Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI MoneyPak/Trojans Zeroaccess.C & Gen.2 [Solved]


  • This topic is locked This topic is locked

#31
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
Norton Reinstall

  • Please uninstall Symantec Endpoint Protection
  • Then install Symantec Endpoint Protection again and tell me if this solved the problem.

  • 0

Advertisements


#32
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
I am sure that it will. I was going to suggest exactly that! :happy:

Will only take me a few minutes.

Thanks.
  • 0

#33
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Well, it didn't fix it, even after the reinstall and a reboot. Oh well. Not a big deal. I can just turn off the alert in Windows Security Center.

How are we looking otherwise?

Thanks.
  • 0

#34
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
Norton Reinstall with a removal tool

First ..

  • Please download AppRemover from here and save it to your Desktop
  • Start the program - a window will open
  • Please check the checkbox called "I agree to the terms and conditions" and click Start
  • After the detecting process is finished a new screen will show up
  • Please check all checkboxes wich are called "Symantec Endpoint Protection" and click Remove Selected Applications
  • Then, when you done that, please click Confirm Product to be removed
  • It will remove your Norton Application

Next ..

  • Install Symantec EndProtection Again

Still problems ?
  • 0

#35
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
Any problems with the instructions above? If yes, just ask! Are you still with me?
  • 0

#36
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#37
CompCav

CompCav

    Member 5k

  • Expert
  • 12,449 posts
Welcome back
  • 0

#38
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Thanks. I will try the removal tool here shortly.
  • 0

#39
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Seems I have picked up something else so I don't want to uninstall Symantec at this time. I have a Connect toolbar and every web page I bring up launches another tab with some search function. I also have a Conduit search engine now listed in Chrome. The computer is extremely slow also. I will try to unistall through Add/Remove but thought I would send this first.
  • 0

#40
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Kind of a mess. Here is a MBAM log. Lots of items. I removed all but as soon as I launched Chrome to send this the Connect toolbar loaded again.

Anyway, here it is:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
banderson :: D94GBLF1 [administrator]

11/26/2013 11:28:49 AM
mbam-log-2013-11-26 (11-28-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285805
Time elapsed: 10 minute(s), 14 second(s)

Memory Processes Detected: 2
C:\Program Files\Higher Aurum\updateHigherAurum.exe (PUP.Optional.Sambreel) -> 2708 -> Delete on reboot.
C:\Program Files\Higher Aurum\bin\utilHigherAurum.exe (PUP.Optional.Sambreel) -> 2912 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 25
HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\CLSID\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCR\CLSID\{E13BF069-886E-416B-B532-6B14242CC508} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCR\TypeLib\{83DC01E1-4880-45F2-BDD9-8A1EF461589D} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCR\Interface\{E120F057-8861-417F-B689-D014B72C3908} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E4607B39-174A-44BA-AB08-8892366ECA13} (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{91FBEA5C-E3C7-42EA-8C2B-B168189AB5BE} (PUP.Optional.SocialPrivacy) -> Quarantined and deleted successfully.
HKCR\CLSID\{908cff42-5519-4914-87c4-40900cead346} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCR\TypeLib\{ea3d5285-85a5-4bcc-a696-d0a67fb47bb6} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCR\Interface\{BCFAB354-64A6-400D-AD1C-8A0F473DFAD2} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{908CFF42-5519-4914-87C4-40900CEAD346} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{908CFF42-5519-4914-87C4-40900CEAD346} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{908CFF42-5519-4914-87C4-40900CEAD346} (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Higher Aurum (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Update Higher Aurum (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\Util Higher Aurum (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
HKCU\Software\ConduitSearchScopes (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deal Slider (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
HKCR\TypeLib\{6A5C71FC-1618-4262-9A8B-D8C50A725B24} (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
HKCR\Interface\{D2AD566E-AC8C-4050-BEBF-1479FD318275} (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Deal Slider-repairJob (PUP.Optional.Dealslider) -> Data: wscript.exe "C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\repair.js" -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Conduit) -> Bad: (http://search.condui...&ctid=CT3306061) Good: (http://www.google.com) -> Quarantined and repaired successfully.

Folders Detected: 32
C:\Program Files\Higher Aurum (PUP.Optional.Sambreel) -> Delete on reboot.
C:\Program Files\Higher Aurum\bin (PUP.Optional.Sambreel) -> Delete on reboot.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061 (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\plugins (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Conduit\IE (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3306061 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\CanvasFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\includes (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\CanvasFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\CanvasFramework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\1.7.0.0 (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.

Files Detected: 225
C:\Program Files\Deal Slider\FrameworkBHO.dll (PUP.Optional.DealSlider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\nsb4E11.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\nsk4E47.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\nsp2726.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\nss4E22.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\nsz4E4F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Temporary Internet Files\Content.IE5\H7TPOROP\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Temporary Internet Files\Content.IE5\H7TPOROP\statisticsstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Temporary Internet Files\Content.IE5\TA4MA2ST\checktbexist[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Temporary Internet Files\Content.IE5\TA4MA2ST\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Temporary Internet Files\Content.IE5\ZARTA73M\Connect_DLC_5[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\HigherAurum.ico (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\HigherAurumBHO.dll (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\HigherAurumUninstall.exe (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\mabgmmogmdmfngphfmkababpdncccicj.crx (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\sqlite3.exe (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\updateHigherAurum.exe (PUP.Optional.Sambreel) -> Delete on reboot.
C:\Program Files\Higher Aurum\updateHigherAurum.InstallState (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Program Files\Higher Aurum\bin\utilHigherAurum.exe (PUP.Optional.Sambreel) -> Delete on reboot.
C:\Program Files\Higher Aurum\bin\utilHigherAurum.InstallState (PUP.Optional.Sambreel) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\CT3306061.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\temp\ct3306061\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\Conduit\IE\CT3306061\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome_installer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome_installer.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\common.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox_installer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\ie_installer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\installer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\projectInstaller.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\repair.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\repairData.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\SoftwareDetector.exe (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\sqlite3.exe (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\Uninstall.exe (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\background.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\extension_info.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\manifest.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\appAPI_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\appAPI_browseraction.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\appAPI_common.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\appAPI_content.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\appAPI_webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\AppFramework\jquery.min.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\CanvasFramework\canvasscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\CanvasFramework\canvas_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\backgroundscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\browser.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\console.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\framework.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\i18n.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\initialize.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\invoke_async.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\io.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\lang.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\legacy.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\message_target.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\messaging.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\storage.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\timer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\userscript_client.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\userscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\utils.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework\xhr.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\browser_button.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\context_menu.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\framework_api.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\notifications.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\options.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\remote_popup_host.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\remote_popup_host.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\framework-ui\ui_base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons\button.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons\icon100.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons\icon128.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons\icon32.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\icons\icon48.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\chrome\includes\content.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\background.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\bootstrap.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\chrome.manifest (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\extension_info.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\install.rdf (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\appAPI_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\appAPI_browseraction.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\appAPI_common.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\appAPI_content.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\appAPI_webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\AppFramework\jquery.min.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\CanvasFramework\canvasscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\CanvasFramework\canvas_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\backgroundscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\browser.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\chrome_windows.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\console.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\content_proxy.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\framework.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\i18n.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\invoke_async.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\io.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\lang.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\legacy.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\md5.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\message_target.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\messaging.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\registry.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\storage.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\timer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\uninstall.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\userscript_client.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\userscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\utils.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework\xhr.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\browser_button.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\contentNotification.tmpl (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\contentNotificationStyle.tmpl (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\content_notifications.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\context_menu.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\framework_api.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\notifications.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\options.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\popup.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\popup_window.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\popup_window.xul (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\ui_base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\bottom-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\bottom-middle.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\bottom-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\middle-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\middle-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\style.css (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\tail-bottom.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\tail-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\tail-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\tail-top.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\top-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\top-middle.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\framework-ui\theme\bubble\top-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons\button.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons\icon100.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons\icon128.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons\icon32.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Documents and Settings\banderson\Local Settings\Application Data\Deal Slider\firefox\icons\icon48.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\background.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\config.xml (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\extension_info.json (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\FrameworkBHO64.dll (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\FrameworkEngine.exe (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icon.ico (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\appAPI_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\appAPI_browseraction.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\appAPI_common.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\appAPI_content.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\appAPI_webrequest.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\AppFramework\jquery.min.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\CanvasFramework\canvasscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\CanvasFramework\canvas_bg.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\backgroundscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\browser.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\console.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\framework.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\global.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\i18n.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\initialize.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\invoke_async.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\io.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\json2.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\lang.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\legacy.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\md5.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\message_target.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\messaging.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\registry.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\storage.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\timer.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\updater.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\userscript_client.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\userscript_engine.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\utils.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework\xhr.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\browser_button.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\context_menu.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\context_menu_item_handler.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\framework_api.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\notification.html (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\notifications.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\options.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\ui_base.js (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\bottom-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\bottom-middle.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\bottom-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\middle-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\middle-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\tail-bottom.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\tail-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\tail-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\tail-top.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\top-left.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\top-middle.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\framework-ui\theme\bubble\top-right.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons\button.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons\icon100.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons\icon128.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons\icon32.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Deal Slider\icons\icon48.png (PUP.Optional.Dealslider) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\products.xml (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\Updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.
C:\Program Files\Bench\Updater\1.7.0.0\Updater.exe (PUP.Optional.AdwarePlugin) -> Quarantined and deleted successfully.

(end)


Thanks. Sorry we seem to have hit a setback.
  • 0

Advertisements


#41
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
Thats really weird. :blink:

OTL Scan

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

      netsvcs
      BASESERVICES
      %SYSTEMDRIVE%\*.exe
      /md5start
      services.*
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      qmgr.dll
      winsock.*
      /md5stop
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT

  • Open Posted Image on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      Posted Image

    • Click the box beside Scan All Users at the top of the console
    • IF you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
    • Make sure the Output box at the top is set to Standard Output.
    • Check the boxes beside LOP Checkand Purity Check.
    • Under Extra Registry please check Use Safe List.
    • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
    • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
    • Let the scan run uninterrupted.
    • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized on the taskbar. These files is also saved in the same location as OTL (it should be on your desktop).
    • Please copy the contents of these files and paste it into your reply. To do that:
    • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list]Please also post the Extras.txt file.
  • 0

#42
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
Again ... Any problems with the instructions above? If you haven't the time to perform the steps please inform me.
  • 0

#43
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Gerrit:

Thanks for the reply. Sorry, I am travelling through Sunday. I talked with the user yesterday and he is still have significant problems. I may be able to get on remotely today or at least guide him through your instructions.

Thanks for your patience. Your help is truly appreciated.
  • 0

#44
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,039 posts
OK
  • 0

#45
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Gerrit:

Back in the saddle. Thanks for your patience. Here is the OTL scan log:

OTL logfile created on: 12/3/2013 2:52:34 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\banderson\Desktop\The Wolf
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.96 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 67.03% Memory free
3.81 Gb Paging File | 3.16 Gb Available in Paging File | 83.12% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.95 Gb Total Space | 25.24 Gb Free Space | 16.94% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 1258.82 Gb Free Space | 90.09% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 86.50 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
Drive H: | 255.99 Gb Total Space | 86.50 Gb Free Space | 33.79% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 152.01 Gb Free Space | 59.38% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 152.01 Gb Free Space | 59.38% Space Free | Partition Type: NTFS

Computer Name: D94GBLF1 | User Name: banderson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/15 14:12:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\banderson\Desktop\The Wolf\OTL.exe
PRC - [2013/04/26 18:03:56 | 000,169,312 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
PRC - [2013/01/29 20:05:44 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe
PRC - [2012/12/07 17:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2012/04/11 15:50:00 | 000,603,536 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK32.EXE
PRC - [2011/06/09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/03/19 21:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 21:29:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/09/08 21:00:14 | 000,033,792 | ---- | M] (Microsoft) -- C:\Program Files\Microsoft Streets & Trips 2013\StreetsOlkShim.exe
PRC - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/10/14 20:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/08/11 13:43:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 19:12:18 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/06/12 16:09:16 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/12 16:09:16 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/12 16:09:14 | 000,408,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2007/06/12 16:09:14 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/23 02:58:04 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
PRC - [2006/07/25 02:01:00 | 000,114,688 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2002/01/09 20:53:14 | 000,200,704 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- C:\Program Files\FinePixViewer\QuickDCF.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/26 18:07:18 | 000,223,592 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\DevConnMon.dll
MOD - [2013/04/26 18:03:56 | 000,169,312 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\HTC Sync\adb.exe
MOD - [2013/04/26 18:03:14 | 000,080,248 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NInstallerHelper.dll
MOD - [2013/04/26 18:02:50 | 000,044,392 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NAdvLog.dll
MOD - [2013/04/26 18:02:42 | 000,036,216 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\NFileCacheDBAccess.dll
MOD - [2013/04/26 18:02:32 | 000,607,376 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\sqlite3.dll
MOD - [2013/04/26 18:01:58 | 000,030,056 | ---- | M] () -- C:\Program Files\HTC\HTC Sync Manager\DbAccess.dll
MOD - [2012/12/07 17:27:50 | 000,167,424 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2012/02/20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Miller Direct Connect\4072598\Program\IgniteService.exe -- (IgniteService)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/02 15:12:44 | 000,418,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe -- (Level Quality Watcher)
SRV - [2013/01/29 20:05:44 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
SRV - [2012/12/07 17:27:50 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/03/19 21:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 21:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 21:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 21:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/09/08 16:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2008/08/11 13:43:23 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/10/03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/06/12 16:09:16 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2007/06/12 16:09:16 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2007/06/12 16:09:14 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007/01/23 02:58:04 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\MRVW245.sys -- (MRVW245)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\combofix\catchme.sys -- (catchme)
DRV - [2013/11/21 02:11:49 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/21 02:11:49 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/20 15:29:15 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20131203.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/11/20 15:29:15 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20131203.002\NAVENG.SYS -- (NAVENG)
DRV - [2013/11/20 15:21:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/12/20 10:23:50 | 000,006,656 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - [2012/12/07 17:27:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2011/03/19 21:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 21:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 21:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 21:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 21:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/03/19 21:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/03/19 21:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/06/10 02:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2008/08/11 14:41:21 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/06/12 16:05:50 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2006/03/17 17:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2000/03/29 16:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D 55 56 CD F2 EA CE 01 [binary data]
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files\Common Files\doubleTwist\NPPodcast.dll (doubleTwist Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Photosynth,version=2.0: C:\Program Files\Photosynth\npPhotosynthMozilla.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\banderson\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\banderson\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\banderson\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)


[2013/11/17 12:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\banderson\Application Data\Mozilla\Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.condui...6852062919&UM=2
CHR - Extension: Connect DLC 5 = C:\Documents and Settings\banderson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\
CHR - Extension: Connect DLC 5 = C:\Documents and Settings\banderson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil\10.22.5.510_0\nativeMessaging\nmHost
CHR - Extension: Google Wallet = C:\Documents and Settings\banderson\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1\

O1 HOSTS File: ([2010/01/13 17:39:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PodcastBHO Class) - {65134FDF-F8A5-4B3D-91D9-CDF273CFD578} - C:\Program Files\Common Files\doubleTwist\IEPodcastPlugin.dll (doubleTwist Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145..\Run: [ConduitFloatingPlugin_lipgolpfajiadodbcbljdpmbmbdmfcil] "C:\WINDOWS\system32\Rundll32.exe" "C:\DOCUME~1\BANDER~1\LOCALS~1\Temp\CT3306061\plugins\TBVerifier.dll",RunConduitFloatingPlugin lipgolpfajiadodbcbljdpmbmbdmfcil File not found
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145..\Run: [TBHostSupport] C:\Documents and Settings\banderson\Local Settings\Application Data\TBHostSupport\TBHostSupport.dll (Conduit Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75DEF1AA-8B04-4ABD-992C-640959AFDD17}: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-18 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-19 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-20 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-962395197-4016970835-1205081151-1145 Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\banderson\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 10:12:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/11/26 11:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Local Settings\Application Data\TBHostSupport
[2013/11/25 16:46:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Application Data\{E4607B39-174A-44BA-AB08-8892366ECA13}
[2013/11/25 13:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Local Settings\Application Data\BenchUpdater
[2013/11/25 13:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bench
[2013/11/25 13:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Level Quality Watcher
[2013/11/25 13:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\outobox
[2013/11/25 13:25:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2013/11/25 13:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Local Settings\Application Data\NativeMessaging
[2013/11/25 13:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Local Settings\Application Data\CRE
[2013/11/25 13:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2013/11/25 13:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Local Settings\Application Data\Conduit
[2013/11/22 10:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Desktop\The Wolf
[2013/11/20 15:21:47 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/11/20 15:21:47 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2013/11/20 15:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Endpoint Protection
[2013/11/18 12:08:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/18 12:08:01 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/11/18 12:08:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/11/17 12:39:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/17 12:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/11/17 12:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/11/14 11:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\My Documents\Downloads
[2013/11/13 14:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\banderson\Application Data\Mozilla
[2013/11/12 11:59:39 | 000,000,000 | ---D | C] -- C:\FRST
[2013/09/30 06:22:22 | 095,405,392 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe
[2008/12/18 14:25:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\banderson\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2013/12/03 14:49:00 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-962395197-4016970835-1205081151-1145UA.job
[2013/12/03 14:10:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/03 14:04:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\bench-sys.job
[2013/12/03 13:04:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\bench-S-1-5-21-962395197-4016970835-1205081151-1145.job
[2013/12/03 13:01:02 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/12/03 11:40:13 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013/12/03 11:29:09 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\Microsoft Office Word 2007.lnk
[2013/12/03 09:04:43 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\Microsoft Office Excel 2007.lnk
[2013/12/03 07:34:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/03 07:34:09 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 07:29:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/02 05:49:00 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-962395197-4016970835-1205081151-1145Core.job
[2013/11/25 16:47:15 | 000,000,352 | ---- | M] () -- C:\Documents and Settings\banderson\Application Data\Microsoft\Internet Explorer\Quick Launch\www.google.com.lnk
[2013/11/25 13:26:15 | 000,000,009 | ---- | M] () -- C:\END
[2013/11/20 15:21:59 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2013/11/20 15:21:59 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2013/11/20 15:21:59 | 000,007,456 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/11/20 15:21:59 | 000,000,806 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/11/18 08:06:01 | 001,614,788 | ---- | M] () -- C:\WINDOWS\System32\REPORT.PDF
[2013/11/17 12:36:20 | 000,003,190 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\PolicyAgent.reg
[2013/11/17 02:50:36 | 000,002,334 | ---- | M] () -- C:\Documents and Settings\banderson\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/17 02:50:36 | 000,002,316 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\Google Chrome.lnk
[2013/11/15 14:09:15 | 000,518,290 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/15 14:09:15 | 000,092,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/14 03:07:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/14 03:06:31 | 002,002,379 | ---- | M] () -- C:\WINDOWS\iis6.BAK
[2013/11/04 09:03:09 | 000,688,465 | ---- | M] () -- C:\Documents and Settings\banderson\Desktop\Kitchen and Beer Lounge.pdf

========== Files Created - No Company Name ==========

[2013/11/25 13:46:39 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\bench-sys.job
[2013/11/25 13:46:39 | 000,000,340 | ---- | C] () -- C:\WINDOWS\tasks\bench-S-1-5-21-962395197-4016970835-1205081151-1145.job
[2013/11/25 13:23:28 | 000,000,009 | ---- | C] () -- C:\END
[2013/11/20 15:21:47 | 000,007,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2013/11/20 15:21:47 | 000,000,806 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2013/11/17 12:36:37 | 000,003,190 | ---- | C] () -- C:\Documents and Settings\banderson\Desktop\PolicyAgent.reg
[2013/11/04 09:03:09 | 000,688,465 | ---- | C] () -- C:\Documents and Settings\banderson\Desktop\Kitchen and Beer Lounge.pdf
[2012/07/27 09:32:08 | 054,695,824 | ---- | C] () -- C:\Program Files\winzip165.exe
[2012/03/26 13:36:31 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2012/03/13 13:06:30 | 004,417,024 | ---- | C] () -- C:\WINDOWS\System32\ffmpeg.dll
[2012/03/10 08:55:16 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libbluray.dll
[2012/03/10 08:55:10 | 006,454,984 | ---- | C] () -- C:\WINDOWS\System32\avcodec-lav-54.dll
[2012/03/10 08:55:10 | 001,146,161 | ---- | C] () -- C:\WINDOWS\System32\avformat-lav-54.dll
[2012/03/10 08:55:10 | 000,371,592 | ---- | C] () -- C:\WINDOWS\System32\swscale-lav-2.dll
[2012/03/10 08:55:10 | 000,206,473 | ---- | C] () -- C:\WINDOWS\System32\avutil-lav-51.dll
[2012/03/10 08:55:10 | 000,142,473 | ---- | C] () -- C:\WINDOWS\System32\avfilter-lav-2.dll
[2012/02/26 11:47:02 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/26 11:46:18 | 000,260,608 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2012/02/26 11:46:00 | 000,158,720 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2012/02/26 11:46:00 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2012/02/26 11:45:58 | 001,525,248 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2012/02/26 11:45:58 | 000,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2012/02/26 11:45:56 | 000,212,480 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2012/02/26 11:45:56 | 000,115,200 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2012/02/26 11:45:54 | 000,328,704 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2012/02/26 11:45:54 | 000,137,728 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2012/02/15 02:19:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/12 09:35:49 | 000,311,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/12/07 14:32:24 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\Lagarith.dll
[2011/11/29 10:11:22 | 000,471,829 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-962395197-4016970835-1205081151-1145-0.dat
[2011/01/17 07:05:16 | 000,000,256 | ---- | C] () -- C:\Documents and Settings\banderson\pool.bin
[2009/02/19 11:20:58 | 000,060,864 | ---- | C] () -- C:\Documents and Settings\banderson\g2mdlhlpx.exe
[2008/12/18 14:25:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\banderson\Application Data\pcouffin.cat
[2008/12/18 14:25:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\banderson\Application Data\pcouffin.inf
[2008/11/19 08:32:20 | 000,120,320 | ---- | C] () -- C:\Documents and Settings\banderson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/11 11:59:47 | 000,011,062 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2008/12/03 10:12:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %SystemRoot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %SystemRoot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/11 13:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\HotSync
[2011/05/11 13:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Research In Motion
[2011/05/11 13:55:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator\Application Data\Windows Search
[2013/09/30 06:30:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2008/12/05 09:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/01/13 21:59:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4B4E3FE1
[2013/11/26 11:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Conduit
[2008/09/10 12:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DataViz
[2012/03/26 12:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dvdfab
[2008/08/11 14:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2013/05/06 09:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HTC
[2013/05/06 09:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2011/04/20 08:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyHeritage
[2012/03/26 13:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2010/11/08 08:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Socusoft
[2013/01/15 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/10 08:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2012/07/30 07:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/04/27 09:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/23 07:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/28 15:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/09/11 14:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\BroadSoft
[2010/10/26 16:20:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Canon
[2012/08/03 14:21:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\DocumentsToGoDesktop
[2013/09/26 07:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Dropbox
[2012/03/26 13:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\DVDFab
[2008/08/18 08:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\FUJIFILM
[2013/01/22 11:56:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\GARMIN
[2011/12/21 14:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\HandBrake
[2008/08/11 14:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\HotSync
[2013/05/06 09:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\HTC
[2013/05/06 09:25:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\HTC Sync
[2008/08/28 12:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\ICAClient
[2008/08/11 14:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Leadertech
[2009/07/13 12:21:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\MoveFab
[2011/04/20 08:48:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\MyHeritage
[2011/12/09 09:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\OnLive App
[2013/08/26 12:44:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Outlook
[2011/09/14 15:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Vso
[2012/12/17 13:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\webex
[2008/08/11 13:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Windows Desktop Search
[2008/09/04 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\Windows Search
[2011/07/29 11:48:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\YouSendIt
[2013/11/26 11:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\banderson\Application Data\{E4607B39-174A-44BA-AB08-8892366ECA13}

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/13 19:12:12 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/13 19:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/13 19:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/13 19:11:51 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/13 19:11:52 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/13 19:12:08 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/13 19:12:22 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/13 19:11:52 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/13 19:12:17 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/13 19:12:17 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/13 19:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/13 19:12:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/13 19:12:03 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/13 19:12:02 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/13 19:12:05 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/13 19:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/13 19:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (lanmanserver)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/13 19:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/13 19:12:05 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/13 19:11:56 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/13 19:12:07 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/13 19:12:07 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/13 19:12:38 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/13 19:11:50 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/13 19:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/13 19:12:08 | 000,333,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/13 19:12:28 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/13 19:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/13 19:11:52 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/13 19:12:11 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: QMGR.DLL >
[2004/08/04 05:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ERDNT\cache\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 19:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2004/08/04 05:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SERVICES.LNK >
[2011/01/24 10:08:18 | 000,001,602 | ---- | M] () MD5=B0F4A8FE249A090D7EB6C89D9715B1C6 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 05:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.ZIP >
[2012/07/07 22:31:41 | 000,876,996 | ---- | M] () MD5=CAC0A919FE55CAAFFAC56BAEFC037444 -- C:\Documents and Settings\banderson\Desktop\The Wolf\CC Support\Tools\ServicesRepair\Temp\Services.zip

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2004/08/04 05:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is D828-4673
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013 02:23 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013 02:22 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/10/2013 02:18 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler
10/10/2013 02:06 AM <JUNCTION> v4.0_4.0.0.0__31bf3856ad364e35
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
4 Dir(s) 27,100,028,928 bytes free

< End of report >

Extras.txt did not come up.

Thanks!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP