
DRV - [2011/09/06 21:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/07/07 18:21:28 | 000,139,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/03/09 21:29:18 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010/11/09 14:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/03/11 15:18:56 | 000,068,762 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jl2005c.sys -- (JL2005C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C 31 B8 10 2E DF CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{37847AED-F900-4C3A-A265-AD9AFC040383}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alonso Alienware\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alonso Alienware\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Users\Alonso Alienware\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\Firefox [2013/10/10 05:38:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/07/12 17:50:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/21 15:02:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/11/21 15:02:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/08/10 16:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Extensions
[2011/08/10 16:39:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013/10/06 10:31:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Firefox\Profiles\5f7x20jf.default\extensions
[2013/04/01 14:33:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Firefox\Profiles\ncd3cekb.default\extensions
[2013/07/07 20:04:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Firefox\Profiles\ncd3cekb.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
[2012/06/11 16:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Firefox\Profiles\y5kumroa.default\extensions
[2012/06/11 16:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\Firefox\Profiles\y5kumroa.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\SeaMonkey\Profiles\t2j50o79.default\extensions
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\SeaMonkey\Profiles\t2j50o79.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\SeaMonkey\Profiles\t2j50o79.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Alonso Alienware\AppData\Roaming\mozilla\SeaMonkey\Profiles\t2j50o79.default\extensions\[email protected]
[2013/11/21 15:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/11/21 15:02:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/21 15:02:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/11/21 15:02:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/21 15:02:47 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/06 16:16:03 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/ig
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: iCloud Control Panel (Enabled) = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.0.24_0\win-x32/AppleChromeDAV.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: doubletwist Plugin 1, 3, 0, 0 (Disabled) = C:\Program Files\Common Files\doubleTwist\NPPodcast.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Alonso Alienware\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Users\Alonso Alienware\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_152.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: Google Docs = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Tasks (by Google) = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmglolhoplikcoamfgjgammjbgchgjdd\1.0_0\
CHR - Extension: Pandora = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: iCloud Bookmarks = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.0.24_0\
CHR - Extension: Total Defense Anti-Phishing Toolbar = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpdpkkpdlooddakbebmkeeegehfjdnih\2.2.0.33_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.13.0.13771_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0\
CHR - Extension: Google Wallet = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Cork Board = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\omedpokkgakfifajbapagggilbcenaga\1.0_0\
CHR - Extension: Evernote Web Clipper = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\6.0.3_0\
CHR - Extension: Gmail = C:\Users\Alonso Alienware\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/25 08:33:19 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Total Defense Anti-Phishing Toolbar Helper) - {45011CF5-E4A9-4F13-9093-F30A784EB9B2} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Total Defense Anti-Phishing Toolbar) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Phishing\Toolbar\caIEToolbar.dll (Total Defense, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark Pro800-Pro900 Series\ezprint.exe ()
O4 - HKLM..\Run: [lxecmon.exe] C:\Program Files\Lexmark Pro800-Pro900 Series\lxecmon.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found
O4 - HKCU..\Run: [MusicManager] C:\Users\Alonso Alienware\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - Startup: C:\Users\Alonso Alienware\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alonso Alienware\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFile = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRunasInstallPrompt = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} http://site.ebrary.c...s/ebraryRdr.cab (Infotl Control)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://qcmailb.qc.cuny.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.goo...7/uploader2.cab (UploadListView Class)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://qcmaila.qc.cuny.edu/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://meetdbm.webe...bex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.13.180 167.206.13.181
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1CB5F1A-B3E8-479A-981F-E5942786106E}: DhcpNameServer = 167.206.13.180 167.206.13.181
O18 - Protocol\Handler\biblioscape - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O20 - AppInit_DLLs: (UmxSbxExw.dll) - C:\Windows\System32\UmxSbxExw.dll (CA)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\PFW: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\ExplorerFrame.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Alonso Alienware\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Alonso Alienware\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/28 11:34:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/28 11:27:52 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Alonso Alienware\Desktop\JRT.exe
[2013/11/28 11:02:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/26 15:00:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/25 11:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\WinDirStat
[2013/11/25 11:39:32 | 000,645,729 | ---- | C] (WDS Team) -- C:\Users\Alonso Alienware\Desktop\windirstat1_1_2_setup.exe
[2013/11/25 08:22:46 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Alonso Alienware\Desktop\TFC (1).exe
[2013/11/21 15:02:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/11/12 10:16:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alonso Alienware\Desktop\OTL (1).exe
[2013/11/01 13:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/01 13:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/28 11:46:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/28 11:46:05 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/28 11:38:17 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/11/28 11:38:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/28 11:38:02 | 2214,240,256 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/28 11:37:34 | 004,208,621 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k0
[2013/11/28 11:37:34 | 000,288,556 | ---- | M] () -- C:\Windows\System32\drivers\KmxAgent.asc
[2013/11/28 11:37:34 | 000,000,309 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k0
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k7
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k6
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k5
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k4
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k3
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k2
[2013/11/28 11:37:34 | 000,000,085 | ---- | M] () -- C:\Windows\System32\drivers\kmxcfg.u2k1
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k7
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k6
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k5
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k4
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k3
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k2
[2013/11/28 11:37:34 | 000,000,049 | ---- | M] () -- C:\Windows\System32\drivers\kmxzone.u2k1
[2013/11/28 11:28:11 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Alonso Alienware\Desktop\JRT.exe
[2013/11/28 11:27:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3628686094-2783285445-329609012-1000UA.job
[2013/11/28 11:20:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/28 11:01:10 | 001,091,882 | ---- | M] () -- C:\Users\Alonso Alienware\Desktop\adwcleaner.exe
[2013/11/26 14:35:21 | 000,013,464 | ---- | M] () -- C:\Windows\System32\drivers\SWDUMon.sys
[2013/11/25 12:26:40 | 000,002,157 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk
[2013/11/25 12:26:40 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/11/25 12:26:40 | 000,002,052 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk
[2013/11/25 12:26:40 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\doubleTwist.lnk
[2013/11/25 12:26:40 | 000,002,001 | ---- | M] () -- C:\Users\Public\Desktop\Launch Lexmark Printer Home.LNK
[2013/11/25 12:26:40 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\SOS Online Backup.lnk
[2013/11/25 12:26:40 | 000,001,266 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Online Backup.lnk
[2013/11/25 12:26:40 | 000,001,052 | ---- | M] () -- C:\Users\Public\Desktop\FlipShare.lnk
[2013/11/25 12:26:40 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk
[2013/11/25 12:26:40 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2013/11/25 12:26:40 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk
[2013/11/25 12:26:40 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/11/25 12:26:40 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\Freeplane.lnk
[2013/11/25 12:26:40 | 000,000,914 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2011.lnk
[2013/11/25 12:26:40 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Fix it Center.lnk
[2013/11/25 12:24:58 | 000,043,738 | ---- | M] () -- C:\Users\Alonso Alienware\Desktop\CDrive112513.png
[2013/11/25 12:22:41 | 000,609,450 | ---- | M] () -- C:\Users\Alonso Alienware\Desktop\WinDirStat112513.png
[2013/11/25 11:43:04 | 000,000,989 | ---- | M] () -- C:\Users\Alonso Alienware\Desktop\WinDirStat.lnk
[2013/11/25 11:39:44 | 000,645,729 | ---- | M] (WDS Team) -- C:\Users\Alonso Alienware\Desktop\windirstat1_1_2_setup.exe
[2013/11/25 08:22:52 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso Alienware\Desktop\TFC (1).exe
[2013/11/24 16:00:00 | 000,000,462 | ---- | M] () -- C:\Windows\tasks\SOS Online Backup - [email protected]
[2013/11/21 15:05:48 | 000,660,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/21 15:05:48 | 000,121,224 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/21 15:01:03 | 000,000,090 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Roaming\WB.CFG
[2013/11/21 15:01:02 | 000,000,006 | ---- | M] () -- C:\Users\Alonso Alienware\AppData\Roaming\WBPU-TTL.DAT
[2013/11/19 19:16:43 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/17 13:27:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3628686094-2783285445-329609012-1000Core.job
[2013/11/12 10:17:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alonso Alienware\Desktop\OTL (1).exe
[2013/11/01 13:06:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[20 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/28 11:00:53 | 001,091,882 | ---- | C] () -- C:\Users\Alonso Alienware\Desktop\adwcleaner.exe
[2013/11/25 12:24:52 | 000,043,738 | ---- | C] () -- C:\Users\Alonso Alienware\Desktop\CDrive112513.png
[2013/11/25 12:22:21 | 000,609,450 | ---- | C] () -- C:\Users\Alonso Alienware\Desktop\WinDirStat112513.png
[2013/11/25 11:43:04 | 000,000,989 | ---- | C] () -- C:\Users\Alonso Alienware\Desktop\WinDirStat.lnk
[2013/10/09 20:09:10 | 001,424,904 | ---- | C] () -- C:\Windows\System32\cfgmig32.dll
[2013/10/09 20:08:52 | 001,755,536 | ---- | C] () -- C:\Windows\System32\winsflt.dll
[2013/10/09 20:08:51 | 003,213,712 | ---- | C] () -- C:\Windows\System32\mdmcls32.exe
[2013/07/29 11:01:05 | 000,000,090 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Roaming\WB.CFG
[2013/06/16 09:04:03 | 000,000,006 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Roaming\WBPU-TTL.DAT
[2013/04/18 18:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/04/18 18:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/04/18 18:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 18:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 18:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/01/31 13:11:39 | 000,000,862 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Local\recently-used.xbel
[2013/01/03 17:09:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/06/11 16:44:03 | 000,000,007 | ---- | C] () -- C:\Windows\System32\mkghj.dll
[2012/06/11 09:18:18 | 002,763,152 | ---- | C] () -- C:\Windows\System32\svcprs32.exe
[2012/06/11 09:18:17 | 004,110,736 | ---- | C] () -- C:\Windows\System32\win32cpr.dll
[2012/06/11 09:18:15 | 000,100,752 | ---- | C] () -- C:\Windows\System32\winsfinst.exe
[2012/04/08 22:14:58 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/03/02 01:54:58 | 000,004,076 | ---- | C] () -- C:\Users\Alonso Alienware\.ganttproject
[2011/08/26 07:57:50 | 000,000,600 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Local\PUTTY.RND
[2011/06/29 16:36:01 | 000,002,875 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Roaming\SAS7_000.DAT
[2010/09/18 08:13:42 | 000,000,118 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Roaming\MTC-savedfolder.dat
[2010/02/26 19:23:04 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/02/17 16:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Alonso Alienware\ipodApps
[2010/02/11 11:39:28 | 000,000,760 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Roaming\setup_ldm.iss
[2009/07/31 21:44:59 | 000,177,664 | ---- | C] () -- C:\Users\Alonso Alienware\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/26 11:08:44 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\.minecraft
[2011/08/10 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Acronis
[2011/08/10 16:36:02 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Amazon
[2011/08/10 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Broderbund
[2011/08/10 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\BSD
[2011/08/10 16:38:53 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\CBS Interactive
[2012/11/06 10:32:27 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\CompuClever
[2013/05/28 14:12:17 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\DirectLife
[2013/11/28 11:42:39 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Dropbox
[2011/08/19 11:47:26 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Easeware
[2012/02/13 14:42:28 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\FileZilla
[2011/08/10 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Flip Video
[2011/08/10 16:38:57 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\FreeImageConverter
[2011/08/18 21:28:49 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\GetRightToGo
[2011/08/10 16:38:57 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Individual Software
[2011/08/10 16:38:58 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Leadertech
[2013/08/21 17:50:58 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Memeo
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\NCH Swift Sound
[2011/08/10 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\OpenOffice.org
[2011/08/10 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\OverDrive
[2011/08/10 16:39:13 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Palm
[2011/10/12 14:50:57 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Sammsoft
[2013/08/21 17:50:59 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Seagate
[2011/08/10 16:39:15 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Serif
[2011/08/10 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Spearit
[2011/08/10 16:39:15 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Stardock
[2011/08/18 19:34:31 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\SystemRequirementsLab
[2011/08/10 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\TechSmith
[2011/08/10 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Unity
[2011/08/10 16:39:17 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\webex
[2011/08/10 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Winff
[2011/08/10 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Alonso Alienware\AppData\Roaming\Wolfram Research

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/08/18 13:54:56 | 000,135,260 | ---- | M] ()(C:\Windows\System32\??7AEI.exe.000003.dmp) -- C:\Windows\System32\蚈7AEI.exe.000003.dmp
[2011/08/18 13:54:56 | 000,135,260 | ---- | C] ()(C:\Windows\System32\??7AEI.exe.000003.dmp) -- C:\Windows\System32\蚈7AEI.exe.000003.dmp
[2011/08/18 13:54:56 | 000,000,977 | ---- | M] ()(C:\Windows\System32\??7aei.exe.000002.xml) -- C:\Windows\System32\蚈7aei.exe.000002.xml
[2011/08/18 13:54:53 | 000,126,548 | ---- | M] ()(C:\Windows\System32\??7AEI.exe.000002.dmp) -- C:\Windows\System32\蚈7AEI.exe.000002.dmp
[2011/08/18 13:54:53 | 000,000,977 | ---- | C] ()(C:\Windows\System32\??7aei.exe.000002.xml) -- C:\Windows\System32\蚈7aei.exe.000002.xml
[2011/08/18 13:54:44 | 000,126,548 | ---- | C] ()(C:\Windows\System32\??7AEI.exe.000002.dmp) -- C:\Windows\System32\蚈7AEI.exe.000002.dmp

< End of report >
  • 0

#20
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) A quick question: How is the computer running now? We still have some things to check, but I'd like to get an idea how it's running now? Any better?
  • 0

#21
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi,

It seems to be running pretty well. I haven't seen any of the low memory error messages. :thumbsup:
  • 0

#22
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Hi,

It seems to be running pretty well. I haven't seen any of the low memory error messages. :thumbsup:


Ok, good :) I've submitted what I want to do next to my teacher and soon as he approves we'll continue. :thumbsup:
  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's run a sweep for remnants and check for any out of date programs on your machine. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: ESET Online Scanner


ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 2: Scan with Malwarebytes

Posted Image Please download Malwarebytes' Anti-Malware from Here.

  • Double Click mbam-setup.exe to install the application (Windows 7 users, right click and select Run as Administrator.)
  • Proceed through the setup
    • Choose your language
    • Accept the License Agreement
    • Select Destination Location
    • Select Start Menu Folder
    • Select Addtional Tasks
    • Click Install
    • In the Completeing the Malwarebytes Anti-Malware Setup Wizard Window
      • Uncheck Enable free trial of Malwarebytes Anti-Malware PRO
      • Keep the check mark beside Update Malwarebytes' Anti-Malware
      • Keep the check mark beside Launch Malwarebytes' Anti-Malware
    • Click Finish.
    • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan
  • Click Scan. The scan may take some time to finish,so please be patient.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#24
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Happy Monday,

I turned off my virus scanner and clicked on the link for ESET and received an error stating "This webpage has a redirect loop". It had a "reload" and "more" button. Reload re-displayed the error message. The 'more' button gave this text:

"The webpage at http://www.eset.com/online-scanner has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Learn more about this problem.
Error code: ERR_TOO_MANY_REDIRECTS"
Please let me know what I need to do. Thank you!
Kate
  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Happy Monday


Happy Monday to you as well. :)

Which browser were you using when you got this error?

You can use either Firefox or Internet Explorer for this. Whichever one you got the error on, give the other one a try and let see what happens.
  • 0

Advertisements


#26
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Google chrome
  • 0

#27
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
I will re try using IE. Thanks
  • 0

#28
kate720

kate720

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry if I am being too literal, but the eset page (attached) doesn't have a Run ESET online scanner option. It has a free trial option. Is that what I should be using?

Attached Thumbnails

  • esetScreen.png

  • 0

#29
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
The bar to run it is usually underneath where it says "Detects and Removes Threats" However, if you look under that, you will see Need help? Click here. Click that link and it will take you to a another page that has the Run ESET Online Scanner bar.
  • 0

#30
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello, it's been 3 days since your last response. Were you able to run the ESET scan successfully? Please let me know, and thanks! :) :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP