Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PUP.Optional-Installlq [Solved]


  • This topic is locked This topic is locked

#1
DianneH2014

DianneH2014

    Member

  • Member
  • PipPip
  • 40 posts
Thank you ahead of time for any help you can provide.

My computer had been running slow for a while. Dell i570 Windows 7 Home Premium Desktop.

When I would try to update Microsoft Security Essentials (turn on Real Time Protection it was a hit and miss. It would take me several tries to get it to turn on after turning the computer on and off a few times.

About two weeks ago, after having been on our banking site, we got a call from our bank (legitimate call) saying our password had been changed on the online banking site. Not by us! So we changed it.

Firefox continually acts up. It goes to white screens and then comes back on again.

The computer runs extremely slow for a newer model.

After mentioning these things to my dad, I downloaded Super Antivirus Spyware. It found several items so I quarantined/deleted them.

Then, because it was still running slow, I purchased Malware Bytes today. I ran the program and it said the PUP.Optional-Installlq file had been found but it appeared to be in the Recycle Bin. So, I deleted it via the program before I shut it.

I logged out and tried to log back in. Got to the password access code, entered it and then.....NOTHING. Black screen. I could still see the arrow from the mouse but that is it. I am in safe mode with networking right now.

I went to the Dell website but running another program to see if there was any Malicious Software did absolutely nothing because it found nothing.

I do have files backed up by Carbonite and I don't think they back up .exe files as far as I know.

I normally use Firefox and never use Internet Explorer. I am on Chrome at the moment.

Help.

P.S. I had an afterthought... Maybe I did something wrong when I installed and ran Malware Bytes today? I didn't turn anything off, rename the file, etc. before I ran it.

Just a thought. But, that being said, this computer has been acting strange for a while now.

I also see MountPoints2 down in the log file. Is that an infectious file?

------------------------------

OTL logfile created on: 12/3/2013 15:16:57 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DIANNE\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 55.19% Memory free
7.50 Gb Paging File | 5.93 Gb Available in Paging File | 79.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.91 Gb Total Space | 370.08 Gb Free Space | 81.89% Space Free | Partition Type: NTFS

Computer Name: DH-INC | User Name: DIANNE | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DIANNE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libGLESv2.dll ()
MOD - C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libEGL.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (CarboniteService) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (Carbonite, Inc. (www.carbonite.com))
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HP DS Service) -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe (Hewlett-Packard Company)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (dlcj_device) -- C:\Windows\SysWOW64\dlcjcoms.exe ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.altavista.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: pinterest%40robertnyman.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/12 07:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Extensions
[2013/10/16 10:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions
[2013/08/21 10:01:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/10/16 10:39:54 | 000,018,590 | ---- | M] () (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions\[email protected]
[2011/09/30 12:02:28 | 000,001,228 | ---- | M] () -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\searchplugins\altavista.xml
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 12:03:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001..\Run: [DellSystemDetect] C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: localhost ([]* in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2170CDB6-5612-4790-ADAD-F6C38FF6A053}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell - "" = AutoRun
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/03 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/03 12:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/12/03 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\Malwarebytes
[2013/12/03 10:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/03 10:30:05 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Local\Programs
[2013/11/20 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2013/11/20 14:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2013/11/20 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 15:14:03 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\Documents\Freelance Ghostwring
[2013/11/14 11:59:40 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\MarketSamurai
[2013/11/13 10:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/13 09:55:51 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/13 09:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/13 09:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/13 09:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/10 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\Documents\Amazon
[2013/11/06 12:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/06 10:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/11/04 15:18:12 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XHeader
[2013/11/04 15:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XHeader
[2013/11/04 15:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Thraex Software
[2013/11/04 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Local\xheader-data
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DIANNE\*.tmp files -> C:\Users\DIANNE\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/03 12:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/03 12:10:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/03 12:10:13 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 12:08:31 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/03 12:00:01 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/12/03 11:55:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/03 11:41:43 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/11/24 18:26:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/24 18:26:16 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/21 15:07:17 | 000,000,019 | ---- | M] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
[2013/11/20 17:54:06 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/11/20 14:53:07 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2013/11/13 11:16:50 | 000,002,281 | ---- | M] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/13 10:06:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/13 09:55:39 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/12 15:20:20 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:20:20 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:20:20 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 12:45:44 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/04 15:18:13 | 000,742,437 | ---- | M] () -- C:\Windows\XHeader Uninstaller.exe
[2013/11/04 15:18:12 | 000,000,993 | ---- | M] () -- C:\Users\DIANNE\Desktop\XHeader.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DIANNE\*.tmp files -> C:\Users\DIANNE\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/21 15:07:17 | 000,000,019 | ---- | C] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
[2013/11/20 17:54:06 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/11/20 14:53:07 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2013/11/20 14:53:07 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2013/11/13 10:01:50 | 000,002,281 | ---- | C] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/13 09:55:39 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/06 12:45:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 12:45:44 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/04 15:18:12 | 000,742,437 | ---- | C] () -- C:\Windows\XHeader Uninstaller.exe
[2013/11/04 15:18:12 | 000,000,993 | ---- | C] () -- C:\Users\DIANNE\Desktop\XHeader.lnk
[2013/02/15 09:26:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/02 19:16:40 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\FileZilla
[2011/09/11 09:31:21 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\Fingertapps
[2011/09/10 19:58:19 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\Leadertech
[2013/11/14 11:59:40 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\MarketSamurai
[2011/09/23 08:56:02 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2011/09/13 08:06:52 | 000,000,000 | ---D | M] -- C:\Users\DIANNE\AppData\Roaming\PCDr

========== Purity Check ==========



< End of report >

Attached Files

  • Attached File  OTL.Txt   65.78KB   151 downloads

Edited by DianneH2014, 03 December 2013 - 04:23 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Next:

All you mentioned is acknowledged...Anyway lets check if the following will reveal anything further as follows...

Scan with Farbar Recovery Scan Tool:

Please download and save the Farbar Recovery Scan Tool 64-Bit to a Flash/USB drive.

Then insert the Flash/USB drive into your machine....

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:


Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter[/list] Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click on Yes at the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste the contents of the aforementioned notepad file in your next reply.

  • 0

#3
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hello Dakeyrus,

Thanks so much for your help.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 02
Ran by SYSTEM on MININT-059MLT7 on 04-12-2013 06:41:15
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [StatusAlerts] - C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [309120 2012-02-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)
HKU\DIANNE\...\Run: [DellSystemDetect] - C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms [370 2013-12-03] ()
HKU\DIANNE\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe [829832 2013-10-08] (Adobe Systems Incorporated)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S4 dlcj_device; C:\Windows\SysWOW64\dlcjcoms.exe [491520 2005-07-12] ()
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 06:41 - 2013-12-04 06:41 - 00000000 ____D C:\FRST
2013-12-03 14:13 - 2013-12-03 14:31 - 00067360 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-03 14:13 - 2013-12-03 14:13 - 00086948 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-03 14:12 - 2013-12-03 14:12 - 00086948 _____ C:\Users\DIANNE\Downloads\Extras.Txt
2013-12-03 14:11 - 2013-12-03 14:18 - 00067360 _____ C:\Users\DIANNE\Downloads\OTL.Txt
2013-12-03 14:08 - 2013-12-03 14:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Downloads\OTL.exe
2013-12-03 12:47 - 2013-12-03 12:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 11:28 - 2013-12-03 11:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 09:29 - 2013-12-03 09:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\ProgramData\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 16:54 - 2013-11-20 16:54 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-11-20 16:54 - 2013-11-20 16:54 - 00002134 _____ C:\ProgramData\Desktop\Carbonite InfoCenter.lnk
2013-11-20 16:53 - 2013-12-03 10:40 - 00011395 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-11-20 16:53 - 2013-12-03 10:40 - 00011395 _____ C:\ProgramData\Desktop\Carbonite Setup.log
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\ProgramData\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 14:14 - 2013-11-15 13:58 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 10:59 - 2013-11-14 10:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 10:54 - 2013-11-14 10:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 09:09 - 2013-10-12 02:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 09:09 - 2013-10-12 02:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 09:09 - 2013-10-12 02:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 09:09 - 2013-10-12 02:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-11-13 09:09 - 2013-10-12 02:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-11-13 09:09 - 2013-10-12 01:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 09:09 - 2013-10-12 01:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 09:09 - 2013-10-12 01:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 09:09 - 2013-10-12 00:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-11-13 09:09 - 2013-10-12 00:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 09:09 - 2013-10-11 23:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-11-13 09:09 - 2013-10-11 23:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 09:08 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-11-13 09:08 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-13 09:08 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-13 09:08 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-11-13 09:08 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-11-13 09:08 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-11-13 09:08 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-11-13 09:08 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2013-11-13 09:08 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-11-13 09:08 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-11-13 09:08 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-11-13 09:08 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-11-13 09:08 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-13 09:08 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-11-13 09:08 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2013-11-13 09:08 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-11-13 09:08 - 2013-10-01 14:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-11-13 09:08 - 2013-10-01 14:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 08:52 - 2013-09-24 20:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2013-11-13 08:52 - 2013-09-24 19:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2013-11-13 08:51 - 2013-10-05 14:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 08:51 - 2013-10-05 13:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 08:50 - 2013-10-03 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 08:50 - 2013-10-03 20:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 08:50 - 2013-10-03 20:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 08:50 - 2013-10-03 19:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 08:50 - 2013-10-03 19:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 08:50 - 2013-10-03 19:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 08:50 - 2013-09-24 20:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 08:50 - 2013-09-24 20:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 08:50 - 2013-09-24 20:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 08:50 - 2013-09-24 20:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 08:50 - 2013-09-24 20:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 08:50 - 2013-09-24 20:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 08:50 - 2013-09-24 20:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 08:50 - 2013-09-24 20:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 08:50 - 2013-09-24 19:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 08:50 - 2013-09-24 19:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 08:50 - 2013-09-24 19:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 08:50 - 2013-09-24 19:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 08:50 - 2013-09-24 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 08:50 - 2013-07-04 06:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-11-13 08:49 - 2013-09-27 19:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 08:47 - 2013-10-11 20:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 08:47 - 2013-10-11 20:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 08:47 - 2013-10-11 20:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 08:47 - 2013-10-11 20:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 08:47 - 2013-10-11 20:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 08:46 - 2013-10-02 20:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 08:46 - 2013-10-02 20:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 08:45 - 2013-11-13 08:47 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-10 09:52 - 2013-11-10 09:54 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 08:07 - 2013-11-09 08:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 15:35 - 2013-11-08 15:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-11-06 10:48 - 2013-09-04 06:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2013-11-06 10:48 - 2013-09-04 06:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2013-11-06 09:24 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-11-04 14:18 - 2013-11-04 14:18 - 00742437 _____ C:\Windows\XHeader Uninstaller.exe
2013-11-04 14:18 - 2013-11-04 14:18 - 00000993 _____ C:\Users\DIANNE\Desktop\XHeader.lnk
2013-11-04 14:16 - 2013-11-04 14:16 - 00000000 ____D C:\Program Files (x86)\XHeader
2013-11-04 14:12 - 2013-11-04 14:15 - 464225800 _____ C:\Users\DIANNE\Downloads\xheaderprosetup1215.exe
2013-11-04 13:56 - 2013-11-06 11:20 - 00000000 ____D C:\Users\DIANNE\AppData\Local\xheader-data

==================== One Month Modified Files and Folders =======

2013-12-04 06:41 - 2013-12-04 06:41 - 00000000 ____D C:\FRST
2013-12-03 23:49 - 2009-07-13 23:10 - 01268611 _____ C:\Windows\WindowsUpdate.log
2013-12-03 14:31 - 2013-12-03 14:13 - 00067360 _____ C:\Users\DIANNE\Desktop\OTL.Txt
2013-12-03 14:18 - 2013-12-03 14:11 - 00067360 _____ C:\Users\DIANNE\Downloads\OTL.Txt
2013-12-03 14:13 - 2013-12-03 14:13 - 00086948 _____ C:\Users\DIANNE\Desktop\Extras.Txt
2013-12-03 14:12 - 2013-12-03 14:12 - 00086948 _____ C:\Users\DIANNE\Downloads\Extras.Txt
2013-12-03 14:08 - 2013-12-03 14:08 - 00602112 _____ (OldTimer Tools) C:\Users\DIANNE\Downloads\OTL.exe
2013-12-03 12:47 - 2013-12-03 12:47 - 22791896 _____ (Microsoft Corporation) C:\Users\DIANNE\Downloads\Windows-KB890830-x64-V5.6.exe
2013-12-03 11:43 - 2013-02-26 08:59 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 11:42 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 11:42 - 2009-07-13 22:51 - 00028481 _____ C:\Windows\setupact.log
2013-12-03 11:29 - 2011-10-03 16:02 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Deployment
2013-12-03 11:28 - 2013-12-03 11:28 - 00010595 _____ C:\Users\DIANNE\Downloads\dellsystemdetect.application
2013-12-03 11:08 - 2012-04-05 09:07 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 11:00 - 2011-12-26 10:56 - 00000506 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2013-12-03 10:55 - 2013-02-26 08:59 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 10:41 - 2012-05-03 12:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-03 10:41 - 2011-12-26 10:56 - 00000564 _____ C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2013-12-03 10:41 - 2011-05-06 02:06 - 00094430 _____ C:\Windows\PFRO.log
2013-12-03 10:40 - 2013-11-20 16:53 - 00011395 _____ C:\Users\Public\Desktop\Carbonite Setup.log
2013-12-03 10:40 - 2013-11-20 16:53 - 00011395 _____ C:\ProgramData\Desktop\Carbonite Setup.log
2013-12-03 10:38 - 2013-10-15 08:41 - 00000000 ____D C:\Users\DIANNE\Documents\Personal
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Malwarebytes
2013-12-03 09:30 - 2013-12-03 09:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 09:29 - 2013-12-03 09:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\DIANNE\Downloads\mbam-consumer.exe
2013-12-02 11:00 - 2011-12-26 10:56 - 00003530 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-12-02 11:00 - 2011-12-26 10:56 - 00003488 _____ C:\Windows\System32\Tasks\PCDEventLauncher
2013-11-29 23:00 - 2011-12-26 10:56 - 00004266 _____ C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2013-11-29 09:50 - 2013-02-26 08:59 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-29 09:50 - 2013-02-26 08:59 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-24 17:26 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 17:26 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-23 09:57 - 2013-10-09 08:22 - 00000000 ____D C:\Users\DIANNE\Documents\PreppersParadice
2013-11-22 11:09 - 2013-10-28 08:45 - 00000000 ____D C:\Users\DIANNE\Documents\eLance
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-21 14:07 - 2013-11-21 14:07 - 00000019 _____ C:\ProgramData\Documents\CTDChannels_Version.cd27244d.cdf
2013-11-20 16:54 - 2013-11-20 16:54 - 00002134 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2013-11-20 16:54 - 2013-11-20 16:54 - 00002134 _____ C:\ProgramData\Desktop\Carbonite InfoCenter.lnk
2013-11-20 16:54 - 2013-02-25 12:59 - 00004142 _____ C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2013-11-20 16:01 - 2011-09-12 11:58 - 00000000 ____D C:\Users\DIANNE\Documents\Market Samurai
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\Users\Public\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000933 _____ C:\ProgramData\Desktop\Market Samurai.lnk
2013-11-20 13:53 - 2013-11-20 13:53 - 00000000 ____D C:\Program Files (x86)\Market Samurai
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-20 11:03 - 2013-11-06 09:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-11-19 09:50 - 2013-10-09 07:42 - 00000000 ____D C:\Users\DIANNE\Documents\Affiliate Sites
2013-11-19 04:21 - 2011-10-04 14:16 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-15 14:02 - 2011-09-12 12:12 - 00000000 ____D C:\Users\DIANNE\Documents\Tiffany Dow
2013-11-15 13:58 - 2013-11-14 14:14 - 00000000 ____D C:\Users\DIANNE\Documents\Freelance Ghostwring
2013-11-14 10:59 - 2013-11-14 10:59 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\MarketSamurai
2013-11-14 10:54 - 2013-11-14 10:54 - 03685385 _____ C:\Users\DIANNE\Downloads\MarketSamurai.0.92.95.air
2013-11-13 13:04 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 09:10 - 2011-09-11 12:48 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 09:06 - 2012-07-06 13:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-11-13 09:06 - 2011-10-04 14:15 - 00001945 _____ C:\Windows\epplauncher.mif
2013-11-13 09:06 - 2011-10-04 14:14 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-11-13 09:03 - 2013-02-26 08:59 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Google
2013-11-13 09:03 - 2013-02-26 08:59 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-13 09:02 - 2013-07-23 10:13 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00001770 _____ C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-13 08:55 - 2013-11-13 08:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-13 08:48 - 2013-11-01 12:36 - 00000000 ____D C:\Users\DIANNE\Documents\Copywriting
2013-11-13 08:47 - 2013-11-13 08:45 - 28455920 _____ (SUPERAntiSpyware) C:\Users\DIANNE\Downloads\SUPERAntiSpyware.exe
2013-11-12 15:25 - 2011-05-06 00:17 - 00000000 ____D C:\ProgramData\Adobe
2013-11-12 14:20 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-10 09:54 - 2013-11-10 09:52 - 00000000 ____D C:\Users\DIANNE\Documents\Amazon
2013-11-09 08:07 - 2013-11-09 08:07 - 01065431 _____ C:\Users\DIANNE\Downloads\simple-press.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226211 _____ C:\Users\DIANNE\Downloads\stacked.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00226190 _____ C:\Users\DIANNE\Downloads\default.zip
2013-11-09 08:07 - 2013-11-09 08:07 - 00216013 _____ C:\Users\DIANNE\Downloads\iForum.zip
2013-11-08 15:35 - 2013-11-08 15:35 - 18080872 _____ (Adobe Systems Inc.) C:\Users\DIANNE\Downloads\AdobeAIRInstaller.exe
2013-11-07 15:00 - 2011-09-12 06:32 - 82896128 ____N (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-07 14:28 - 2011-09-10 18:58 - 00000000 ____D C:\Users\DIANNE\AppData\Roaming\Adobe
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2013-11-06 11:45 - 00002021 _____ C:\ProgramData\Desktop\Adobe Reader XI.lnk
2013-11-06 11:45 - 2011-09-12 07:12 - 00000000 ____D C:\Users\DIANNE\AppData\Local\Adobe
2013-11-06 11:45 - 2011-05-06 00:17 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-06 11:20 - 2013-11-04 13:56 - 00000000 ____D C:\Users\DIANNE\AppData\Local\xheader-data
2013-11-04 14:25 - 2013-11-02 11:29 - 00000000 ____D C:\Users\DIANNE\Documents\Perry Belcher Job
2013-11-04 14:18 - 2013-11-04 14:18 - 00742437 _____ C:\Windows\XHeader Uninstaller.exe
2013-11-04 14:18 - 2013-11-04 14:18 - 00000993 _____ C:\Users\DIANNE\Desktop\XHeader.lnk
2013-11-04 14:16 - 2013-11-04 14:16 - 00000000 ____D C:\Program Files (x86)\XHeader
2013-11-04 14:15 - 2013-11-04 14:12 - 464225800 _____ C:\Users\DIANNE\Downloads\xheaderprosetup1215.exe

Some content of TEMP:
====================
C:\Users\DIANNE\AppData\Local\Temp\AutoRun.exe
C:\Users\DIANNE\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-952adaa.exe
C:\Users\DIANNE\AppData\Local\Temp\mpam-df887640.exe
C:\Users\DIANNE\AppData\Local\Temp\MSNAB1F.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00000.exe
C:\Users\DIANNE\AppData\Local\Temp\ose00001.exe
C:\Users\DIANNE\AppData\Local\Temp\SkypeSetup.exe
C:\Users\DIANNE\AppData\Local\Temp\vcredist_x86.exe
C:\Users\DIANNE\AppData\Local\Temp\WDAutoUpdate.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

19
Restore point made on: 2013-11-13 08:54:06
Restore point made on: 2013-11-13 13:33:04
Restore point made on: 2013-11-13 13:34:56
Restore point made on: 2013-11-16 11:49:09
Restore point made on: 2013-11-16 19:10:19
Restore point made on: 2013-11-17 13:32:06
Restore point made on: 2013-11-19 23:22:59
Restore point made on: 2013-11-20 13:31:56
Restore point made on: 2013-11-20 13:36:05
Restore point made on: 2013-11-22 23:57:02
Restore point made on: 2013-11-23 13:32:59
Restore point made on: 2013-11-23 13:33:02
Restore point made on: 2013-11-23 13:39:04
Restore point made on: 2013-11-26 23:13:59
Restore point made on: 2013-11-27 13:32:57
Restore point made on: 2013-11-27 13:33:06
Restore point made on: 2013-11-30 04:07:48
Restore point made on: 2013-11-30 14:59:02
Restore point made on: 2013-12-02 13:32:50

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3838.98 MB
Available physical RAM: 3248.55 MB
Total Pagefile: 3837.13 MB
Available Pagefile: 3240.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.91 GB) (Free:370 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.81 GB) (Free:5.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: () (Removable) (Total:7.45 GB) (Free:7.42 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 70A43E7E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-11-29 23:15

==================== End Of Log ============================

Edited by DianneH2014, 04 December 2013 - 03:20 PM.

  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Thanks so much for your help

You're welcome!

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save it to your flash drive.



  • Now please enter System Recovery Options on the infected machine again and then select Command Prompt.
  • Run FRST64 again as outlined in my prior post and then press the Fix button just once and wait.
  • The tool will make a log on the flash-drive (Fixlog.txt). Please copy and paste the contents of the aforementioned notepad file into your next reply
  • Reboot the machine back into Normal Mode.
Note: This above custom script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Next:

Let myself know when completed the above, post the requested Fix Log and if your machine is now able to boot up into Normal Mode. We will then go from there, thank you.
  • 0

#5
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Hello,

I was able to start in Normal Mode. :thumbsup:

Here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2013 02
Ran by SYSTEM at 2013-12-05 03:47:29 Run:1
Running from I:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
Start
LastRegBack: 2013-11-29 23:15
End
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

After this is over, can you please tell me what was wrong or what had infected my machine?

Thanks so much!

Dianne
  • 0

#6
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

I was able to start in Normal Mode. :thumbsup:

Good.

After this is over, can you please tell me what was wrong or what had infected my machine?

I will indeed endeavour to do so, for now could you check for myself please if the logs are still available from both the Malwarebytes Anti-Malware and SUPERAntiSpyware scans you mentioned prior. If so please post the contents...

If in the event they are not, no worries, merely let me know and we will then go from there.
  • 0

#7
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Here is the only log I have from the AntiSpyware program. It is dated 11/20/13.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/20/2013 at 10:26 AM

Application Version : 5.6.1042

Core Rules Database Version : 10897
Trace Rules Database Version: 8709

Scan type : Quick Scan
Total Scan Time : 00:04:10

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 439
Memory threats detected : 0
Registry items scanned : 59955
Registry threats detected : 0
File items scanned : 11334
File threats detected : 54

Adware.Tracking Cookie
accounts.google.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.atdmt.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.specificclick.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.clickbooth.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
track.adform.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.revsci.net [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
stats.adotube.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.tribalfusion.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.legolas-media.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
count.carrierzone.com [ C:\USERS\DIANNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MAQ970WP.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.amazon-adsystem.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.burstnet.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.insightexpressai.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.c.atdmt.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.a1.interclick.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mlbam.112.2o7.net [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.serving-sys.com [ C:\USERS\DIANNE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

I can not open the Malware log. Every time I click on it, it tries to open in Adobe as a PDF file. I can't right click on it or copy the link either....suggestions?
  • 0

#8
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Here is the only log I have from the AntiSpyware program. It is dated 11/20/13.

OK, might as well uninstall SUPERAntiSpyware as it is not a particularly effective application in my humble opinion nor is it something I recommend or use. Your call though if you wish to keep it installed.

I can not open the Malware log. Every time I click on it, it tries to open in Adobe as a PDF file. I can't right click on it or copy the link either....suggestions?

Leave for the time being then and during the continued malware removal process that should be rectified.

Download/run Rkill:

Please download Rkill from one of the following links and save to your desktop(If one fails to work delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double click on Rkill.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
Re-can with OTL:

OTL was in your downloads folder, if it is still there please move it to the desktop...

In the event it is no longer present, re-download OTL and save it to your desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Standard Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these two Notepad files in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Rkill Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#9
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
The computer appears to be running normally. I don't see any problems at this point.

I have only just begun to try and use it again and have only been in my gmail and yahoo mail accounts.

I brought up Firefox and it appears to have loaded rather quickly.

So far, so good.
  • 0

#10
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Rkill 2.6.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 12/05/2013 09:11:11 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
C:\Users\DIANNE\Desktop\rkill\rkill-12-05-2013-09-11-14.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/05/2013 09:12:47 AM
Execution time: 0 hours(s), 1 minute(s), and 36 seconds(s)
  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

The computer appears to be running normally. I don't see any problems at this point.

I have only just begun to try and use it again and have only been in my gmail and yahoo mail accounts.

I brought up Firefox and it appears to have loaded rather quickly.

So far, so good.

Acknowledged. :)
  • 0

#12
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Quick Question:

The OTL is checking only 30 days back (this is the box that is the default).

I believe this problem has been on this computer for a while.

Is everything that we are doing fixing everything from way back to sometime earlier in the year and forward?

Just curious...

Thanks,

Dianne
  • 0

#13
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL logfile created on: 12/5/2013 09:23:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DIANNE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 44.75% Memory free
7.50 Gb Paging File | 4.91 Gb Available in Paging File | 65.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.91 Gb Total Space | 370.41 Gb Free Space | 81.96% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: DH-INC | User Name: DIANNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/03 15:08:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DIANNE\Desktop\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/10/10 15:25:58 | 001,056,264 | R--- | M] (Carbonite, Inc.) -- C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2013/06/27 11:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:30 | 013,582,800 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2011/08/28 16:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/10/10 15:12:18 | 007,627,784 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe -- (CarboniteService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 01:04:20 | 000,203,776 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/11/20 12:03:31 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 13:56:20 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 11:15:06 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/17 14:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2011/08/18 11:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Disabled | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/08/03 22:19:46 | 000,164,352 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/05/06 01:17:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 19:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\dlcjcoms.exe -- (dlcj_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/31 17:32:04 | 000,082,600 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2013/03/31 17:32:04 | 000,042,664 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/13 20:19:10 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020101}_0)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 00:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 01:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 07:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 13:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.altavista.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130818030116
FF - prefs.js..extensions.enabledAddons: pinterest%40robertnyman.com:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/09/12 07:08:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Extensions
[2013/10/16 10:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions
[2013/08/21 10:01:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/10/16 10:39:54 | 000,018,590 | ---- | M] () (No name found) -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\extensions\[email protected]
[2011/09/30 12:02:28 | 000,001,228 | ---- | M] () -- C:\Users\DIANNE\AppData\Roaming\Mozilla\Firefox\Profiles\maq970wp.default\searchplugins\altavista.xml
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/11/20 12:03:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/20 12:03:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - Extension: Google Docs = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\DIANNE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001..\Run: [DellSystemDetect] C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: localhost ([]* in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2170CDB6-5612-4790-ADAD-F6C38FF6A053}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell - "" = AutoRun
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/05 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\Desktop\rkill
[2013/12/05 04:18:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/05 04:18:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/05 04:18:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/04 07:41:02 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/03 15:08:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DIANNE\Desktop\OTL.exe
[2013/12/03 12:29:11 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/03 12:21:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2013/12/03 10:30:35 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\Malwarebytes
[2013/12/03 10:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/03 10:30:05 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Local\Programs
[2013/11/20 17:54:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
[2013/11/20 14:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Market Samurai
[2013/11/20 12:03:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/14 15:14:03 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\Documents\Freelance Ghostwring
[2013/11/14 11:59:40 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\MarketSamurai
[2013/11/13 10:09:35 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 10:09:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 10:09:34 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/13 10:09:34 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 10:09:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/13 10:09:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/13 10:09:34 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/13 10:09:34 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/13 10:09:34 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/13 10:09:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/13 10:09:33 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/13 10:09:30 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 10:09:30 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 10:09:29 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 10:09:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 10:08:37 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/11/13 10:08:30 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/11/13 10:08:30 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/11/13 10:08:30 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/11/13 10:08:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/11/13 10:08:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/11/13 10:08:28 | 005,698,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/11/13 10:08:28 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/11/13 10:08:28 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/11/13 10:08:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/11/13 10:08:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/11/13 10:08:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/11/13 10:08:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/11/13 10:08:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/11/13 10:08:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/11/13 10:08:27 | 006,578,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/11/13 10:08:27 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2013/11/13 10:08:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2013/11/13 10:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/13 09:55:51 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\AppData\Roaming\SUPERAntiSpyware.com
[2013/11/13 09:55:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/11/13 09:55:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/11/13 09:55:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/11/13 09:52:03 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2013/11/13 09:52:02 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2013/11/13 09:51:51 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 09:50:48 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 09:50:48 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 09:50:48 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 09:50:48 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 09:50:47 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 09:50:23 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 09:50:23 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 09:50:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 09:50:23 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 09:50:23 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 09:47:00 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 09:47:00 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/13 09:47:00 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 09:47:00 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 09:46:59 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/10 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\DIANNE\Documents\Amazon
[2013/11/06 12:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/11/06 11:48:22 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/11/06 11:48:22 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/11/06 10:24:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DIANNE\*.tmp files -> C:\Users\DIANNE\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/05 09:13:00 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013/12/05 08:56:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/05 08:55:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/05 04:18:46 | 000,001,135 | ---- | M] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/05 04:18:46 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/05 04:14:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 04:14:07 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 03:51:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/05 03:50:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/05 03:50:14 | 3019,091,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/03 15:08:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DIANNE\Desktop\OTL.exe
[2013/12/03 11:41:43 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013/11/21 15:07:17 | 000,000,019 | ---- | M] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
[2013/11/20 17:54:06 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/11/20 14:53:07 | 000,000,933 | ---- | M] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2013/11/13 11:16:50 | 000,002,281 | ---- | M] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/13 10:06:44 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/13 09:55:39 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/12 15:20:20 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/12 15:20:20 | 000,624,162 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/12 15:20:20 | 000,106,538 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/06 12:45:44 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\DIANNE\*.tmp files -> C:\Users\DIANNE\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/05 04:18:46 | 000,001,135 | ---- | C] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/12/05 04:18:46 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/21 15:07:17 | 000,000,019 | ---- | C] () -- C:\Users\Public\Documents\CTDChannels_Version.cd27244d.cdf
[2013/11/20 17:54:06 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
[2013/11/20 14:53:07 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Market Samurai.lnk
[2013/11/20 14:53:07 | 000,000,933 | ---- | C] () -- C:\Users\Public\Desktop\Market Samurai.lnk
[2013/11/13 10:01:50 | 000,002,281 | ---- | C] () -- C:\Users\DIANNE\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/13 09:55:39 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/11/06 12:45:44 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/11/06 12:45:44 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/11/04 15:18:12 | 000,742,437 | ---- | C] () -- C:\Windows\XHeader Uninstaller.exe
[2013/02/15 09:26:54 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

#14
DianneH2014

DianneH2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
OTL Extras logfile created on: 12/5/2013 09:23:11 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\DIANNE\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 44.75% Memory free
7.50 Gb Paging File | 4.91 Gb Available in Paging File | 65.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.91 Gb Total Space | 370.41 Gb Free Space | 81.96% Space Free | Partition Type: NTFS
Drive I: | 7.45 Gb Total Space | 7.42 Gb Free Space | 99.55% Space Free | Partition Type: FAT32

Computer Name: DH-INC | User Name: DIANNE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DDE44D-C5AA-4CD9-AA99-D7E86B7476E5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19D9B681-0989-4147-AD86-D3BD1EF00037}" = rport=445 | protocol=6 | dir=out | app=system |
"{2127A75B-1DC6-46E6-B943-8E0524C9EEC2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2D66B212-0372-4D5B-A404-FD8412D2FD80}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2FFF34AF-855B-4DF3-B0F8-07A898531CF2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{376B2935-E1B0-4526-A80E-7F1644E74560}" = lport=137 | protocol=17 | dir=in | app=system |
"{4B22BA00-D09E-4ABC-8A83-62C64356A105}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C1ADA85-942C-4A6E-B4A3-C3A84FAFD47A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CF28E89-B8A2-4162-902E-D89D519A49A8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6785FF18-19DE-4D00-9EB8-16D61A3ED3C3}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BCCA2C6-6011-43DE-A791-7E9AF29B5486}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7E6056D9-925E-47ED-96E6-96C65D3CA1E8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{85340CD3-D6FE-40CE-A3D9-00BFA3CEB6E8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B301958-E60A-4BEC-AA0D-CAB68A245F53}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B64A5C6-0E40-445A-BE11-0CE099B618E0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{8D7AABA0-58F2-440A-ADA9-78666CFF6E3A}" = rport=139 | protocol=6 | dir=out | app=system |
"{975B79AB-4FAB-4CE3-A134-C99594646B71}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{99DA9763-EA74-4C4D-9E25-C0D7B0741AB1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9CB36834-8D7F-4C6D-B85F-663188AA99C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9CC3A4CA-1030-4C7F-AD6C-8EE6A45A5CD9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AD927895-57BB-4CCE-BBD9-D0C1E7EB5CE9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B00061BF-FFD1-4141-9239-0D87D2BFFFE5}" = lport=445 | protocol=6 | dir=in | app=system |
"{B8A31B1B-8B3E-4A4F-8EF7-446283F787F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C5A6AE92-114B-440C-9FBE-E9C3B7D695EA}" = lport=139 | protocol=6 | dir=in | app=system |
"{D11ABB97-6A5D-46FF-B2F2-F6E7C2FD0F45}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E3B273EC-D017-4898-ACD7-8C414B890D09}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8079838-C159-4E8A-9D6F-5E0C557C34EC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E886A9A8-3BAB-4251-B1F4-83872367882C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EDE3B0F1-CF62-4671-989F-DC3DF63DAEAF}" = rport=137 | protocol=17 | dir=out | app=system |
"{F39FF5A0-5BE0-4B20-8E92-46FDCC4CBE46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F428EC05-213A-44EE-B0F5-4CE295EAD1BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F9733C4C-653A-425A-87C2-C385FE149814}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9ED0A03-A1D4-4073-9AF3-0547598990C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07589F10-4948-42E8-B924-F6E45EEDC638}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0A7C9577-A6FD-4FDF-923B-112D8CA2A17D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{15EA9CDA-F33D-4A54-AF5A-293CA93159B4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{177E13CE-E84F-4C54-BCBC-2D9107A53F13}" = protocol=58 | dir=out | [email protected],-28546 |
"{19892D5D-8787-43A6-A484-FF9D9EC9410F}" = dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\bin\digitalwizards.exe |
"{228AFF5E-0AA9-49CD-8CD9-F7D67459CD6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2E08B4DA-E42F-4736-AADA-6B550F6C47F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{44E57820-0F9C-479D-869E-87DE688596CA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4DD46BC1-C223-4C1E-B8E4-3368C5C9B1DD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B80EA58-704A-4B62-9858-44719670AEC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D48DFA0-062A-4EE6-8D0D-E1A1A676B804}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6E635AA5-F2F4-4DD2-AB5E-C7136B770D55}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{708D885A-B070-4AD9-A3A1-F07EF0D2F277}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7E36770A-7694-4814-8845-B1F5518EA9BE}" = dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\bin\hpnetworkcommunicator.exe |
"{7E940B32-8ADB-4A67-82DD-E801048E5B3B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7F0109B8-8BF3-4188-91BA-AEC6185C5D76}" = protocol=58 | dir=in | [email protected],-28545 |
"{8433D38D-2F38-4805-B081-88DB93F874C4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8BE7577F-9027-4420-9ADF-6C42D9E8F48C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{91176868-A2FB-4E99-ABF0-6F2751FA4298}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{940B98B3-D1CA-4C86-A914-B1FE3D54E377}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9AD3C3F0-C561-425C-8BED-E69E778ED351}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D499486-F376-4201-BECA-F15A52369730}" = protocol=6 | dir=out | app=system |
"{A4F77530-3A82-4A42-9593-FF263630A739}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B9E40D1A-695D-4F2D-9E06-D576F951D022}" = protocol=1 | dir=out | [email protected],-28544 |
"{C26B04F4-E03B-46F4-8372-CCD38C28D43E}" = dir=in | app=c:\program files (x86)\hp\hp lj300-400 color mfp m375-m475\bin\faxapplications.exe |
"{C76E32FB-B10B-43F3-9AD3-E31F2FF02B2D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CFE97ED5-347A-4633-80A8-BA2FFDF52319}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{D014FA80-AFD4-4B92-B668-DA34A59B407F}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{D3769A56-25FC-43AC-915D-FD10BF822B6B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7D777B3-0AD2-41C6-8B26-A035212678C3}" = protocol=1 | dir=in | [email protected],-28543 |
"{EDDD784B-726C-4F66-8B72-413FA924CA67}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{EEA6A250-7026-4806-8723-FA1AC09F8B8C}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"TCP Query User{19E523C7-262F-4CE9-BABA-3B28195CBE37}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"TCP Query User{1A783006-9303-4FCF-B9FF-3DF0DCEEA545}D:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=6 | dir=in | app=d:\wd_windows_tools\wddiscovery\wddiscovery.exe |
"UDP Query User{16BAD7E5-CEBF-4F84-B00F-61587A6243DF}C:\program files (x86)\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"UDP Query User{BB684E89-D6CA-4423-B2CF-1742781A1643}D:\wd_windows_tools\wddiscovery\wddiscovery.exe" = protocol=17 | dir=in | app=d:\wd_windows_tools\wddiscovery\wddiscovery.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{033123A8-E639-4108-BFC8-27566EFFAAF4}" = HP Unified IO
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{4518D70B-8A8B-4A4D-826F-8E16DCAC674E}" = StoryBook Creator 4.0
"{5737101A-27C4-408A-8A57-D1DC78DF84B4}" = 64 Bit HP CIO Components Installer
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7DEDB721-D107-4282-8C7E-B1B29CA63605}" = CM-Uploader
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CB}" = WinZip 16.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E06357A3-5F44-B1AE-F4BA-9DAC26A209C9}" = ccc-utility64
"{E102B843-786A-4F58-AF75-6504570E207B}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"Dell Support Center" = Dell Support Center
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{05554D36-5C86-4BCC-BD48-EC2FC9A631E1}" = Magic Article Submitter
"{055C7B5D-B655-495D-BC4B-787994519AAA}" = Creative Memories Memory Manager 3
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D29B7E9-CDFF-807D-1D4E-FFB77D809836}" = CCC Help Italian
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{144D9816-818D-C36E-33A0-889A19C5EDA6}" = CCC Help Portuguese
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18BED011-2EEF-1148-E90C-D6556565B2EC}" = CCC Help Polish
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C111BFC-B2CB-470A-9882-65F1E57680F6}" = Pro Diem Data Widget
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20C2435C-5B06-2E12-5087-116D8EF658B8}" = CCC Help Korean
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26791563-0BDF-1FBE-CC21-994A09559CCE}" = Catalyst Control Center Graphics Previews Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{32C0FD10-8FB4-427E-A16F-ED57C9343CF0}" = InstanceFinder
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39D06E77-8921-4056-8901-36D0035BAECA}" = Dell Stage
"{3A25676C-038C-504A-FA32-F971B36BF7EE}" = Catalyst Control Center Graphics Previews Vista
"{3B8FF075-F41B-89DD-41F7-B90A6A01B8F8}" = Catalyst Control Center Graphics Full New
"{3E64C460-0FAA-4450-99CE-783B0F662B8F}" = hpbM375M475DSService
"{44453D07-5BDB-45F8-E3DF-20A7F76407D0}" = CCC Help Czech
"{44EB02F5-16E5-42BD-9183-C23EF7620CF3}" = hpStatusAlerts
"{461FF76E-504F-4B5B-B8D9-C41D84514EB7}" = hpStatusAlertsM375_M475
"{466E1C7A-AEAF-2F55-26E2-A727B761AAB0}" = CCC Help Dutch
"{4D019528-5866-4F28-B29E-E89F2495278A}" = HP LJ300-400 M375-M475 HP Scan
"{4F5F1DED-1EB8-436C-8781-F6F28BFFE871}" = HP Product FWUpdater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{50ED6ABB-078C-8B17-1181-DC6DDB4E52DC}" = Catalyst Control Center InstallProxy
"{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
"{568C5D3E-5B79-47EC-A34B-8D7C8AEF1F8F}" = HPLJUTCore
"{56E55229-CBE7-211E-0CD1-AB3712AF177A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5952A881-831C-451A-BF20-F0CA2C295D94}" = HP Unified IO
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5BF278AE-B851-41A7-9874-C6EC5AF2BD91}" = hppLaserJetService
"{5CE2D957-59C2-4489-481E-2E38EAE59762}" = CCC Help Spanish
"{5DEB2BA0-0E1F-D5CB-A0C4-F738590BE973}" = Catalyst Control Center Core Implementation
"{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}" = HPLJDXPHelper
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}" = hpbDSService
"{6675371D-22CD-F426-DC4C-9DDF594D0BBE}" = CCC Help Chinese Traditional
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6839108F-BC82-30BC-776F-D635EDA2B3D4}" = CCC Help Russian
"{6B1ADEE1-1595-82C4-6FB9-97B65F68E9EE}" = CCC Help Swedish
"{6B206787-2964-D9D8-A1F6-7D98B6BCD7F9}" = CCC Help Hungarian
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72A474E0-5AA3-4EDD-8FAA-D87CB2FD0654}" = HPLaserJet300-400ColorM375-M475Series_HelpLearnCenter_SI
"{73EFFD76-009E-A554-AA1F-106DBE475525}" = CCC Help French
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{775FCAEB-C804-02B9-135F-D9A189A1CCDC}" = CCC Help English
"{77D41B26-31DE-4EBA-F974-26D67B728FDB}" = CCC Help Turkish
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{833FE2B0-DCD7-8995-6374-F69F1A84055F}" = CCC Help German
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{88ED2998-7453-06B9-F9AA-E59115180B5D}" = Market Samurai
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D0BED50-BD2B-5EBA-7F04-5513F1B9EC74}" = CCC Help Thai
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95ED1AC3-DF2A-4719-B029-909C0875CD8F}" = Creative Memories StoryBook Creator Plus 3
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98C7AEBC-350A-52D6-6886-76FB98C6A503}" = Catalyst Control Center Graphics Full Existing
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D1DE902-8058-4555-A16A-FBFAA49587DB}" = HP LJ300-400 color MFP M375-M475
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA31EA7B-7917-4000-949B-38E91F848A25}" = Internet Explorer
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B361ED10-259E-4B76-B35E-E47BB6DDDD74}" = hppFaxDrvM375M475
"{B64E0B43-A452-4B25-93DD-E5C6645A534A}" = ToolboxProxy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BE6F906F-9F86-5CED-E122-8C6A162295B8}" = Skins
"{BEDE6836-8ED5-4444-B895-CE54968CFC4C}" = Magic Article Rewriter
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C3E833FD-AAF9-45E2-B2CA-091C4D04203F}" = hppSendFaxM375M475
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAB2848F-4E7D-4D64-B071-C1539E345C1C}" = hppM375_M475LaserJetService
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF67ED0C-F85D-4791-AED3-3FE882EDB45D}" = Dell Marketplace Webslice IE8
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1E89604-DFBE-2DF8-BE82-A0076107AA32}" = CCC Help Finnish
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E00484A7-94A2-42FD-A24C-C83226E4EDA3}" = Microsoft Money 2005 System Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{E50D9AC2-EB3C-3161-FF97-4E800D106D0E}" = CCC Help Norwegian
"{E65DADC9-D6B1-6706-41DE-FA19149869E5}" = Catalyst Control Center Graphics Light
"{EAA710B0-DF9C-4202-978D-8B8C787313C6}" = hppToolboxProxyM375
"{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}" = LJDXPHelperUI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBF60699-3D2E-6677-D504-5B4846171C8E}" = ccc-core-static
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F284FAB3-7B91-499F-856A-1A8BF7649D8D}" = HP LJ300-400 color MFP M375-M475 Fax
"{F336F89D-8C5A-432C-8EA9-DA19377AD591}" = Dell MusicStage
"{F4044E58-9707-2918-1DA9-D3E400F0B699}" = CCC Help Japanese
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F70ACEA1-05C5-6D98-9C0C-F3AD818E1E33}" = CCC Help Chinese Standard
"{F835D378-5073-8C86-70EF-9A3B739F9897}" = CCC Help Greek
"{FA1B7AB4-9FE9-47A8-9A2F-C9FCB2F03A26}" = HPLJUTM375-M475
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FFD3A1EB-F550-3309-7AFE-17E4BB778423}" = Catalyst Control Center Localization All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BidPro Plus" = My BidPro Plus
"Carbonite Backup" = Carbonite
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1" = Market Samurai
"Money2005b" = Microsoft Money 2005
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"XHeader" = XHeader

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1969209751-449001428-3356654911-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"9204f5692a8faf3b" = Dell System Detect
"JoinMe" = join.me

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2013 12:38:09 | Computer Name = DH-INC | Source = VSS | ID = 13
Description =

Error - 7/23/2013 12:38:09 | Computer Name = DH-INC | Source = VSS | ID = 8193
Description =

Error - 7/23/2013 12:38:09 | Computer Name = DH-INC | Source = VSS | ID = 13
Description =

Error - 7/23/2013 12:38:09 | Computer Name = DH-INC | Source = VSS | ID = 8193
Description =

Error - 8/29/2013 12:12:07 | Computer Name = DH-INC | Source = Application Error | ID = 1000
Description = Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time
stamp: 0x4f35fc1d Faulting module name: hpzjcd01.dll_unloaded, version: 0.0.0.0,
time stamp: 0x47a39310 Exception code: 0xc0000005 Fault offset: 0x00000000048f3c8e
Faulting
process id: 0x604 Faulting application start time: 0x01ce91dee576e3f9 Faulting application
path: C:\Windows\System32\spoolsv.exe Faulting module path: hpzjcd01.dll Report Id:
c01f19de-10c5-11e3-ac8e-842b2b93a010

Error - 9/30/2013 14:38:27 | Computer Name = DH-INC | Source = Application Error | ID = 1000
Description = Faulting application name: firefox.exe, version: 23.0.1.4974, time
stamp: 0x520bc252 Faulting module name: xul.dll, version: 23.0.1.4974, time stamp:
0x520bc166 Exception code: 0xc0000005 Fault offset: 0x0017af08 Faulting process id:
0x3d4 Faulting application start time: 0x01cebe0795825e2f Faulting application path:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe Faulting module path: C:\Program
Files (x86)\Mozilla Firefox\xul.dll Report Id: 7e1c1626-29ff-11e3-ab32-842b2b93a010

Error - 10/16/2013 11:12:02 | Computer Name = DH-INC | Source = VSS | ID = 13
Description =

Error - 10/16/2013 11:12:02 | Computer Name = DH-INC | Source = VSS | ID = 8193
Description =

Error - 10/16/2013 11:12:02 | Computer Name = DH-INC | Source = VSS | ID = 13
Description =

Error - 10/16/2013 11:12:02 | Computer Name = DH-INC | Source = VSS | ID = 8193
Description =

[ Dell Events ]
Error - 9/10/2011 21:14:45 | Computer Name = DIANNE-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/10/2011 21:14:45 | Computer Name = DIANNE-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/11/2011 10:45:56 | Computer Name = DIANNE-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ System Events ]
Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The Network Store Interface Service service depends on the NSI proxy
service driver. service which failed to start because of the following error: %%31

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The Workstation service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The IP Helper service depends on the Network Store Interface Service
service which failed to start because of the following error: %%1068

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
Buffering Sub Sysytem service which failed to start because of the following error:
%%31

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
Wrapper and Engine service which failed to start because of the following error:
%%1068

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The Microsoft Network Inspection System service depends on the Microsoft
Malware Protection Driver service which failed to start because of the following
error: %%31

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7001
Description = The Network Location Awareness service depends on the Network Store
Interface Service service which failed to start because of the following error:
%%1068

Error - 12/5/2013 04:49:24 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6
WfpLwf

Error - 12/5/2013 05:06:41 | Computer Name = DH-INC | Source = Service Control Manager | ID = 7022
Description = The Server service hung on starting.


< End of report >
  • 0

#15
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Quick Question:

Not a problem and or a cause for concern...the default thirty day check is fine and no actual need to analyse further back than one month at this time.

Windows Sidebar Advice:

It is no longer prudent to have this feature enabled as outlined in the below Microsoft article:-

Vulnerabilities in Gadgets could allow remote code execution

I advise you download and run the Disable Windows Sidebar and Gadgets Fixtit utility to recify this.

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the quote box(do not copy the word quote) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Commands
[CreateRestorePoint]

:OTL
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1969209751-449001428-3356654911-1001\..Trusted Domains: localhost ([]* in Local intranet)
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell - "" = AutoRun
O33 - MountPoints2\{b798088b-13ad-11e2-967f-842b2b93a010}\Shell\AutoRun\command - "" = I:\Autorun.exe

:Files
ipconfig /flushdns /c
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[ResetHosts]
[EmptyTemp]

  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The log-file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform quick scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with AdwCleaner:

Please download adwcleaner from here and save to your desktop.

Alternate downloads are here or here.

  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Clean tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.
  • AdwCleaner Log.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP