Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

nation zoom/full diskfighter pop ups etc... [Solved]

Started by sedward68 , Dec 21 2013 11:48 AM

  • This topic is locked This topic is locked

#1
sedward68
Posted 21 December 2013 - 11:48 AM

sedward68

    Member

  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 12/21/2013 11:25:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shareda73\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.94% Memory free
7.75 Gb Paging File | 5.66 Gb Available in Paging File | 73.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.66 Gb Total Space | 401.85 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive Y: | 500.00 Mb Total Space | 215.23 Mb Free Space | 43.05% Space Free | Partition Type: NTFS

Computer Name: SDC | User Name: shareda73 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/21 11:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shareda73\Desktop\OTL.exe
PRC - [2013/12/21 11:16:56 | 013,209,088 | ---- | M] (The Weather Channel) -- C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe
PRC - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe
PRC - [2013/12/03 20:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/11/30 00:59:19 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
PRC - [2013/11/15 19:25:02 | 000,078,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
PRC - [2013/11/15 19:23:54 | 000,449,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
PRC - [2013/09/02 14:30:57 | 000,257,136 | ---- | M] (Microsoft Corporation) -- C:\Users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2013/08/07 09:47:46 | 001,494,560 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe
PRC - [2013/08/06 16:43:54 | 001,279,520 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe
PRC - [2013/05/23 09:18:16 | 000,493,656 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
PRC - [2013/05/23 09:17:24 | 004,124,760 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
PRC - [2013/05/23 09:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/26 02:41:44 | 000,081,536 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
PRC - [2012/12/03 00:18:30 | 000,111,136 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2012/11/19 13:15:20 | 000,285,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/10/23 15:43:52 | 000,102,928 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2012/07/17 19:10:32 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 19:10:30 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/17 19:10:16 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/04 12:16:16 | 000,556,544 | ---- | M] () -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe
MOD - [2013/12/03 20:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 20:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 20:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 20:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013/12/03 20:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013/12/03 20:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/15 19:24:42 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
MOD - [2013/11/15 19:24:11 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
MOD - [2013/11/15 19:13:13 | 000,359,592 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/11/15 19:13:13 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2013/10/18 16:37:32 | 002,959,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\8089e3484b45e44781f0c7a1a78881d5\System.IdentityModel.ni.dll
MOD - [2013/10/18 16:37:27 | 000,030,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorDataMcfeeca6f#\b1b4d87475101f4da87758ac710dfd06\IAStorDataMgrSvcInterfaces.ni.dll
MOD - [2013/10/18 16:36:22 | 001,843,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Deployment\238d8751d665e38545ed3db64befd1a8\System.Deployment.ni.dll
MOD - [2013/10/11 22:06:01 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6029d35b6cfaf94b1d39ec54c724a8c7\System.Xml.Linq.ni.dll
MOD - [2013/10/11 22:05:59 | 012,698,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e6606a84f8a4cdc18c74e63ec807c689\System.Windows.Forms.ni.dll
MOD - [2013/10/11 22:05:46 | 019,537,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\6b40a60180e23feff705e28e351e10e1\System.ServiceModel.ni.dll
MOD - [2013/10/11 22:05:26 | 002,786,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\e1c6945213ca43ec9769fe95576962ce\System.Runtime.Serialization.ni.dll
MOD - [2013/10/11 22:05:24 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\4def6cf48732266c740e33fe5b2291b7\System.Runtime.Remoting.ni.dll
MOD - [2013/10/11 22:05:21 | 000,964,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c508451271803f1677317735db499f5c\System.Configuration.ni.dll
MOD - [2013/10/11 22:05:19 | 003,910,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3e52c3479469fe72eed0716b48859e91\WindowsBase.ni.dll
MOD - [2013/10/11 22:05:14 | 006,998,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\79e8b7b183668471ab364d4132fb8018\System.Core.ni.dll
MOD - [2013/08/22 19:08:01 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\f5fae69a1af9272c9499044fb0d2c0dd\UIAutomationProvider.ni.dll
MOD - [2013/08/22 19:07:18 | 000,366,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorUtil\3dd54cc0a567860244b2cf25f3bcef6e\IAStorUtil.ni.dll
MOD - [2013/08/22 19:07:14 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d438e7ec4899763070e7b5db3f166373\System.ServiceModel.Internals.ni.dll
MOD - [2013/08/22 19:07:14 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\3df2fdd27a3e685ce5dda8bce4956e5b\SMDiagnostics.ni.dll
MOD - [2013/08/22 15:23:15 | 007,566,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\624ad6159b6e241ad6d28bf4dca9f14b\System.Xml.ni.dll
MOD - [2013/08/22 15:23:08 | 001,880,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\123cf617d7b6b31c44e39f8594f064c5\System.Xaml.ni.dll
MOD - [2013/08/22 15:22:23 | 001,631,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\3603744988436295da5d16e76038e484\System.Drawing.ni.dll
MOD - [2013/08/22 15:22:04 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\cb65dcc8c60f33d257283ef1416a2175\PresentationFramework.Aero2.ni.dll
MOD - [2013/08/22 15:22:03 | 018,545,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\972bf4ffab06e561447d12baf3b3dfa9\PresentationFramework.ni.dll
MOD - [2013/08/22 15:21:41 | 010,926,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\5b504b7cd800dcd6c06d841d94ca099a\PresentationCore.ni.dll
MOD - [2013/08/22 15:21:18 | 009,937,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\375a937eec7d6faa53ac11ab2973eb76\System.ni.dll
MOD - [2013/08/13 06:15:50 | 000,206,336 | ---- | M] () -- C:\Users\shareda73\AppData\Local\Temp\GC\Profiles\{43A249D4-DD84-497E-8673-5161940EB1ED}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
MOD - [2013/07/16 20:38:16 | 000,162,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Wind74b7bf4b#\52f4cc2a8de629be6ed1d5bca68d5103\System.Windows.Input.Manipulations.ni.dll
MOD - [2013/07/16 20:38:15 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\1f8e89f1344171031271d80ff21366ec\UIAutomationTypes.ni.dll
MOD - [2013/07/16 20:37:52 | 000,026,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\IAStorCommon\2dda44469946eccd972b05eeeefc1e7d\IAStorCommon.ni.dll
MOD - [2013/07/16 14:15:16 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\a237f503e206d5c091327b2cdd813629\System.Net.Http.ni.dll
MOD - [2013/07/16 14:15:15 | 001,156,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\cd6b8416903164862eba3d170df40c90\System.Management.ni.dll
MOD - [2013/07/16 13:20:43 | 016,547,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5e3a9f3d64adfb3c69b49d37368bf454\mscorlib.ni.dll
MOD - [2013/05/02 17:01:12 | 001,813,792 | ---- | M] () -- C:\Program Files (x86)\Dell Backup and Recovery\OLCoreWrapper.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/06/08 12:34:06 | 000,016,400 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2012/06/07 21:34:06 | 000,627,216 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/18 17:46:52 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/08/15 23:39:26 | 002,371,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013/07/01 18:44:21 | 000,016,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/06/24 16:54:45 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/06/01 03:19:58 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/05/04 00:58:02 | 000,470,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/05/04 00:57:05 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/04/08 22:48:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/03/28 16:22:53 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/03/01 20:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 20:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/23 15:49:18 | 000,201,872 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/11/17 20:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2013/08/08 02:08:18 | 000,337,920 | ---- | M] (SPAMfighter ApS) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe -- (Common Toolkit 2)
SRV - [2013/08/06 16:43:54 | 001,279,520 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service)
SRV - [2013/05/23 09:17:06 | 001,915,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe -- (SftService)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/28 16:22:53 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/12/28 14:41:58 | 000,226,944 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2012/12/26 02:41:44 | 000,081,536 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe -- (ZAtheros Wlan Agent)
SRV - [2012/11/19 13:15:20 | 000,014,904 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/10/16 04:39:32 | 000,277,024 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/17 19:10:32 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 19:10:30 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/17 19:10:16 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/10 05:53:35 | 000,096,600 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/10/05 00:10:20 | 000,285,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/10/01 20:50:07 | 000,447,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/08/15 23:41:13 | 000,058,200 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/10 00:30:22 | 000,151,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/07/09 02:04:07 | 000,120,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/07/01 19:41:47 | 000,337,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/07/01 19:41:47 | 000,213,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/07/01 18:44:14 | 000,036,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/07/01 16:08:49 | 000,247,216 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/06/29 00:15:54 | 000,195,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/05/31 21:08:57 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 16:22:52 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/03/28 16:21:46 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/03/28 16:21:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/03/28 16:21:42 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/03/28 16:21:04 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/03/02 04:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 04:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/01/24 20:12:08 | 000,010,752 | ---- | M] (OSR Open Systems Resources, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\DellRbtn.sys -- (DellRbtn)
DRV:64bit: - [2013/01/17 11:07:14 | 003,735,040 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/28 14:19:48 | 000,578,792 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/12/28 14:19:40 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2012/12/28 14:19:38 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2012/12/28 14:19:38 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2012/12/28 14:19:36 | 000,115,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2012/12/28 14:19:36 | 000,089,320 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2012/12/28 14:19:36 | 000,033,944 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2012/12/28 14:19:34 | 000,345,832 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2012/12/21 01:24:02 | 000,466,824 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/12/21 01:24:02 | 000,032,136 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/12/21 01:24:00 | 000,028,040 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 17:50:56 | 000,652,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/10/16 04:39:10 | 005,343,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/10 09:41:06 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/02 17:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/25 11:24:50 | 000,092,536 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\Drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/06/19 10:40:50 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/15 02:50:46 | 000,315,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsUVStor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2012/06/12 23:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{ACE53E88-40F3-47A8-BA57-8A8ABF033430}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{ACE53E88-40F3-47A8-BA57-8A8ABF033430}: "URL" = http://www.bing.com/...E10TR&pc=MDDCJS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\shareda73\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK


========== Chrome ==========

CHR - default_search_provider: nationzoom (Enabled)
CHR - default_search_provider: search_url = http://www.nationzoo...q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
CHR - plugin: Unity Player (Enabled) = C:\Users\shareda73\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - Extension: Google Docs = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_64.dll File not found
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll File not found
O2 - BHO: (ArcadeParlor Games) - {39AD0726-986D-40F9-972B-E3BFA24B7745} - C:\Users\ShaReda\AppData\Local\ArcadeParlor\Arcadeparlor.dll ()
O2 - BHO: (Save Valet) - {F0F12903-DE76-4DF7-BCDC-0A0689151189} - C:\Program Files (x86)\SaveValet\ie\SaveValetIE_32.dll File not found
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BtPreLoad] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Starter] C:\Program Files (x86)\Driver-Soft\DriverGenius\StarterW3i.exe File not found
O4 - HKCU..\Run: [DW7] C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe (The Weather Channel)
O4 - HKCU..\Run: [FDPRO-501] C:\Program Files (x86)\Fighters\FighterLauncher.exe (SPAMfighter ApS)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_0EAF04DA78CC2D4DA23CF4718E40E892] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [SkyDrive] C:\Users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk = C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe ()
O4 - Startup: C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk = C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (Weather Notifications, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C3B434A-44B7-41F0-9799-634B32887D98}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E427320-1E4B-46B8-A5DD-E84B5F533F9F}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/12/08 21:11:15 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{b621841b-b4fe-11e2-be77-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b621841b-b4fe-11e2-be77-806e6f6e6963}\Shell\AutoRun\command - "" = "F:\menu.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/21 11:24:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\shareda73\Desktop\OTL.exe
[2013/12/21 11:16:05 | 000,000,000 | R--D | C] -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013/12/21 11:12:03 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/21 10:41:55 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Roaming\Malwarebytes
[2013/12/21 10:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/21 10:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/21 10:41:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/12/21 10:41:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/08 21:10:09 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2013/12/08 21:10:03 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2013/12/08 21:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/12/08 21:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/12/07 18:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/12/07 18:36:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JFileManager
[2013/12/07 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JFileManager
[2013/12/07 18:36:44 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Local\GCC
[2013/12/07 18:36:37 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Local\Programs
[2013/12/07 18:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\WPM
[2013/11/24 15:59:53 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileWhiz by InstallX
[2013/11/24 15:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2013/11/24 15:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2013/11/24 15:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013/11/24 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Roaming\Uniblue
[2013/11/24 15:50:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2013/11/24 15:49:12 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL
[2013/11/24 15:49:08 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts
[2013/11/24 15:49:07 | 000,000,000 | ---D | C] -- C:\Users\shareda73\AppData\Local\SevereWeatherAlerts
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/21 11:24:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\shareda73\Desktop\OTL.exe
[2013/12/21 11:19:39 | 000,850,046 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/21 11:19:39 | 000,720,456 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/21 11:19:39 | 000,133,284 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/21 11:16:57 | 000,001,314 | ---- | M] () -- C:\Users\Public\Desktop\The Weather Channel App.lnk
[2013/12/21 11:16:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/21 11:15:51 | 000,001,438 | ---- | M] () -- C:\Users\shareda73\Desktop\Google Chrome.lnk
[2013/12/21 11:15:23 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/21 11:15:17 | 000,000,410 | ---- | M] () -- C:\Windows\tasks\DRIVERfighter Auto Start.job
[2013/12/21 11:15:17 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-ShaReda-Startup.job
[2013/12/21 11:15:16 | 000,000,396 | ---- | M] () -- C:\Windows\tasks\SLOW-PCfighter64-ShaReda-Notification.job
[2013/12/21 11:14:52 | 000,324,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/21 11:14:31 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/12/21 11:14:29 | 3326,308,352 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/21 11:13:21 | 000,001,316 | ---- | M] () -- C:\Users\shareda73\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/21 11:13:21 | 000,000,993 | ---- | M] () -- C:\Users\shareda73\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/12/21 11:04:27 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/21 10:41:48 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/19 21:33:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\ArcadeParlor.job
[2013/12/12 21:58:03 | 002,917,651 | ---- | M] () -- C:\Users\shareda73\Desktop\bad boy summaries.mht
[2013/12/10 20:33:21 | 000,079,294 | ---- | M] () -- C:\Users\shareda73\Desktop\www_ltdcommodities_com - Bing.mht
[2013/12/08 21:11:15 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/12/07 22:52:11 | 000,100,889 | ---- | M] () -- C:\Users\shareda73\Desktop\bad boy.rtf
[2013/12/04 22:52:28 | 000,154,842 | ---- | M] () -- C:\Users\shareda73\Documents\boy family tree.pdf
[2013/12/04 21:34:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2013/11/24 20:12:29 | 000,000,582 | ---- | M] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013/11/24 15:50:27 | 000,001,219 | ---- | M] () -- C:\Users\shareda73\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/11/24 15:49:08 | 000,002,182 | ---- | M] () -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/11/24 15:49:08 | 000,001,231 | ---- | M] () -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/11/23 21:14:25 | 497,779,352 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/21 11:14:33 | 000,324,880 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/12/21 10:41:48 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/12 21:58:01 | 002,917,651 | ---- | C] () -- C:\Users\shareda73\Desktop\bad boy summaries.mht
[2013/12/12 21:39:51 | 000,385,528 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
[2013/12/10 20:33:19 | 000,079,294 | ---- | C] () -- C:\Users\shareda73\Desktop\www_ltdcommodities_com - Bing.mht
[2013/12/08 21:11:15 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/12/08 21:10:24 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2013/12/07 22:52:11 | 000,100,889 | ---- | C] () -- C:\Users\shareda73\Desktop\bad boy.rtf
[2013/12/04 22:52:28 | 000,154,842 | ---- | C] () -- C:\Users\shareda73\Documents\boy family tree.pdf
[2013/12/04 21:34:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2013/11/24 20:12:29 | 000,000,582 | ---- | C] () -- C:\Windows\SysNative\MyDefrag.debuglog
[2013/11/24 15:50:27 | 000,001,219 | ---- | C] () -- C:\Users\shareda73\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2013/11/24 15:49:08 | 000,002,182 | ---- | C] () -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk
[2013/11/24 15:49:08 | 000,001,231 | ---- | C] () -- C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk
[2013/09/15 08:54:58 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2013/08/29 14:16:12 | 000,000,258 | RHS- | C] () -- C:\Users\shareda73\ntuser.pol
[2013/03/28 16:22:20 | 000,866,452 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/03/28 15:49:55 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2013/03/28 15:49:49 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/03/28 15:49:47 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2013/04/17 17:04:01 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 00:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/01 23:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/04 21:06:02 | 000,000,000 | ---D | M] -- C:\Users\shareda73\AppData\Roaming\ChurchTrac
[2013/11/24 15:50:49 | 000,000,000 | ---D | M] -- C:\Users\shareda73\AppData\Roaming\Fighters
[2013/04/17 16:52:56 | 000,000,000 | ---D | M] -- C:\Users\shareda73\AppData\Roaming\Leadertech
[2013/05/02 19:31:11 | 000,000,000 | ---D | M] -- C:\Users\shareda73\AppData\Roaming\PCDr
[2013/12/21 11:13:17 | 000,000,000 | ---D | M] -- C:\Users\shareda73\AppData\Roaming\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:07F6D9E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:373E1720

< End of report >

OTL Extras logfile created on: 12/21/2013 11:25:37 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\shareda73\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 52.94% Memory free
7.75 Gb Paging File | 5.66 Gb Available in Paging File | 73.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.66 Gb Total Space | 401.85 Gb Free Space | 88.19% Space Free | Partition Type: NTFS
Drive Y: | 500.00 Mb Total Space | 215.23 Mb Free Space | 43.05% Space Free | Partition Type: NTFS

Computer Name: SDC | User Name: shareda73 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07052D38-CB3B-41CA-A361-323A0D231298}" = lport=445 | protocol=6 | dir=in | app=system |
"{139A164B-019D-419D-AA00-D2DDB899AF0E}" = lport=138 | protocol=17 | dir=in | app=system |
"{2AFFF248-95AD-4041-970B-E15D80EFE45B}" = lport=137 | protocol=17 | dir=in | app=system |
"{3001A70F-24EB-4F83-955A-6FB65C5D43E3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3AA2BDD4-D045-4C0A-A500-240F655510EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5015D886-6B73-447E-A979-6F62E78DB342}" = rport=139 | protocol=6 | dir=out | app=system |
"{50DA6D7D-7A23-4E55-B3DB-ECA92F14AC05}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{518A6DF1-1F3A-4372-A90B-88D933963D5C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64D02730-E156-41D1-8D91-5932083959A6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{64F962C2-396D-42FA-B38A-66DBD41BB58F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{673660D9-F4EF-49FF-87AD-E2DE021852D1}" = rport=138 | protocol=17 | dir=out | app=system |
"{7BD0748A-0037-4A2D-A961-5CBABFE12B8C}" = rport=137 | protocol=17 | dir=out | app=system |
"{83C0B7C9-4050-48F2-8CF0-B44D61A5F883}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{873D49C7-F815-4A40-8C90-A358F25E2285}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8AADB121-2FC5-4D14-A219-1074B3AFBAE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{9644EBD3-DA6E-4F6D-98D3-49263D08DE08}" = rport=445 | protocol=6 | dir=out | app=system |
"{A3CB3946-36A2-45B4-BE8D-0F2CEE44AF94}" = lport=10243 | protocol=6 | dir=in | app=system |
"{ACB18A27-8DEB-4157-BAD2-0906717E10D9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA1F504F-B627-4040-9F9F-90D3C9102B18}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BCB4F66D-5086-4017-A3F6-623FD225D4C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6571D75-3F3A-430A-A5C9-8B90C077EE79}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CFA61E0D-16E6-467D-BB9E-8E64F9750D0F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E143C3B7-5564-4334-86C5-BB7173F5BCE7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2FCE75C-D449-435D-96F9-3E8CBAF916DA}" = rport=10243 | protocol=6 | dir=out | app=system |
"{F3C69B05-84C8-4BA7-9371-36E9358D1575}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00F3BD4D-0596-4F77-B848-6F07ED95706D}" = dir=in | app=c:\users\shareda73\appdata\local\microsoft\skydrive\skydrive.exe |
"{0597D923-48E1-403B-8862-FCDE2D2674DB}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{061EE518-9A64-4F2B-B59F-C2F1AEFA5415}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{0792249A-F58B-4628-B52B-D9B7EE9FA770}" = dir=out | name=skype |
"{0F1C1814-80B9-45E8-921A-BC4ABFCA1D16}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{0F75F847-141C-42B8-B616-72A56A85E36A}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{10C88B63-A2A3-4A61-BD8F-4CA6428EC9EC}" = dir=out | name=skype |
"{1246A545-D2BA-437B-ABE6-59C818809FD9}" = dir=out | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{1318B21A-91E5-45FE-8F96-FCA9CA68397B}" = dir=in | app=c:\users\shareda\appdata\local\microsoft\skydrive\skydrive.exe |
"{174A5151-8C7F-4C05-AA3D-9D524FDF8CD9}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1BE10864-E8E7-4688-A1AF-385FB352A87B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{1C96C7D9-0107-4574-9653-9F4EB0940701}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1D18AFDC-855D-44A4-A106-E1782CBAEE81}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{20D4450A-5846-4E3A-BE4F-BAC538DD0E1E}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{219AD382-9757-4659-BA4D-398768110B8E}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{227B5C7B-F70D-41D9-A0BE-5CC9ABA2EBD1}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{29C1BD1D-4AAD-49B6-80EE-82E75FB176E3}" = dir=in | name=skype |
"{2BAEDD1D-5B71-4DC6-9AFF-A8CBE65C19E9}" = dir=out | name=@{microsoft.zunevideo_1.4.19.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{2C81AE4B-0FA5-4562-A757-5327E733076C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D245C0A-FFD2-4870-A1A2-3D66BBB98153}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{2D4C4055-C102-4D47-95DE-B43A7BE6C7A1}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{2F54DCF0-3A16-4256-8ECD-6E4B2A00E13B}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{2FD5C12A-89B5-4BF8-83D0-70081D6B1707}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{318BD5AD-9A67-495B-8BEC-5549AFAAC158}" = protocol=1 | dir=in | [email protected],-28543 |
"{32886055-77D2-4A4D-BD6B-79785CB85AAA}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{337822B9-CE5B-46B5-A33B-61EF04FE5902}" = dir=out | name=mcafee® central for dell |
"{33B825FE-6617-4AE7-9DDC-CBCCA5124C33}" = dir=out | name=@{microsoft.bingsports_2.0.0.273_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{340957D6-9752-4B06-9794-2C3DF152197C}" = protocol=1 | dir=out | [email protected],-28544 |
"{3D8F74D4-65B0-49F9-9C11-D6732238C627}" = dir=in | name=amazon for windows |
"{3E68EE67-6894-4965-8063-67F48F491009}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4942F9BD-1871-4445-9687-BC04A36C8CF9}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{4AF12FCF-76CF-429C-BA50-F406D2DC803D}" = dir=in | app=c:\users\shareda73\appdata\local\gcc\controller.exe |
"{523563A5-1F6A-4EEA-AA11-7A1CF7DC2249}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{52623CF2-A7C2-4EAD-8FB8-F036486953AF}" = dir=out | name=kindle |
"{5706CBCC-ADF0-43BF-B2A7-F8D0D777FA89}" = protocol=58 | dir=in | [email protected],-28545 |
"{59A42964-A7FD-4444-A22A-FAC7D6016185}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{5A5E2F03-0304-4843-99E1-5F27ED26AB74}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5B6A7066-FC31-49B2-98E2-7CBBB52A8360}" = dir=out | name=dell shop |
"{5C8532AA-EF4C-4EF5-8616-B2303E6C9CA9}" = dir=out | name=dell shop |
"{5CD6425F-3B2A-43E7-89D0-57D2AD48E21D}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5E1835A9-6461-42FE-A69D-6C3D279F9BF1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5EA274E6-5F0D-4253-896F-046EAA4FAB8B}" = dir=out | name=kindle |
"{6942C601-29AB-42CC-AC8B-69568B3BDAE5}" = dir=out | name=amazon for windows |
"{6A1B6D74-B078-42A4-A906-B1765D56A3A2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{6AEB878A-B24E-4617-9B29-B5A2571BEC66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6AEF7ECA-C0D8-4A19-A350-B8565616BFBC}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6B4BFEC7-CD4B-4E9C-B82D-9F814588E41C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6D2E601E-3FAC-463C-9559-46030811E9EE}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{6E329205-DEDD-4326-82A1-9102F78416BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FDB3594-4A76-4378-8A58-6DBFC7981D20}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{71A069E0-E076-4BD9-9FD1-41BE8BFE9D51}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{72E9D5F2-A628-494E-B41C-5AFCBBEBE7AF}" = dir=out | name=ebay |
"{73A3EFF8-730B-4A68-9CE0-AB70895A7C78}" = dir=in | name=kindle |
"{79965B23-D293-4345-A4AE-69AEEB7DE63E}" = dir=out | name=@{microsoft.bingsports_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{7E9C6BE7-D2B7-4001-9B2F-634F228AF82A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8384F0E9-A82F-4F09-93C9-23FDB82D7F84}" = dir=out | name=amazon |
"{874B44D6-9A72-468F-996E-5214573C4775}" = dir=in | name=mcafee® central for dell |
"{8BCA7BBC-C71D-46D7-8051-036539B563D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8F194D83-EBD1-40BA-AA17-51F8CF01526A}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{9129B646-D88E-448E-B695-52C3878728B0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{96E69D93-EEF4-4094-9A0B-86F1FE936FB3}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{97D1C283-4BEA-4285-9FF8-AAA0EEF14F4D}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9BBE9173-632E-4629-9F27-43F64F1636DA}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{9EE314FF-D05F-482F-ADBC-AADD92373E08}" = dir=in | name=@{microsoft.xboxcompanion_1.2.160.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{A9459BD8-8220-4981-844F-32E63C1CEE8C}" = dir=out | name=ebay |
"{AB1C3FFD-863F-4DF8-94FD-971C2A4F68BD}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe |
"{AC9E0AD6-C1F0-4559-93DB-1ECCC75A3D58}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AF2A6F2E-F4C7-4584-A563-868856E58F11}" = dir=out | name=@{microsoft.bingnews_1.7.0.27_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{B00B17E5-6900-4F02-AE0B-2D142B705A39}" = protocol=58 | dir=out | [email protected],-28546 |
"{B190922E-B37B-413B-B5A2-32D3A91AD34D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B3C714BE-6744-42A4-80D4-82DF1AA02859}" = dir=out | name=@{828b5831.standofood3_1.2.3.0_x86__ytsefhwckbdv6?ms-resource://828b5831.standofood3/resources/kd_app_name} |
"{B4951100-A910-4C8F-8D47-A437B8DA455D}" = dir=out | name=mcafee security advisor for dell |
"{B8D6BB4F-C3A2-4E77-A7B3-6055A5F528DB}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{BA51FB10-4A9F-4509-8BD8-985006978C39}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{C1982F3C-DD47-47B3-8D4B-F5C0D7E05120}" = protocol=6 | dir=out | app=system |
"{C3414FA3-7D5D-45CF-9ACE-BE4926911FFF}" = dir=out | name=@{microsoft.bingweather_2.0.0.288_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{CDCE1796-72E3-438E-A8EC-D55BD9D232A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D23D57D1-CA09-4448-9122-F1F67940F475}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D4DED4C6-17B2-4B32-873A-A9E25F1B42F9}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{D96AA776-3EEA-4B85-8BAB-B7127BA6B991}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DB5AEF9E-AD04-406A-93AA-E26BD878A654}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{E134CBEB-6208-4FED-B948-551607D88D99}" = dir=in | name=skype |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EB20420F-F7D4-4041-9014-1BA6E5F9E06F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F21343EA-675C-4388-80DF-D5FCC7BFF9CE}" = dir=in | name=@{828b5831.standofood3_1.2.3.0_x86__ytsefhwckbdv6?ms-resource://828b5831.standofood3/resources/kd_app_name} |
"{F38F6FFC-C867-442B-AB8F-028DDCD376D6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F391B00C-EA78-4DF1-A934-A202A3608670}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F3EC5913-E04D-4D43-9D39-F4D3ABE584A4}" = dir=out | name=@{microsoft.bingfinance_2.0.0.300_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{F4C53F12-E81D-4016-A10E-A966B47B90BF}" = dir=out | name=@{microsoft.bingfinance_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FB768954-A1BE-4593-BD1A-EEDCF8B3D0A5}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series" = Canon MX320 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{427174C0-096E-40D9-9684-9C109BEE2CBF}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{72AAF455-1E54-475B-B0AB-5413C78D0E63}" = SpyHunter
"{7648D847-AEBC-4DEF-ADA2-F93314A5F4F2}" = SLOW-PCfighter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"HomeStudentRetail - en-us" = Microsoft Office Home and Student 2013 - en-us
"PC-Doctor for Windows" = My Dell
"SLOW-PCfighter" = SLOW-PCfighter
"SynTPDeinstKey" = Dell Touchpad

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}" = Amazon Browser App
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell Backup and Recovery
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}" = Level Quality Watcher
"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation
"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{66986E4B-E9FB-47C2-83FB-59AD8E40386A}" = FULL-DISKfighter
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (English) 2010
"{90140000-001C-0409-0000-0000000FF1CE}_Office14.AccessRT_{FF0EF2BE-3400-4E0C-BE30-6D04441CE0ED}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{95140000-0137-0409-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B65F9A3-9D24-452A-B6EF-1457D65E4259}" = ScorpionSaver
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell Backup and Recovery - Support Software
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint 2.5
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{D5FFAC59-7519-4652-AD8C-FBFA97AEE1DA}" = DRIVERfighter
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DB9BF6DA-8030-4A21-9FF4-8856A7556FCF}" = CWA Reminder by We-Care.com v4.1.22.3
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FC279721-37A6-4777-AFD8-7A56681EBA14}" = Expert PDF 7 Reader
"{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"7-Zip 9.20" = 7-Zip 9.20
"ChurchTrac9" = ChurchTrac 9
"DMUninstaller" = DMUninstaller
"Driver Genius_is1" = Driver Genius
"DRIVERfighter" = DRIVERfighter
"FULL-DISKfighter" = FULL-DISKfighter
"GigaClicks Crawler" = GigaClicks Crawler
"Google Chrome" = Google Chrome
"InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}" = CyberLink Media Suite Essentials
"JFileManager" = JFileManager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Office14.AccessRT" = Microsoft Access Runtime 2010
"SaveValet_IE" = SaveValet IE - Stop overpaying! Instantly get the lowest price and best deals right as you shop.
"Smart PC Cleaner_is1" = Smart PC Cleaner v3.2
"The Sea App" = The Sea App (Internet Explorer)
"The Weather Channel App" = The Weather Channel App
"WinLiveSuite" = Windows Live Essentials
"WPM" = WPM17.8.0.3159
"Yahoo Browser Settings" = Yahoo Browser Settings
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6c2290d276fa0f0d" = RabbitTV
"9ad9d590eb5ea26e" = FileWhiz
"Severe Weather Alerts" = Severe Weather Alerts
"SkyDriveSetup.exe" = Microsoft SkyDrive
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/14/2013 11:20:48 PM | Computer Name = SDC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 3608 Start
Time: 01cef94383d44604 Termination Time: 31 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: e178a456-6537-11e3-bed2-b8763f1350bc Faulting package
full name: Faulting package-relative application ID:

Error - 12/14/2013 11:22:59 PM | Computer Name = SDC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 99a8 Start
Time: 01cef94383cec6c8 Termination Time: 30 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 3020ef82-6538-11e3-bed2-b8763f1350bc Faulting package
full name: Faulting package-relative application ID:

Error - 12/14/2013 11:23:46 PM | Computer Name = SDC | Source = Application Hang | ID = 1002
Description = The program IEXPLORE.EXE version 10.0.9200.16537 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: b178 Start
Time: 01cef944f4a3841c Termination Time: 22 Application Path: C:\Program Files (x86)\Internet
Explorer\IEXPLORE.EXE Report Id: 4c291978-6538-11e3-bed2-b8763f1350bc Faulting package
full name: Faulting package-relative application ID:

Error - 12/14/2013 11:27:41 PM | Computer Name = SDC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: IECore.dll, version: 0.0.0.0, time
stamp: 0x529ce18d Exception code: 0xc0000005 Fault offset: 0x000015e5 Faulting process
id: 0xb948 Faulting application start time: 0x01cef944f4a35d03 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\ScorpionSaver\IECore.dll Report Id: da0ebc36-6538-11e3-bed2-b8763f1350bc
Faulting
package full name: Faulting package-relative application ID:

Error - 12/14/2013 11:30:07 PM | Computer Name = SDC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: IECore.dll, version: 0.0.0.0, time
stamp: 0x529ce18d Exception code: 0xc0000005 Fault offset: 0x000015e5 Faulting process
id: 0x27c4 Faulting application start time: 0x01cef945a2694d93 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\ScorpionSaver\IECore.dll Report Id: 31523c54-6539-11e3-bed2-b8763f1350bc
Faulting
package full name: Faulting package-relative application ID:

Error - 12/14/2013 11:49:00 PM | Computer Name = SDC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: IECore.dll, version: 0.0.0.0, time
stamp: 0x529ce18d Exception code: 0xc0000005 Fault offset: 0x000015e5 Faulting process
id: 0x4280 Faulting application start time: 0x01cef945a2622066 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\ScorpionSaver\IECore.dll Report Id: d4a6e6a5-653b-11e3-bed2-b8763f1350bc
Faulting
package full name: Faulting package-relative application ID:

Error - 12/15/2013 12:41:21 AM | Computer Name = SDC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 12/15/2013 3:49:53 PM | Computer Name = SDC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1172

Error - 12/15/2013 3:49:53 PM | Computer Name = SDC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1172

Error - 12/15/2013 3:53:04 PM | Computer Name = SDC | Source = Application Error | ID = 1000
Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16537,
time stamp: 0x512347f7 Faulting module name: IECore.dll, version: 0.0.0.0, time
stamp: 0x529ce18d Exception code: 0xc0000005 Fault offset: 0x000015e5 Faulting process
id: 0x44c4 Faulting application start time: 0x01cef948994ebeb6 Faulting application
path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
C:\Program Files (x86)\ScorpionSaver\IECore.dll Report Id: 820a72dc-65c2-11e3-bed2-b8763f1350bc
Faulting
package full name: Faulting package-relative application ID:

[ System Events ]
Error - 12/8/2013 12:44:31 AM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =

Error - 12/8/2013 12:44:31 AM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =

Error - 12/8/2013 10:56:14 PM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =

Error - 12/8/2013 10:56:14 PM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =

Error - 12/8/2013 10:56:20 PM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =

Error - 12/9/2013 7:13:29 PM | Computer Name = SDC | Source = DCOM | ID = 10010
Description =

Error - 12/9/2013 7:14:19 PM | Computer Name = SDC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the SftService service.

Error - 12/9/2013 7:15:40 PM | Computer Name = SDC | Source = DCOM | ID = 10016
Description =
several pop ups, nation zoom has taken over my search engines and full diskfighter keeps popping up.


Error - 12/9/2013 7:36:56 PM | Computer Name = SDC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series
Chipset Family SATA AHCI Controller.

Error - 12/9/2013 8:42:29 PM | Computer Name = SDC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070103: Intel Corporation - Storage Controller - Intel® 7 Series
Chipset Family SATA AHCI Controller.


< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 21 December 2013 - 07:22 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sedward68

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
sedward68
Posted 22 December 2013 - 01:19 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I haven't used it much so don't know if things are better. They seem to be. Here are my two logs

Thanks for the help!

# AdwCleaner v3.015 - Report created 21/12/2013 at 11:13:02
# Updated 10/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : shareda73 - SDC
# Running from : C:\Users\shareda73\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : 70e6ca8c
[#] Service Deleted : BackupStack
[#] Service Deleted : bonanzadealslive
[#] Service Deleted : bonanzadealslivem
[#] Service Deleted : DefaultTabSearch
Service Deleted : DefaultTabUpdate
Service Deleted : Level Quality Watcher
[#] Service Deleted : Update BuzzSearch
[#] Service Deleted : Util BuzzSearch
Service Deleted : Wpm

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smart pc cleaner
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
[!] Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\BuzzSearch
Folder Deleted : C:\Program Files (x86)\DefaultTab
Folder Deleted : C:\Program Files (x86)\driver-soft
Folder Deleted : C:\Program Files (x86)\Level Quality Watcher
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\Mysearchdial
Folder Deleted : C:\Program Files (x86)\optimizer pro
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files (x86)\smart pc cleaner
Folder Deleted : C:\Program Files (x86)\Uniblue\DriverScanner
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\ShaReda\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\ShaReda\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\ShaReda\AppData\Roaming\DefaultTab
Folder Deleted : C:\Users\ShaReda\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\ShaReda\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\ShaReda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals
Folder Deleted : C:\Users\ShaReda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\shareda73\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\shareda73\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\shareda73\AppData\Roaming\smart pc cleaner
Folder Deleted : C:\Users\shareda73\AppData\Roaming\Uniblue\DriverScanner
Folder Deleted : C:\Users\shareda73\Documents\optimizer pro
Folder Deleted : C:\Users\shareda73\Documents\smart pc cleaner
Folder Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Folder Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Folder Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Folder Deleted : C:\Users\ShaReda\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg
File Deleted : C:\Users\ShaReda\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\ShaReda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Users\ShaReda\Desktop\MyPC Backup.lnk
File Deleted : C:\Users\ShaReda\Desktop\MySearchDial.url
File Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
File Deleted : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
File Deleted : C:\Users\ShaReda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore
File Deleted : C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA
File Deleted : C:\Windows\System32\Tasks\BonanzaDealsUpdate
File Deleted : C:\Windows\Tasks\dsmonitor.job
File Deleted : C:\Windows\System32\Tasks\dsmonitor
File Deleted : C:\Windows\Tasks\MySearchDial.job
File Deleted : C:\Windows\System32\Tasks\MySearchDial
File Deleted : C:\Windows\System32\Tasks\SpyHunter4Startup
File Deleted : C:\Windows\Tasks\UpdaterEX.job
File Deleted : C:\Windows\System32\Tasks\UpdaterEX

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\shareda73\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\shareda73\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\shareda73\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\shareda73\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\shareda73\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Smart PC Cleaner]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\BonanzaDealsLiveUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Key Deleted : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38495740-0035-4471-851E-F5BBB86AB085}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{118E1BF6-6279-432F-A285-373A77B90C7A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14CEEA2F-3D21-46ED-A7D2-89056C520E5E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1CC8D970-F626-4F19-815F-890032BB6606}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B5E5D0E-7C83-4A32-ADD2-E5F488DD6783}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6802463D-636F-41FE-9924-4CAD56906590}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{806785D0-375F-4C2C-92E3-B8EE65D28E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82E74373-58AB-47EB-B0F0-A1D82BB8EB5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{944661E7-67B9-4DF7-BFF2-05388C166D34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9EA8702C-EEDB-4731-BE68-E9A167DD3597}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A7CF66EF-4F0D-46B1-AF71-A500378D6C34}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B71934E5-6B93-448D-9D32-CBAA5150C5D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D34F391D-4CB7-467F-A543-F583857C63B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E970727E-0508-4BEB-8B72-BBA9D0D047C7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF1F869-D2F0-4D31-A877-386C853A9C3D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3CF4912-CF0A-451B-AF3B-C4F216C715E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F904AC50-215C-42AB-A532-77E9FDBA9B19}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{396ECD31-EDF7-489F-BDA1-83DBA4C36E81}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5CF5A690-C8F4-488E-9D20-F21AEF602D41}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE063412-BEA4-4D76-8ED3-183BE6220D17}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1E28287-1A31-4B0F-8D05-AA8C465D3C5A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{29494049-211F-4F5C-8545-7DA8BF7A6CF8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33BAF587-9647-4281-A34F-F4830CDC1B9F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C4BEF720-313C-420A-ACF6-77DD95D8F553}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D0EC4142-5808-41D2-A4DC-6081CF1A9693}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\Scorpion Saver
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\BonanzaDealsLive
Key Deleted : HKLM\Software\BuzzSearch
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\nationzoomSoftware
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bonanza Deals
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BuzzSearch
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\ShaReda\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

[ File : C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [26563 octets] - [21/12/2013 11:12:07]
AdwCleaner[S0].txt - [24344 octets] - [21/12/2013 11:13:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24405 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by shareda73 on Sun 12/22/2013 at 13:05:54.11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] suite service
Successfully deleted: [Service] suite service



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\commontoolkittray
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\starter
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F0F12903-DE76-4DF7-BCDC-0A0689151189}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\theseaapp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadeals
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\bonanzadealslive
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\savevalet_ie
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C585D593-E7F3-4852-A200-561686EE02E4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}



~~~ Files

Successfully deleted: [File] "C:\Windows\Tasks\driverfighter auto start.job"
Successfully deleted: [File] "C:\Users\shareda73\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\shareda73\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Program Files (x86)\fighters"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/22/2013 at 13:14:32.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr
Posted 22 December 2013 - 05:35 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sedward68

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
sedward68
Posted 22 December 2013 - 10:35 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is the log. Also, when I ran a couple of the programs, I had this application error to pop up:

Exception EAccessViolation in module ERUNT.3XE at 00003A38. Access violiation at address 00403A38 in module 'ERUNT.3XE. Read of address 0076005D.

ComboFix 13-12-21.01 - shareda73 12/22/2013 21:52:52.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3965.2646 [GMT -6:00]
Running from: c:\users\shareda73\Desktop\ComboFix.exe
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6422\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6422\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\users\SHARED~1\AppData\Local\Temp\GC\Profiles\{8C1A5ED1-557F-481D-BD1E-04333EB9FC94}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{23FA2994-0213-4175-B336-A3E56428F02B}.xps
c:\users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{25E0F0D9-198B-4A67-9CC2-EC0D98E96C7C}.xps
c:\users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{28CC21FF-E8BD-4C99-8CBB-C2BC5CC5E4AF}.xps
c:\users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{46FC674B-B68D-4ED6-8185-931942800B89}.xps
c:\users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C0B2B17-EF7B-4F03-9D90-E5C56157E45A}.xps
c:\users\shareda73\AppData\Local\Temp\GC\Profiles\{8C1A5ED1-557F-481D-BD1E-04333EB9FC94}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}
c:\windows\Installer\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}\icon64.ico
.
.
((((((((((((((((((((((((( Files Created from 2013-11-23 to 2013-12-23 )))))))))))))))))))))))))))))))
.
.
2013-12-23 04:12 . 2013-12-23 04:12 -------- d-----w- c:\users\ShaReda\AppData\Local\temp
2013-12-23 04:12 . 2013-12-23 04:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-22 19:16 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C9D300CF-32B5-42F2-A094-CD7428E79BBE}\mpengine.dll
2013-12-21 17:12 . 2013-12-21 17:13 -------- d-----w- C:\AdwCleaner
2013-12-21 16:59 . 2013-12-21 16:59 232112 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10228.bin
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\users\shareda73\AppData\Roaming\Malwarebytes
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\programdata\Malwarebytes
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:41 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 22:30 . 2013-12-17 22:30 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-12-17 22:25 . 2013-12-17 22:25 -------- d-----w- c:\users\ShaReda\AppData\Local\Apple Computer
2013-12-15 00:56 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 00:56 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 00:55 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 00:55 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 00:55 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 00:55 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-13 03:40 . 2013-10-19 05:45 62976 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-13 03:40 . 2013-10-19 04:04 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-13 03:40 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 03:38 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-09 03:10 . 2012-06-22 17:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe
2013-12-09 03:10 . 2013-12-09 03:10 -------- d-----w- C:\sh4ldr
2013-12-09 03:10 . 2013-12-09 03:10 -------- d-----w- c:\program files\Enigma Software Group
2013-12-09 03:08 . 2013-12-09 03:10 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-09 03:08 . 2013-12-09 03:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-12-08 00:38 . 2013-12-08 00:38 -------- d-----w- c:\program files\Uninstaller
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\program files (x86)\JFileManager
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\users\shareda73\AppData\Local\GCC
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\users\shareda73\AppData\Local\Programs
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\programdata\WPM
2013-11-24 21:52 . 2013-11-24 21:52 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2013-11-24 21:50 . 2013-11-24 21:50 -------- d-----w- c:\programdata\Common Toolkit Suite
2013-11-24 21:50 . 2013-12-21 17:13 -------- d-----w- c:\users\shareda73\AppData\Roaming\Uniblue
2013-11-24 21:50 . 2013-12-21 17:13 -------- d-----w- c:\program files (x86)\Uniblue
2013-11-24 21:49 . 2013-11-24 21:49 -------- d-----w- c:\users\shareda73\AppData\Local\Weather_Notifications,_LL
2013-11-24 21:49 . 2013-12-21 17:25 -------- d-----w- c:\users\shareda73\AppData\Local\SevereWeatherAlerts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 01:10 . 2013-05-13 03:16 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 00:53 . 2012-07-26 08:14 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-09-29 21:04 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-19 02:06 . 2013-04-18 02:13 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-16 01:20 . 2013-05-19 03:18 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-06 03:09 . 2013-04-18 02:13 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-10-10 11:53 . 2013-11-15 01:34 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-15 01:34 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-15 01:34 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-15 01:34 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-15 01:34 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-15 01:35 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-15 01:34 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-15 01:35 2304512 ----a-w- c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-15 01:34 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
2013-08-27 02:52 184496 ----a-w- c:\users\ShaReda\AppData\Local\ArcadeParlor\Arcadeparlor.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-09-02 257136]
"GoogleChromeAutoLaunch_0EAF04DA78CC2D4DA23CF4718E40E892"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Severe Weather Alerts App.lnk - c:\users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [2013-7-8 348384]
Severe Weather Alerts.lnk - c:\users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe /restart [2013-7-1 84184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 Common Toolkit 2;Common Toolkit 2;c:\program files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe;c:\program files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 04:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-21 c:\windows\Tasks\ArcadeParlor.job
- c:\users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [2013-08-27 02:52]
.
2013-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 16:43]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 16:43]
.
2013-12-23 c:\windows\Tasks\SLOW-PCfighter64-ShaReda-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08 17:28]
.
2013-12-21 c:\windows\Tasks\SLOW-PCfighter64-ShaReda-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08 17:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"BtPreLoad"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe" [2012-12-28 64640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-FDPRO-501 - c:\program files (x86)\Fighters\FighterLauncher.exe
BHO-{F0F12903-DE76-4DF7-BCDC-0A0689151189} - c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll
Toolbar-Locked - (no file)
AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-DRIVERfighter - c:\program files (x86)\Fighters\DRIVERfighter\Uninstall.exe
AddRemove-FULL-DISKfighter - c:\program files (x86)\Fighters\FULL-DISKfighter\Uninstall.exe
AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe
.
.
.
Completion time: 2013-12-22 22:30:36
ComboFix-quarantined-files.txt 2013-12-23 04:30
.
Pre-Run: 432,740,061,184 bytes free
Post-Run: 434,205,573,120 bytes free
.
- - End Of File - - 7F16015577AD41E9D8EFCEFCD62FC7A7
5FB38429D5D77768867C76DCBDB35194


thanks
sedward68
  • 0

#6
gringo_pr
Posted 23 December 2013 - 03:25 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sedward68

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#7
sedward68
Posted 23 December 2013 - 06:44 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I still received the following error at the end of stage 2 and towards the end before the log popped up.

Exception EAccessViolation in module ERUNT.3XE at 00003A38. Access violiation at address 00403A38 in module 'ERUNT.3XE. Read of address 0076005D.

I also had a couple of pop ups that I have saved to a word document and have attached to reply. I did some browsing on web and it seems to doing fine.

Also, I didn't know if this was from the problems I was having or not, but when I save a picture from like facebook, it saves it as a pdf and will not open it. Is that a setting somewhere that I might could change?


Thanks for your help. Here is the log from combo fix.

ComboFix 13-12-23.01 - shareda73 12/23/2013 16:33:00.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3965.2240 [GMT -6:00]
Running from: c:\users\shareda73\Desktop\ComboFix.exe
Command switches used :: c:\users\shareda73\Desktop\CFScript.txt
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6422\AddOnDownloaded\02d6010d-b288-4157-bbcc-a3d510d3fba5.dll
c:\programdata\PCDr\6422\AddOnDownloaded\143c46ba-b979-4e38-9815-2373de9333aa.dll
c:\programdata\PCDr\6422\AddOnDownloaded\1aff7cd0-71c5-4682-8a81-f3488d648a52.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4024761b-0217-45f9-98b3-a2cd8c309252.dll
c:\programdata\PCDr\6422\AddOnDownloaded\409161a3-28c9-4482-9613-e7ca2e306fef.dll
c:\programdata\PCDr\6422\AddOnDownloaded\4c09e0ec-d531-4d04-a038-3dd30a795474.dll
c:\programdata\PCDr\6422\AddOnDownloaded\5eb0ad41-431b-4bf8-b498-110b0b5cd0ab.dll
c:\programdata\PCDr\6422\AddOnDownloaded\61c13bfc-28f4-44bc-beec-efa429fa40f0.dll
c:\programdata\PCDr\6422\AddOnDownloaded\6edf11af-92e6-490d-af58-febeeb0cdb04.dll
c:\programdata\PCDr\6422\AddOnDownloaded\721f0e40-f9ae-403d-b919-f31f136f926d.dll
c:\programdata\PCDr\6422\AddOnDownloaded\9ed1246c-39a1-403b-9134-f313ebd75cb8.dll
c:\programdata\PCDr\6422\AddOnDownloaded\a42876a0-cd50-444f-b999-c31d0b73f57c.dll
c:\programdata\PCDr\6422\AddOnDownloaded\b46fef86-eb4a-44db-ad48-0c00477a0097.dll
c:\programdata\PCDr\6422\AddOnDownloaded\c6ca3141-c4ef-404d-b1c2-840d38395e80.dll
c:\programdata\PCDr\6422\AddOnDownloaded\ec1edaed-f34f-4e3a-96eb-bbdad2af9a8a.dll
c:\programdata\PCDr\6422\AddOnDownloaded\f63e05a5-1f40-4c42-b80a-d0995b6e38a7.dll
c:\users\SHARED~1\AppData\Local\Temp\GC\Profiles\{8F129E83-A0E3-484F-9EC5-8DA9D23A2EC8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\SHARED~1\AppData\Local\Temp\GC\Profiles\{E6095AEB-E852-446A-A3F6-C958750080BB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\shareda73\AppData\Local\Temp\GC\Profiles\{8F129E83-A0E3-484F-9EC5-8DA9D23A2EC8}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\shareda73\AppData\Local\Temp\GC\Profiles\{E6095AEB-E852-446A-A3F6-C958750080BB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-11-23 to 2013-12-23 )))))))))))))))))))))))))))))))
.
.
2013-12-23 22:46 . 2013-12-23 22:46 -------- d-----w- c:\users\ShaReda\AppData\Local\temp
2013-12-23 22:46 . 2013-12-23 22:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-23 22:46 . 2013-12-23 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-12-23 12:30 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BEE8F298-98DC-4A87-A204-1724E78CDE0C}\mpengine.dll
2013-12-21 17:12 . 2013-12-21 17:13 -------- d-----w- C:\AdwCleaner
2013-12-21 16:59 . 2013-12-21 16:59 232112 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10228.bin
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\users\shareda73\AppData\Roaming\Malwarebytes
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\programdata\Malwarebytes
2013-12-21 16:41 . 2013-12-21 16:41 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-12-21 16:41 . 2013-04-04 20:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-17 22:30 . 2013-12-17 22:30 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2013-12-17 22:25 . 2013-12-17 22:25 -------- d-----w- c:\users\ShaReda\AppData\Local\Apple Computer
2013-12-15 00:56 . 2013-11-01 01:45 23350272 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 00:56 . 2013-11-01 01:16 22615040 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-12-15 00:55 . 2013-11-23 06:43 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-15 00:55 . 2013-11-23 05:05 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-12-15 00:55 . 2013-11-01 05:38 312320 ----a-w- c:\windows\system32\msieftp.dll
2013-12-15 00:55 . 2013-11-01 03:49 273408 ----a-w- c:\windows\SysWow64\msieftp.dll
2013-12-13 03:40 . 2013-10-19 05:45 62976 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-13 03:40 . 2013-10-19 04:04 59392 ----a-w- c:\windows\SysWow64\imagehlp.dll
2013-12-13 03:40 . 2013-11-06 23:18 4036608 ----a-w- c:\windows\system32\win32k.sys
2013-12-13 03:38 . 2013-09-28 03:35 288768 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-09 03:10 . 2012-06-22 17:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconF7A21AF7.exe
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\IconD7F16134.exe
2013-12-09 03:10 . 2013-12-09 03:10 110080 ----a-r- c:\users\shareda73\AppData\Roaming\Microsoft\Installer\{72AAF455-1E54-475B-B0AB-5413C78D0E63}\Icon1226A4C5.exe
2013-12-09 03:10 . 2013-12-09 03:10 -------- d-----w- C:\sh4ldr
2013-12-09 03:10 . 2013-12-09 03:10 -------- d-----w- c:\program files\Enigma Software Group
2013-12-09 03:08 . 2013-12-09 03:10 -------- d-----w- c:\windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-12-09 03:08 . 2013-12-09 03:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-12-08 00:38 . 2013-12-08 00:38 -------- d-----w- c:\program files\Uninstaller
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\program files (x86)\JFileManager
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\users\shareda73\AppData\Local\GCC
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\users\shareda73\AppData\Local\Programs
2013-12-08 00:36 . 2013-12-08 00:36 -------- d-----w- c:\programdata\WPM
2013-11-24 21:52 . 2013-11-24 21:52 -------- d-----w- c:\program files (x86)\Common Files\Common Toolkit Suite
2013-11-24 21:50 . 2013-11-24 21:50 -------- d-----w- c:\programdata\Common Toolkit Suite
2013-11-24 21:50 . 2013-12-21 17:13 -------- d-----w- c:\users\shareda73\AppData\Roaming\Uniblue
2013-11-24 21:50 . 2013-12-21 17:13 -------- d-----w- c:\program files (x86)\Uniblue
2013-11-24 21:49 . 2013-11-24 21:49 -------- d-----w- c:\users\shareda73\AppData\Local\Weather_Notifications,_LL
2013-11-24 21:49 . 2013-12-23 22:51 -------- d-----w- c:\users\shareda73\AppData\Local\SevereWeatherAlerts
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-15 01:10 . 2013-05-13 03:16 90708896 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 00:53 . 2012-07-26 08:14 78304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-04 00:53 . 2012-07-26 08:14 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-19 10:21 . 2013-09-29 21:04 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-19 02:06 . 2013-04-18 02:13 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-16 01:20 . 2013-05-19 03:18 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-06 03:09 . 2013-04-18 02:13 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-10-10 11:53 . 2013-11-15 01:34 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-10-10 09:21 . 2013-11-15 01:34 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-10 09:20 . 2013-11-15 01:34 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-10-02 23:25 . 2013-11-15 01:34 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-10-01 23:37 . 2013-11-15 01:34 1569280 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-10-01 23:37 . 2013-11-15 01:35 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-10-01 23:26 . 2013-11-15 01:34 1890816 ----a-w- c:\windows\system32\crypt32.dll
2013-10-01 23:26 . 2013-11-15 01:35 2304512 ----a-w- c:\windows\system32\authui.dll
2013-10-01 22:22 . 2013-11-15 01:34 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll" [2013-08-07 1561880]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745}]
2013-08-27 02:52 184496 ----a-w- c:\users\ShaReda\AppData\Local\ArcadeParlor\Arcadeparlor.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-02 20:30 222832 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyDrive"="c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-09-02 257136]
"GoogleChromeAutoLaunch_0EAF04DA78CC2D4DA23CF4718E40E892"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-12-04 863184]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
.
c:\users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Severe Weather Alerts App.lnk - c:\users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe [2013-7-8 348384]
Severe Weather Alerts.lnk - c:\users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe /restart [2013-7-1 84184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 Common Toolkit 2;Common Toolkit 2;c:\program files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe;c:\program files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe [x]
R3 DellRbtn;Airplane Mode Switch;c:\windows\System32\drivers\DellRbtn.sys;c:\windows\SYSNATIVE\drivers\DellRbtn.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe;c:\program files (x86)\Dell Backup and Recovery\sftservice.exe [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-05 04:05 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-05-11 10:37 215416 ----a-w- c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-23 c:\windows\Tasks\ArcadeParlor.job
- c:\users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [2013-08-27 02:52]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 16:43]
.
2013-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-15 16:43]
.
2013-12-23 c:\windows\Tasks\SLOW-PCfighter64-ShaReda-Notification.job
- c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2013-08-08 17:28]
.
2013-12-23 c:\windows\Tasks\SLOW-PCfighter64-ShaReda-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter64.exe [2013-08-08 17:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0F12903-DE76-4DF7-BCDC-0A0689151189}]
c:\program files (x86)\SaveValet\ie\SaveValetIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-09-02 20:31 261744 ----a-w- c:\users\shareda73\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-16 01:24 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-16 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-16 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-16 441888]
"BtPreLoad"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtPreLoad.exe" [2012-12-28 64640]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
AddRemove-Driver Genius_is1 - c:\program files (x86)\Driver-Soft\DriverGenius\unins000.exe
AddRemove-DRIVERfighter - c:\program files (x86)\Fighters\DRIVERfighter\Uninstall.exe
AddRemove-FULL-DISKfighter - c:\program files (x86)\Fighters\FULL-DISKfighter\Uninstall.exe
AddRemove-Smart PC Cleaner_is1 - c:\program files (x86)\Smart PC Cleaner\unins000.exe
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
c:\program files (x86)\Dell Backup and Recovery\TOASTER.EXE
.
**************************************************************************
.
Completion time: 2013-12-23 17:07:44 - machine was rebooted
ComboFix-quarantined-files.txt 2013-12-23 23:07
ComboFix2.txt 2013-12-23 04:30
.
Pre-Run: 430,943,313,920 bytes free
Post-Run: 435,451,707,392 bytes free
.
- - End Of File - - 718DC8D810E15D572B158FF2184F9237
5FB38429D5D77768867C76DCBDB35194

Edited by sedward68, 23 December 2013 - 06:52 PM.

  • 0

#8
gringo_pr
Posted 24 December 2013 - 10:10 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sedward68

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#9
sedward68
Posted 24 December 2013 - 01:35 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here is your report

7-Zip 9.20
Adobe Reader XI (11.0.05)
Amazon Browser App
Apple Application Support
Apple Software Update
ChurchTrac 9
Compatibility Pack for the 2007 Office system
CWA Reminder by We-Care.com v4.1.22.3
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell WLAN and Bluetooth Client Installation
DMUninstaller
Driver Genius
DRIVERfighter
Expert PDF 7 Reader
FileWhiz
FULL-DISKfighter
GigaClicks Crawler
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
JFileManager
Level Quality Watcher
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
Movie Maker
MSVCRT
MSVCRT110
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Localization Component
Photo Common
Photo Gallery
RabbitTV
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
ScorpionSaver
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Severe Weather Alerts
Smart PC Cleaner v3.2
The Sea App (Internet Explorer)
The Weather Channel App
Unity Web Player
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WPM17.8.0.3159
Yahoo Browser Settings
Yahoo! Toolbar
  • 0

#10
gringo_pr
Posted 24 December 2013 - 07:41 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

ScorpionSaver
 [/list]

Please download and install Revo Uninstaller Free

  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. default settings are fine
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

Advertisements

#11
sedward68
Posted 24 December 2013 - 09:56 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I still had a couple of ad pop up ads while going through the steps you gave me. Here are the logs you requested.

Thanks

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:53:33 PM, on 12/24/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Users\shareda73\Desktop\HijackThis.exe
C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_0EAF04DA78CC2D4DA23CF4718E40E892] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: We-Care Add-on - {6ED0A312-78F5-493C-A90C-5DAF321D0BF8} - C:\ProgramData\WeCareReminder\IEMenuItem.dll (file missing) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - (no file)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Common Toolkit 2 - SPAMfighter ApS - C:\Program Files (x86)\Common Files\Common Toolkit Suite\Tools\x64\CommonToolkit2.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

--
End of file - 10720 bytes


Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.24.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16750
shareda73 :: SDC [administrator]

Protection: Enabled

12/24/2013 8:34:42 PM
mbam-log-2013-12-24 (20-34-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245387
Time elapsed: 6 minute(s), 25 second(s)

Memory Processes Detected: 2
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts) -> 5064 -> Delete on reboot.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts) -> 5032 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2D33ED6-EBBD-467C-BF6F-F175D9B51363} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BAD84EE2-624D-4e7c-A8BB-41EFD720FD77} (PUP.Optional.DefaultTab.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WPM (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\The Sea App (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE} (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
HKCR\CLSID\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39AD0726-986D-40F9-972B-E3BFA24B7745} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1F29738C-11D6-4AE5-A1B1-86D4D5F3A69C} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
HKCR\Interface\{96B4DEA0-F89C-475C-8124-B247260B7CB5} (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19DC5AB8-0792-4875-8F1B-896C5A9CE6AE}|DisplayName (PUP.Optional.Adpeak) -> Data: Level Quality Watcher -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 10
C:\Program Files (x86)\The Sea App (Internet Explorer) (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1207150652 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1211144708 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hm1mcf4fq0h1ztgt3hc2qon5wymjhsf4 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hm1mcf4fq0h1ztgt3hc2qon5wymjhsf4\1.21.0.0 (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\ShaReda\AppData\Local\ArcadeParlor (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.

Files Detected: 42
C:\ProgramData\WPM\wprotectmanager.exe (PUP.Optional.WpManager.A) -> Quarantined and deleted successfully.
C:\Temp\scorpionsaver.exe (PUP.Optional.ScorpionSaver) -> Quarantined and deleted successfully.
C:\Temp\ScorpionSaver.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\uninstall.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\ShaReda\Local Settings\Temporary Internet Files\Content.IE5\2CXQNUCQ\7zip_bimo_1928.exe (PUP.Optional.InstallIQ) -> Quarantined and deleted successfully.
C:\Users\ShaReda\Local Settings\Temporary Internet Files\Content.IE5\2CXQNUCQ\Setup[1].exe (PUP.Optional.BuzzSearch.A) -> Quarantined and deleted successfully.
C:\Users\ShaReda\Local Settings\Temporary Internet Files\Content.IE5\DCSGDRUT\Firefox_Setup.exe (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.
C:\Users\ShaReda\Local Settings\Temporary Internet Files\Content.IE5\FF3TWZKQ\fileviewer.exe (PUP.Optional.InstallIQ.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\49a40c4.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\Windows\Installer\a695767.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Windows\Installer\a6ac203.msi (PUP.Optional.Adpeak) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll.config (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Interop.SHDocVw.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Microsoft.mshtml.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\SpicIEx.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\The Sea App.dll (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Program Files (x86)\The Sea App (Internet Explorer)\Uninstall.exe (PUP.Optional.TheSeaApp.A) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\ICSharpCode.SharpZipLib.dll (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\mod.SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlerts.exe (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp.exe (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsApp0.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsAppAPI.dll (PUP.Optional.SevereWeatherAlerts) -> Delete on reboot.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsBrowser.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsK.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SevereWeatherAlertsU.dat (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\SWAUpdater.exe (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1207150652\3598.3598.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1207150652\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1211144708\3603.3603.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\SevereWeatherAlerts\1211144708\mergetree (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Severe Weather Alerts\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts App.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Severe Weather Alerts.lnk (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hm1mcf4fq0h1ztgt3hc2qon5wymjhsf4\1.21.0.0\user.config (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hm1mcf4fq0h1ztgt3hc2qon5wymjhsf4\1.21.0.0\xepuyzpt.newcfg (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\shareda73\AppData\Local\Weather_Notifications,_LL\SevereWeatherAlerts.exe_Url_hm1mcf4fq0h1ztgt3hc2qon5wymjhsf4\1.21.0.0\xepuyzpt.tmp (PUP.Optional.SevereWeatherAlerts) -> Quarantined and deleted successfully.
C:\Users\ShaReda\AppData\Local\ArcadeParlor\ap.config (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\ShaReda\AppData\Local\ArcadeParlor\Arcadeparlor.dll (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\ShaReda\AppData\Local\ArcadeParlor\removal.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.
C:\Users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe (PUP.Optional.ArcadeParlor.A) -> Quarantined and deleted successfully.

(end)
  • 0

#12
gringo_pr
Posted 26 December 2013 - 08:05 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello sedward68

Which browser do you get the Popups?

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit
2.Unzip the contents to a folder in a convenient location.
3.Open the folder where the contents were unzipped and run mbar.exe
4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.
6.Wait while the system shuts down and the cleanup process is performed.
7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
•Internet access
•Windows Update
•Windows Firewall9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.
10.Verify that your system is now functioning normally.


--RogueKiller--

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • the scan will make two reports the one I would like to see is called RKreport[2].txt on your Desktop
  • Exit/Close RogueKiller+

send me the reports made from MBAR and Roguekiller and also let me know how the computer is doing at this time.

Gringo






When you are complete please send me both reports

Gringo
  • 0

#13
sedward68
Posted 26 December 2013 - 10:50 PM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
It seems to be doing well. I did notice that MBAM popped up a couple of windows to the side that stated they had blocked potential malicious site form opening. I didn't have a report for MBAR but it did not find any problems. The other logs didn't show a (2) so I have posted both. Sorry, didn't know which to post.

Thanks for your help.

RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : shareda73 [Admin rights]
Mode : Scan -- Date : 12/26/2013 22:40:00
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Controller.exe -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
[SUSP PATH] Controller.exe -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] ArcadeParlor.job : C:\Users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [x] -> FOUND
[V2][SUSP PATH] ArcadeParlor : C:\Users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [x] -> FOUND
[V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> FOUND
[V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> FOUND
[V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] ff536c67a7c1000821dee222d69fa9c7
[BSP] 9aeafdbaadba28e683a9922668e70ac1 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_12262013_224000.txt >>


RogueKiller V8.7.13 _x64_ [Dec 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : shareda73 [Admin rights]
Mode : Remove -- Date : 12/26/2013 22:41:01
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] Controller.exe -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]
[SUSP PATH] Controller.exe -- C:\Users\shareda73\AppData\Local\GCC\Controller.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 5 ¤¤¤
[V1][SUSP PATH] ArcadeParlor.job : C:\Users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [x] -> DELETED
[V2][SUSP PATH] ArcadeParlor : C:\Users\ShaReda\AppData\Local\ArcadeParlor\versioncheck.exe [x] -> DELETED
[V2][SUSP PATH] GC_Informer : "%LOCALAPPDATA%\GCC\Controller.exe" - --Informer [x] -> DELETED
[V2][SUSP PATH] GC_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" [x] -> DELETED
[V2][SUSP PATH] UP_Scheduler : "%LOCALAPPDATA%\GCC\Controller.exe" - --Update [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS545050A7E380 +++++
--- User ---
[MBR] ff536c67a7c1000821dee222d69fa9c7
[BSP] 9aeafdbaadba28e683a9922668e70ac1 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12262013_224101.txt >>
RKreport[0]_S_12262013_224000.txt
  • 0

#14
gringo_pr
Posted 26 December 2013 - 11:30 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
      O4 - HKCU\..\Run: [SkyDrive] "C:\Users\shareda73\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
      O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_0EAF04DA78CC2D4DA23CF4718E40E892] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here

Gringo
  • 0

#15
sedward68
Posted 28 December 2013 - 07:39 AM

sedward68

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
I forgot to tell you in the last post I have been using Chrome. Not sure if ESET created the backups but I have a folder on the desktop with 6 backup files in it. Also, after the computer restarted it placed a folder on the desktop labeled with my screen name and it has the following folders in it. Not sure where this came from. Contacts, desktop, downloads, favorites, links, my documents, my music, my pictures, my videos, saved games, searches, and shydrive.

As I am browsing, MBAM pops up message that potential malicious site was blocked. This is the web address:
174.129.20.145

Here is the log with the list of threats found:

C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher32.exe.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe.vir Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher32.exe.vir Win32/AdWare.Adpeak.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Level Quality Watcher\LevelQualityWatcher64.exe.vir a variant of Win64/Adware.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptimizerPro.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProLauncher.exe.vir a variant of Win32/AdWare.SpeedingUpMyPC.D application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\optimizer pro\OptProSmartScan.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionInstall.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\CustomActionUninstall.vir a variant of Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\ScorpionSaver\IECore.dll.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\smart pc cleaner\SmartPCCleaner.exe.vir a variant of Win32/SpeedingUpMyPC application
C:\AdwCleaner\Quarantine\C\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.old.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\bootstrap.js.vir Win32/AdWare.Adpeak.B application
C:\AdwCleaner\Quarantine\C\Users\shareda73\AppData\Local\Google\Chrome\User Data\Default\Extensions\oclgomenfkljhfkfflghppidonpkljjg\5.0_0\manifest.json.vir Win32/AdWare.Adpeak.B application
C:\Users\ShaReda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K6BST3X9\yucces[1].js JS/Agent.NKI.Gen trojan
C:\Windows\Installer\MSI5B9B.tmp a variant of Win64/Adware.Adpeak.B application


Thanks again for you help.

Edited by sedward68, 28 December 2013 - 09:57 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP