Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Infection - Snapdo, et al?


  • Please log in to reply

#1
beerman

beerman

    Member

  • Member
  • PipPipPip
  • 188 posts
Hello GTG!

Unfortunately, I again need your expert help. Thanks for doing what you do!

Multiple pop-ups when using web browser and overtaking home pages and search.

Here are the OTL logs:

OTL logfile created on: 12/30/2013 11:47:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bmanley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 213.80 Mb Available Physical Memory | 20.92% Memory free
2.41 Gb Paging File | 1.42 Gb Available in Paging File | 58.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.09 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 78.19 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 158.56 Gb Free Space | 61.94% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 158.56 Gb Free Space | 61.94% Space Free | Partition Type: NTFS

Computer Name: D67ZSQ41 | User Name: bmanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
PRC - [2013/12/27 09:22:10 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
PRC - [2013/12/19 16:59:58 | 001,012,608 | ---- | M] () -- C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
PRC - [2013/12/16 09:58:47 | 004,981,320 | ---- | M] (Activeris) -- C:\Documents and Settings\All Users\Application Data\MyBackupPlan\MyBackupPlan.684.exe
PRC - [2013/12/11 09:32:34 | 000,252,928 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/26 10:43:10 | 001,933,392 | ---- | M] (Software Updater) -- C:\Program Files\Software Updater\SoftwareUpdater.exe
PRC - [2013/11/21 10:44:48 | 000,610,816 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts\StormAlertsApp.exe
PRC - [2013/11/20 20:20:28 | 000,170,160 | ---- | M] (Weather Warnings LLC) -- C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts\StormAlerts.exe
PRC - [2013/10/31 16:08:16 | 000,021,536 | ---- | M] (Smartbar) -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\SnapDo.exe
PRC - [2013/09/11 15:10:40 | 000,272,936 | ---- | M] (Linksicle) -- C:\Program Files\Linksicle\Service\lssvc.exe
PRC - [2013/06/22 15:30:28 | 034,220,352 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files\DriverUpdate\DriverUpdate.exe
PRC - [2011/03/19 20:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 20:29:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/27 09:22:10 | 000,761,536 | ---- | M] () -- C:\Program Files\Mobogenie\DaemonProcess.exe
MOD - [2013/12/19 16:59:58 | 001,012,608 | ---- | M] () -- C:\Program Files\Consumer Input\Monitoring\dca-monitoring.exe
MOD - [2013/12/16 10:14:03 | 000,911,872 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/12/16 10:13:53 | 000,146,464 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/12/16 10:07:38 | 008,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2013/12/11 09:32:34 | 000,252,928 | ---- | M] () -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe
MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013/11/21 10:44:48 | 000,610,816 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts\StormAlertsApp.exe
MOD - [2013/10/31 16:08:46 | 000,031,264 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\srut.dll
MOD - [2013/10/31 16:08:42 | 000,020,512 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\srsbs.dll
MOD - [2013/10/31 16:08:38 | 000,014,880 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\srpdm.dll
MOD - [2013/10/31 16:08:34 | 000,056,864 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\srau.dll
MOD - [2013/10/31 16:08:32 | 000,049,184 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\sppsm.dll
MOD - [2013/10/31 16:08:30 | 000,055,840 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\spbl.dll
MOD - [2013/10/31 16:08:24 | 000,112,672 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/10/31 16:08:24 | 000,017,440 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/10/31 16:08:22 | 000,150,560 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/10/31 16:08:20 | 000,057,888 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/10/31 16:08:18 | 001,981,472 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/10/31 16:08:18 | 000,034,848 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/10/31 16:08:18 | 000,014,368 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/10/31 16:08:16 | 000,728,096 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/10/31 16:08:16 | 000,082,464 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/10/31 16:08:12 | 000,013,344 | ---- | M] () -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\siem.dll
MOD - [2013/10/20 02:43:49 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\40ea80adb0fbe21bc953ac641f033a04\System.Web.Services.ni.dll
MOD - [2013/10/20 02:43:22 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\b01bf82d99cca42b8140884fb833583d\System.Transactions.ni.dll
MOD - [2013/10/20 02:43:12 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\cf3c9d1496acdcb836853e59fe20223b\System.Management.ni.dll
MOD - [2013/10/20 02:43:08 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\9c02362e677418460c52569019a266e4\System.EnterpriseServices.ni.dll
MOD - [2013/10/20 02:41:52 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\1b7600e7fe5e152f21ba6d79f3c0c3b6\System.Configuration.ni.dll
MOD - [2013/10/20 02:41:45 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\8f799a4688381624de3cfb1edbccb163\Accessibility.ni.dll
MOD - [2013/10/20 02:37:02 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f93600ac836b9140e1df13bb0f6bfccf\System.Xml.ni.dll
MOD - [2013/10/20 02:36:45 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\02257c6b67db33c194fa3beccf977afb\System.Windows.Forms.ni.dll
MOD - [2013/10/20 02:36:15 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b34cb206ab0cec687c3730b14cdff57\System.Drawing.ni.dll
MOD - [2013/10/20 02:35:47 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\5013900c3c0610c88059fcb8f1f4acb4\System.Data.ni.dll
MOD - [2013/10/20 02:33:35 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\10df39542df7d48462451fc39bce8418\System.ni.dll
MOD - [2013/10/20 02:33:13 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\b14359470744c840c59fbe4e58034fd6\mscorlib.ni.dll
MOD - [2013/10/20 02:32:26 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2013/10/20 02:32:19 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2008/04/14 02:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 02:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/16 09:56:42 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
SRV - [2013/12/16 09:56:42 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
SRV - [2013/12/11 13:21:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/11 09:32:34 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2013/09/11 15:10:40 | 000,272,936 | ---- | M] (Linksicle) [Auto | Running] -- C:\Program Files\Linksicle\Service\lssvc.exe -- (lssvc)
SRV - [2011/03/19 20:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2013/12/30 10:51:58 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/12/16 09:58:34 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20131215.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/12/16 09:58:34 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20131215.005\NAVENG.SYS -- (NAVENG)
DRV - [2013/11/26 08:17:23 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 02:21:37 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/24 08:51:06 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/11 15:10:38 | 000,052,688 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\lsnfd.sys -- (lsnfd)
DRV - [2011/03/19 20:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 20:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 20:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 20:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 20:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/03/19 20:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/03/19 20:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Consumer Input\Firefox\ciff-3.2.0-12171.xpi [2013/11/14 04:21:20 | 000,296,749 | ---- | M] ()


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://feed.snapdo.c...Date=16/12/2013
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: Snap.Do = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: YouTube = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Linksicle = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.1.0_0\
CHR - Extension: Plus-HD-2.5 = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.93_0\crossrider
CHR - Extension: Plus-HD-2.5 = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.93_0\
CHR - Extension: Plus-HD-2.5 = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.120_0\crossrider
CHR - Extension: Plus-HD-2.5 = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.26.120_0\
CHR - Extension: Consumer Input = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.2.0.2859_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Plus-HD-2.5) - {11111111-1111-1111-1111-110311341138} - C:\Program Files\Plus-HD-2.5\Plus-HD-2.5-bho.dll (Plus HD)
O2 - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FastFreeConverter) - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\Program Files\Fast Free Converter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (no name) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files\Mobogenie\DaemonProcess.exe ()
O4 - HKLM..\Run: [MyBackupPlan] C:\Program Files\MyBackupPlan\MyBackupPlan.exe (Activeris)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\SnapDo.exe (Smartbar)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295..\Run: [DriverUpdate] C:\Program Files\DriverUpdate\DriverUpdate.exe (SlimWare Utilities, Inc.)
O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295..\Run: [NextLive] C:\Documents and Settings\bmanley\Application Data\newnext.me\nengine.dll (NewNextDotMe)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftwareUpdater.lnk = C:\Program Files\Software Updater\SoftwareUpdater.exe (Software Updater)
O4 - Startup: C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\Storm Alerts.lnk = C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
O4 - Startup: C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\StormAlerts.lnk = C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts\StormAlertsApp.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1379974000802 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC757D5-7972-4681-ACCE-E4659732CD54}: DhcpNameServer = 10.0.0.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/23 16:21:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/30 11:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/30 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\My Documents\Downloads
[2013/12/30 10:52:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/12/23 14:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Compete
[2013/12/16 12:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Media Player Classic
[2013/12/16 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/16 10:46:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DriverUpdate
[2013/12/16 10:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\DriverUpdate
[2013/12/16 10:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/16 10:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Plus-HD-2.5
[2013/12/16 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Player Classic - Home Cinema
[2013/12/16 10:36:11 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic - Home Cinema
[2013/12/16 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\.android
[2013/12/16 10:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\cache
[2013/12/16 10:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\newnext.me
[2013/12/16 10:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\genienext
[2013/12/16 10:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\My Documents\Mobogenie
[2013/12/16 10:30:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Mobogenie
[2013/12/16 10:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\SwvUpdater
[2013/12/16 10:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Start Menu\Programs\Mobogenie
[2013/12/16 10:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mobogenie
[2013/12/16 10:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar
[2013/12/16 10:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Linksicle
[2013/12/16 10:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/16 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Plus-HD-2.5
[2013/12/16 10:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeClient
[2013/12/16 10:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeExe
[2013/12/16 10:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee
[2013/12/16 10:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\emaze
[2013/12/16 10:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
[2013/12/16 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
[2013/12/16 10:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Weather_Warnings_LLC
[2013/12/16 10:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Start Menu\Programs\Storm Alerts
[2013/12/16 10:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\StormAlerts
[2013/12/16 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for Consumer Input
[2013/12/16 09:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Consumer Input
[2013/12/16 09:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input
[2013/12/16 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\MyBackupPlan
[2013/12/16 09:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MyBackupPlan
[2013/12/16 09:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\MyBackupPlan
[2013/12/16 09:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Start Menu\Programs\MyBackupPlan
[2013/12/16 09:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/12/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2013/12/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2013/12/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Yahoo!
[2013/12/16 09:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software Updater
[2013/12/16 09:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Software Updater
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/30 11:56:00 | 000,000,368 | ---- | M] () -- C:\WINDOWS\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
[2013/12/30 11:49:09 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/30 11:01:29 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\ConsumerInputUpdateTaskMachineUA.job
[2013/12/30 10:59:26 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/12/30 10:51:58 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/30 10:51:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\CIMT_S-1-5-21-962395197-4016970835-1205081151-1295.job
[2013/12/30 10:50:33 | 000,001,886 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/12/30 10:50:33 | 000,001,288 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-updater.job
[2013/12/30 10:50:33 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-codedownloader.job
[2013/12/30 10:50:33 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-enabler.job
[2013/12/30 10:50:33 | 000,000,956 | ---- | M] () -- C:\WINDOWS\tasks\ConsumerInputUpdateTaskMachineCore.job
[2013/12/30 10:50:33 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/30 10:50:22 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/30 10:49:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/16 12:23:47 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/12/16 10:46:57 | 000,001,856 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2013/12/16 10:36:18 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Media Player Classic - Home Cinema.lnk
[2013/12/16 10:27:29 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2013/12/16 10:27:29 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Mobogenie.lnk
[2013/12/16 10:17:03 | 000,002,071 | ---- | M] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2013/12/16 10:17:03 | 000,002,053 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Search.lnk
[2013/12/16 10:08:39 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\temp_Plus-HD-2.5-enabler.job
[2013/12/16 10:04:28 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/16 10:04:07 | 000,000,002 | ---- | M] () -- C:\END
[2013/12/16 10:02:21 | 000,001,137 | ---- | M] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\Storm Alerts.lnk
[2013/12/16 10:01:45 | 000,001,134 | ---- | M] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\StormAlerts.lnk
[2013/12/16 09:56:30 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\MyBackupPlan.lnk
[2013/12/16 09:55:37 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2013/12/16 09:50:21 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/11 17:10:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/11 09:45:16 | 000,000,000 | ---- | M] () -- C:\t14k.1
[2013/12/04 22:48:10 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/12/03 12:32:43 | 000,539,916 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Welcome to myuhc_com2.mht
[2013/12/03 12:28:40 | 000,539,168 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Welcome to myuhc_com.mht
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/16 10:47:43 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/16 10:46:57 | 000,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriverUpdate.lnk
[2013/12/16 10:36:18 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Media Player Classic - Home Cinema.lnk
[2013/12/16 10:27:29 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Mobogenie.lnk
[2013/12/16 10:27:29 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Mobogenie.lnk
[2013/12/16 10:17:03 | 000,002,071 | ---- | C] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Search.lnk
[2013/12/16 10:17:03 | 000,002,059 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Search.lnk
[2013/12/16 10:17:03 | 000,002,053 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Search.lnk
[2013/12/16 10:08:39 | 000,001,288 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.5-updater.job
[2013/12/16 10:08:35 | 000,001,132 | ---- | C] () -- C:\WINDOWS\tasks\temp_Plus-HD-2.5-enabler.job
[2013/12/16 10:08:32 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.5-enabler.job
[2013/12/16 10:08:19 | 000,001,190 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.5-codedownloader.job
[2013/12/16 10:06:53 | 000,001,886 | ---- | C] () -- C:\WINDOWS\tasks\Plus-HD-2.5-chromeinstaller.job
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/16 10:02:47 | 000,000,002 | ---- | C] () -- C:\END
[2013/12/16 10:02:21 | 000,001,137 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\Storm Alerts.lnk
[2013/12/16 10:01:45 | 000,001,134 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Startup\StormAlerts.lnk
[2013/12/16 10:00:57 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\CIMT_S-1-5-21-962395197-4016970835-1205081151-1295.job
[2013/12/16 10:00:21 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
[2013/12/16 09:56:47 | 000,000,960 | ---- | C] () -- C:\WINDOWS\tasks\ConsumerInputUpdateTaskMachineUA.job
[2013/12/16 09:56:46 | 000,000,956 | ---- | C] () -- C:\WINDOWS\tasks\ConsumerInputUpdateTaskMachineCore.job
[2013/12/16 09:56:30 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\MyBackupPlan.lnk
[2013/12/16 09:55:37 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2013/12/11 09:45:16 | 000,000,000 | ---- | C] () -- C:\t14k.1
[2013/12/03 12:32:41 | 000,539,916 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Welcome to myuhc_com2.mht
[2013/12/03 12:28:37 | 000,539,168 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Welcome to myuhc_com.mht
[2013/09/23 21:39:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/09/23 16:46:01 | 000,011,062 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/09/23 16:38:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2013/09/23 16:34:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/09/23 16:18:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/09/23 12:09:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/23 12:08:58 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/10/17 14:55:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/12/16 09:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MyBackupPlan
[2013/12/23 14:38:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bmanley\Application Data\Compete
[2013/12/30 10:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bmanley\Application Data\newnext.me
[2013/12/16 10:37:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bmanley\Application Data\SwvUpdater

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 12/30/2013 11:47:20 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bmanley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 213.80 Mb Available Physical Memory | 20.92% Memory free
2.41 Gb Paging File | 1.42 Gb Available in Paging File | 58.89% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.09 Gb Free Space | 77.96% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 78.19 Gb Free Space | 30.54% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 158.56 Gb Free Space | 61.94% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 158.56 Gb Free Space | 61.94% Space Free | Partition Type: NTFS

Computer Name: D67ZSQ41 | User Name: bmanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager" = %ProgramFiles%\Microsoft ActiveSync\CeAppMgr.exe:LocalSubnet:Enabled:ActiveSync Application Manager
"%ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application" = %ProgramFiles%\Microsoft ActiveSync\WCESMgr.exe:LocalSubnet:Enabled:ActiveSync Application
"%ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager" = %ProgramFiles%\Microsoft ActiveSync\WCESComm.exe:LocalSubnet:Enabled:ActiveSync Connection Manager
"%WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance" = %WINDIR%\SYSTEM32\Sessmgr.exe:*:Enabled:Remote Assistance -- (Microsoft Corporation)
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance -- (Microsoft Corporation)
"%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice" = %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = LocalSubnet

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = *

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5032B-56CA-4C19-A72E-B50161DB82CA}" = Shadow Copy Client
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C1AE512-3C37-44FA-BA42-ABB721EC5B1D}" = Symantec Endpoint Protection
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{7439C3D7-1145-4BC0-A3C5-C19115255007}" = Snap.Do
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOK_{3AED81FF-F443-4D34-A103-5EB05C954265}" =
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C67F5282-3EB4-4FE2-A5C7-ABEE4BE42F6D}" = DriverUpdate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Consumer Input Installer" = Consumer Input (remove only)
"Fast Free Converter" = Fast Free Converter
"Google Chrome" = Google Chrome
"ie8" = Windows Internet Explorer 8
"Linksicle" = Linksicle
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobogenie" = Mobogenie
"MyBackupPlan" = MyBackupPlan
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Plus-HD-2.5" = Plus-HD-2.5
"PricePeep" = PricePeep
"PROSet" = Intel® PRO Network Adapters and Drivers
"Setup Support for Consumer Input" = Consumer Input
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"Software Updater_is1" = Software Updater version 1.8.3
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{7a131d9a-b42a-4993-b86b-0e4ab2549f75}" = Snap.Do Engine
"StormAlerts" = StormAlerts
"VisualBee for Microsoft PowerPoint" = VisualBee for Microsoft PowerPoint

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2013 6:06:50 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/27/2013 6:21:51 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 11:49:20 AM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 11:49:20 AM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 11:49:20 AM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 11:49:20 AM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 12:04:41 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 12:20:05 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 12:35:37 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

Error - 12/30/2013 12:50:44 PM | Computer Name = D67ZSQ41 | Source = FastFreeConverter | ID = 2
Description =

[ System Events ]
Error - 12/27/2013 1:26:08 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:32:06 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:32:36 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:33:06 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:33:37 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:39:35 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:40:05 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:40:35 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 1:41:05 PM | Computer Name = D67ZSQ41 | Source = DCOM | ID = 10010
Description = The server {7E477741-01A6-4C06-9DAC-55F6174C08A3} did not register
with DCOM within the required timeout.

Error - 12/27/2013 4:19:20 PM | Computer Name = D67ZSQ41 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{9CC757D5-7972-4681-ACCE-E4659732CD54}. The
backup browser is stopping.


< End of report >


Thanks in advance for your help. :thumbsup:
  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
Welcome to GeeksToGo, beerman

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

As you know I'm currently in training my posts need approval so please expect a little delay between posts. I'll come with instructions some time later.
  • 0

#3
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Hey Gerrit, nice to hear from you again. Hope you had a nice Christmas.
  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
  • Step 1 : Uninstalls

I want you to uninstall following programs (Start > Control Panel > Add/Remove Programs):

  • Snap.Do
  • Software Version Updater
  • Consumer Input (remove only)
  • Fast Free Converter
  • Linksicle
  • MyBackupPlan
  • Plus-HD-2.5
  • PricePeep
  • Consumer Input
  • Software Updater version 1.8.3
  • Snap.Do Engine
  • VisualBee for Microsoft PowerPoint


  • Step 2: Chrome Homepage

Please follow these steps here to change the homepage to another page. (I recommend Google.com)

  • Step 3: Resetting Google Extensions

  • Run Google Chrome
  • Please type the command below into the Address Box

chrome:extensions


  • A new Tab will open in Google Chrome
  • You will see an entry which is probably called Snap.Do
  • Next to this entry you will see a can icon - please click on that to remove the extension from your Browser
  • A confirmation dialog appears, click Remove.

Please do the same for following extensions:

  • Plus-HD-2.5 (there should be 4 entries - disable/remove all)
  • Consumer Input
  • Linksicle

  • Step 4: OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    SRV - [2013/12/16 09:56:42 | 000,106,296 | ---- | M] (ConsumerInput) [On_Demand | Stopped] -- C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_updatem)
    SRV - [2013/12/16 09:56:42 | 000,106,296 | ---- | M] (ConsumerInput) [Auto | Stopped] -- C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe -- (consumerinput_update)
    SRV - [2013/12/11 09:32:34 | 000,252,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
    SRV - [2013/09/11 15:10:40 | 000,272,936 | ---- | M] (Linksicle) [Auto | Running] -- C:\Program Files\Linksicle\Service\lssvc.exe -- (lssvc)
    DRV - [2013/09/11 15:10:38 | 000,052,688 | ---- | M] (Linksicle) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\lsnfd.sys -- (lsnfd)
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=16/12/2013
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=16/12/2013
    O2 - BHO: (Linksicle) - {2AD2D8CA-D24D-40D2-A8FC-46952409BA9A} - C:\Program Files\Linksicle\IE\LinksicleClientIE.dll (Linksicle)
    O2 - BHO: (Consumer Input DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Consumer Input\InternetExplorer\dca-bho.dll (Compete, Inc.)
    O2 - BHO: (FastFreeConverter) - {F5580E24-8416-4DFD-90B3-078D4EDF4FCB} - C:\Program Files\Fast Free Converter\FastFreeConverter.dll (Fast Free Converter)
    O2 - BHO: (no name) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No CLSID value found.
    O4 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295..\Run: [Browser Infrastructure Helper] C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\SnapDo.exe (Smartbar)
    O4 - HKLM..\Run: [MyBackupPlan] C:\Program Files\MyBackupPlan\MyBackupPlan.exe (Activeris)
    [2013/12/16 10:13:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar
    [2013/12/16 10:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Linksicle
    [2013/12/16 10:28:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\SwvUpdater
    [2013/12/16 10:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeClient
    [2013/12/16 10:05:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeExe
    [2013/12/16 10:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\VisualBee
    [2013/12/16 10:04:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\emaze
    [2013/12/16 10:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\File Type Helper
    [2013/12/16 10:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Free Converter
    [2013/12/16 10:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Support for Consumer Input
    [2013/12/16 09:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\Consumer Input
    [2013/12/16 09:56:41 | 000,000,000 | ---D | C] -- C:\Program Files\Consumer Input
    [2013/12/16 09:56:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\MyBackupPlan
    [2013/12/16 09:55:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Software Updater
    [2013/12/16 09:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Software Updater
    [2013/12/16 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Plus-HD-2.5
    [2013/12/30 10:51:06 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\CIMT_S-1-5-21-962395197-4016970835-1205081151-1295.job
    [2013/12/30 10:50:33 | 000,001,886 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-chromeinstaller.job
    [2013/12/30 10:50:33 | 000,001,288 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-updater.job
    [2013/12/30 10:50:33 | 000,001,190 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-codedownloader.job
    [2013/12/30 10:50:33 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\Plus-HD-2.5-enabler.job
    [2013/12/16 10:08:39 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\temp_Plus-HD-2.5-enabler.job
    [2013/12/16 10:04:07 | 000,000,002 | ---- | M] () -- C:\END
    [2013/12/16 09:56:30 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\MyBackupPlan.lnk
    [2013/12/16 10:00:21 | 000,000,368 | ---- | C] () -- C:\WINDOWS\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job
    
    :Files
    dir C:\t14k.1 /S /C
    C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0
    C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.93_0
    C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.2.0.2859_0
    C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.1.0_0
    
    :Commands
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, please post the Fixlog into your next reply

  • Step 5 : AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Run AdwCleaner.exe
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

  • Step 6 : JRT Run

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • Step 7 : OTL Scan

  • Please run OTL(for Win Vista / Win7 / Win 8 User please do this: Right click on the OTL icon and select Run as Administrator)
  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    winsock.*
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Make sure all other windows are closed.

  • You will see a console like the one below:

    Posted Image

  • Click the box beside Scan All Users at the top of the console
  • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside the Posted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop.
  • Please copy the contents of this file and paste it into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
[/list][/list]
  • 0

#5
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
Any problems with the instructions above?
  • 0

#6
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
No problem. I was travelling over New Years and couldn't work on the computer. I will apply these fixes on Monday.

Thanks. :thumbsup:
  • 0

#7
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
OK
  • 0

#8
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Gerrit:

This computer was in really bad shape and now is operable again! Thanks so much.

Here are the logs:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named consumerinput_updatem was found to stop!
Service\Driver key consumerinput_updatem not found.
File C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe not found.
Error: No service named consumerinput_update was found to stop!
Service\Driver key consumerinput_update not found.
File C:\Program Files\Consumer Input\Update\ConsumerInputUpdate.exe not found.
Error: No service named FastFreeConverterUpdt was found to stop!
Service\Driver key FastFreeConverterUpdt not found.
File C:\Program Files\Fast Free Converter\FastFreeConverterUpdt.exe not found.
Error: No service named lssvc was found to stop!
Service\Driver key lssvc not found.
File C:\Program Files\Linksicle\Service\lssvc.exe not found.
Error: Unable to stop service lsnfd!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lsnfd deleted successfully.
File C:\WINDOWS\system32\drivers\lsnfd.sys not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}\ not found.
File C:\Program Files\Linksicle\IE\LinksicleClientIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ not found.
File C:\Program Files\Consumer Input\InternetExplorer\dca-bho.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}\ not found.
File C:\Program Files\Fast Free Converter\FastFreeConverter.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}\ not found.
Registry value HKEY_USERS\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper not found.
File C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\Application\SnapDo.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyBackupPlan not found.
File C:\Program Files\MyBackupPlan\MyBackupPlan.exe not found.
Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Smartbar\ not found.
Folder C:\Program Files\Linksicle\ not found.
C:\Documents and Settings\bmanley\Application Data\SwvUpdater folder moved successfully.
Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeClient\ not found.
C:\Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeExe folder moved successfully.
C:\Documents and Settings\All Users\VisualBee folder moved successfully.
C:\Documents and Settings\bmanley\Local Settings\Application Data\emaze folder moved successfully.
Folder C:\Program Files\File Type Helper\ not found.
Folder C:\Program Files\Fast Free Converter\ not found.
Folder C:\Program Files\Setup Support for Consumer Input\ not found.
Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Consumer Input\ not found.
Folder C:\Program Files\Consumer Input\ not found.
Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\MyBackupPlan\ not found.
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Software Updater\ not found.
C:\Program Files\Software Updater folder moved successfully.
Folder C:\Program Files\Plus-HD-2.5\ not found.
File C:\WINDOWS\tasks\CIMT_S-1-5-21-962395197-4016970835-1205081151-1295.job not found.
File C:\WINDOWS\tasks\Plus-HD-2.5-chromeinstaller.job not found.
File C:\WINDOWS\tasks\Plus-HD-2.5-updater.job not found.
File C:\WINDOWS\tasks\Plus-HD-2.5-codedownloader.job not found.
File C:\WINDOWS\tasks\Plus-HD-2.5-enabler.job not found.
File C:\WINDOWS\tasks\temp_Plus-HD-2.5-enabler.job not found.
C:\END moved successfully.
File C:\Documents and Settings\bmanley\Desktop\MyBackupPlan.lnk not found.
C:\WINDOWS\tasks\CI_DCA_UA{C3717BD3-6AC2-4dcd-83DE-F865C33AC5D9}.job moved successfully.
========== FILES ==========
< dir C:\t14k.1 /S /C >
Volume in drive C has no label.
Volume Serial Number is F8DE-18FF
Directory of C:\
12/11/2013 09:45 AM 0 t14k.1
1 File(s) 0 bytes
Total Files Listed:
1 File(s) 0 bytes
0 Dir(s) 62,468,382,720 bytes free
C:\Documents and Settings\bmanley\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\bmanley\Desktop\cmd.txt deleted successfully.
File\Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0 not found.
File\Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iefogiieekeeeeaiklglonbockmhmkgd\1.25.93_0 not found.
File\Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\loegdibholggdjoefldpbnblblaligim\3.2.0.2859_0 not found.
File\Folder C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gohhkpbcblcpnaghfmnkfangnkkagacg\1.8.1.0_0 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 455170 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Administrator.DAYTON
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34298 bytes

User: All Users

User: bmanley
->Temp folder emptied: 51452365 bytes
->Temporary Internet Files folder emptied: 403181386 bytes
->Google Chrome cache emptied: 57168144 bytes
->Flash cache emptied: 17041 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33309 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4804088 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28378584 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 185110737 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13670 bytes

Total Files Cleaned = 697.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01062014_120253

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\bmanley\Local Settings\Temp\Perflib_Perfdata_e60.dat not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.016 - Report created 06/01/2014 at 12:12:36
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : bmanley - D67ZSQ41
# Running from : C:\Documents and Settings\bmanley\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\bmanley\Local Settings\Application Data\Mobogenie
Folder Deleted : C:\Documents and Settings\bmanley\My Documents\Mobogenie

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AD2D8CA-D24D-40D2-A8FC-46952409BA9A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F5580E24-8416-4DFD-90B3-078D4EDF4FCB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Google Chrome v31.0.1650.63

[ File : C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [5217 octets] - [06/01/2014 12:10:41]
AdwCleaner[S0].txt - [4906 octets] - [06/01/2014 12:12:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4966 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.9 (01.01.2014:1)
OS: Microsoft Windows XP x86
Ran by bmanley on Mon 01/06/2014 at 12:17:54.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311341138}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341138}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/06/2014 at 12:24:02.78
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OTL logfile created on: 1/6/2014 12:26:29 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bmanley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 538.97 Mb Available Physical Memory | 52.74% Memory free
2.41 Gb Paging File | 2.10 Gb Available in Paging File | 87.10% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 58.20 Gb Free Space | 78.10% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 76.94 Gb Free Space | 30.05% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 158.09 Gb Free Space | 61.75% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 158.09 Gb Free Space | 61.75% Space Free | Partition Type: NTFS

Computer Name: D67ZSQ41 | User Name: bmanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
PRC - [2013/12/03 21:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/03/19 20:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2011/03/19 20:29:00 | 000,353,608 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SescLU.exe
PRC - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/12/03 21:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll
MOD - [2013/12/03 21:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013/12/03 21:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2010/02/17 09:53:18 | 000,169,312 | ---- | M] () -- C:\Program Files\Symantec\LiveUpdate\UNRAR.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/11 13:21:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/03/19 20:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2014/01/06 12:18:22 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140105.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/01/06 12:18:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140105.025\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/06 11:34:12 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/26 08:17:23 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 02:21:37 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/24 08:51:06 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/19 20:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 20:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 20:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 20:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 20:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/03/19 20:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/03/19 20:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1379974000802 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC757D5-7972-4681-ACCE-E4659732CD54}: DhcpNameServer = 10.0.0.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/23 16:21:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 12:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/06 12:16:58 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\bmanley\Desktop\JRT.exe
[2014/01/06 12:10:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 12:02:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/06 11:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/12/30 11:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/30 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\My Documents\Downloads
[2013/12/16 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/16 10:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/16 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\.android
[2013/12/16 10:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\cache
[2013/12/16 10:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\newnext.me
[2013/12/16 10:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\genienext
[2013/12/16 10:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/16 09:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\MyBackupPlan
[2013/12/16 09:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/12/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Yahoo!

========== Files - Modified Within 30 Days ==========

[2014/01/06 12:17:03 | 001,036,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\bmanley\Desktop\JRT.exe
[2014/01/06 12:14:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/06 12:14:44 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/06 12:14:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/06 12:09:59 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\AdwCleaner.exe
[2014/01/06 11:59:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/06 11:47:02 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/06 11:34:12 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/16 12:23:47 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/12/16 10:04:28 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/16 09:50:21 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/11 17:10:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/11 13:21:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/11 13:08:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/11 09:45:16 | 000,000,000 | ---- | M] () -- C:\t14k.1

========== Files Created - No Company Name ==========

[2014/01/06 12:09:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\AdwCleaner.exe
[2013/12/16 10:47:43 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/11 09:45:16 | 000,000,000 | ---- | C] () -- C:\t14k.1
[2013/09/23 21:39:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/09/23 16:46:01 | 000,011,062 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/09/23 16:38:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2013/09/23 16:34:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/09/23 16:18:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/09/23 12:09:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/23 12:08:58 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/10/17 14:55:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/06 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bmanley\Application Data\newnext.me

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2008/04/14 02:00:00 | 000,044,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\alg.exe -- (ALG)
SRV - [2008/04/14 02:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\qmgr.dll -- (BITS)
SRV - [2012/07/06 08:58:51 | 000,078,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\browser.dll -- (Browser)
SRV - [2008/04/14 02:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\cryptsvc.dll -- (CryptSvc)
SRV - [2008/04/14 02:00:00 | 000,126,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dhcpcsvc.dll -- (Dhcp)
SRV - [2009/04/20 12:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (Eventlog)
SRV - [2008/04/14 02:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\eapsvc.dll -- (EapHost)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\shsvcs.dll -- (FastUserSwitchingCompatibility)
SRV - [2008/04/14 02:00:00 | 000,015,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\w3ssl.dll -- (HTTPFilter)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2008/04/14 02:00:00 | 000,150,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapi.exe -- (ImapiService)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (PolicyAgent)
SRV - [2008/04/14 02:00:00 | 000,023,552 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\WINDOWS\system32\dmserver.dll -- (dmserver)
SRV - [2008/04/14 02:00:00 | 000,224,768 | ---- | M] (Microsoft Corp., Veritas Software) [On_Demand | Stopped] -- C:\WINDOWS\System32\dmadmin.exe -- (dmadmin)
SRV - [2008/04/14 02:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dllhost.exe -- (SwPrv)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (Netlogon)
SRV - [2008/04/14 02:00:00 | 000,198,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\netman.dll -- (Netman)
SRV - [2008/06/20 11:02:47 | 000,245,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\mswsock.dll -- (Nla)
SRV - [2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\services.exe -- (PlugPlay)
SRV - [2010/08/17 08:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (ProtectedStorage)
SRV - [2008/04/14 02:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\rasauto.dll -- (RasAuto)
SRV - [2008/04/14 02:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\rasmans.dll -- (RasMan)
SRV - [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\rpcss.dll -- (RpcSs)
SRV - [2008/04/14 02:00:00 | 000,435,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ntmssvc.dll -- (NtmsSvc)
SRV - [2008/04/14 02:00:00 | 000,018,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\seclogon.dll -- (seclogon)
SRV - [2008/04/14 02:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lsass.exe -- (SamSs)
SRV - [2008/04/14 02:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wscsvc.dll -- (wscsvc)
SRV - [2010/08/27 00:57:43 | 000,099,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (ShellHWDetection)
SRV - [2008/04/14 02:00:00 | 000,171,008 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\srsvc.dll -- (srservice)
SRV - [2008/04/14 02:00:00 | 000,192,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\schedsvc.dll -- (Schedule)
SRV - [2008/04/14 02:00:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\lmhsvc.dll -- (LmHosts)
SRV - [2008/04/14 02:00:00 | 000,249,856 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\tapisrv.dll -- (TapiSrv)
SRV - [2008/04/14 02:00:00 | 000,295,424 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\system32\termsrv.dll -- (TermService)
SRV - [2009/07/27 18:17:41 | 000,135,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\shsvcs.dll -- (Themes)
SRV - [2008/04/14 02:00:00 | 000,289,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\vssvc.exe -- (VSS)
SRV - [2008/04/14 02:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\audiosrv.dll -- (AudioSrv)
SRV - [2008/04/14 02:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\ipnathlp.dll -- (SharedAccess)
SRV - [2008/04/14 02:00:00 | 000,333,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\wiaservc.dll -- (stisvc)
SRV - [2008/04/14 02:00:00 | 000,078,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\msiexec.exe -- (MSIServer)
SRV - [2008/04/14 02:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wbem\wmisvc.dll -- (winmgmt)
SRV - [2009/02/09 07:10:48 | 000,617,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\advapi32.dll -- (Wmi)
SRV - [2008/04/14 02:00:00 | 000,132,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\dot3svc.dll -- (Dot3svc)
SRV - [2008/04/14 02:00:00 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wzcsvc.dll -- (WZCSVC)
SRV - [2009/06/10 01:14:49 | 000,132,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wkssvc.dll -- (lanmanworkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2008/04/14 02:00:00 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2008/04/14 02:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.DAT >
[2014/01/01 04:20:33 | 000,004,134 | ---- | M] () MD5=C9B4F36E8BE111CCBC44A2A8FD32C5EC -- C:\Documents and Settings\bmanley\Local Settings\Temp\jrt\services.dat

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 02:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2013/09/23 16:32:14 | 000,001,602 | ---- | M] () MD5=6AA4A7291EF2BE4D132A45C9B302964F -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 02:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 02:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 02:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 02:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2008/04/14 02:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\dllcache\winsock.dll
[2008/04/14 02:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\WINDOWS\system32\winsock.dll

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is F8DE-18FF
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/20/2013 02:32 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/20/2013 02:32 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 62,472,720,384 bytes free

< End of report >


Hope this helps. Thanks.
  • 0

#9
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
  • Step 1: Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the MBAM icon and select Run as Administrator)
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

  • Step 2: ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

  • Step 3: Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • Step 4: Question

How is the system running? Any issues?
  • 0

#10
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Gerrit:

Took a while for ESET to run. All is pretty good right now. I do have a new program called Create Amazing Presentations that has a desktop shortcut and shows up on the Start>Programs list but is not listed when I go to Add/Remove. Hovering over the program it says it is installed in Internet Explorer. How do I get rid of it?

Here are the logs:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bmanley :: D67ZSQ41 [administrator]

1/6/2014 1:29:20 PM
mbam-log-2014-01-06 (13-29-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245544
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\bmanley\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Documents and Settings\bmanley\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.06.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bmanley :: D67ZSQ41 [administrator]

1/6/2014 1:29:20 PM
mbam-log-2014-01-06 (13-29-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245544
Time elapsed: 5 minute(s), 19 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Documents and Settings\bmanley\Application Data\newnext.me (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\cache (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Documents and Settings\bmanley\Application Data\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\bmanley\Application Data\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Quarantined and deleted successfully.

(end)


Results of screen317's Security Check version 0.99.78
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Please wait while WMIC is being installed.d
i
s
p
l
a
y
N
a
m
e
ECHO is off.
S
y
m
a
n
t
e
c
ECHO is off.
E
n
d
p
o
i
n
t
ECHO is off.
P
r
o
t
e
c
t
i
o
n
ECHO is off.
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 20% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````


Thanks! :thumbsup:
  • 0

Advertisements


#11
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
OK, we will check for that one program.

  • Step 1: OTL

  • Run OTL by double-clicking on it. (if you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

  • Step 2: Question

You forgot to post the ESET Log I think. Did it found something?
  • 0

#12
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Gerrit:

Sorry about the ESET log. It did not find anything. Here it is:

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=1f2e9ff6497c8641a413a6da22eaf421
# engine=16541
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-06 10:51:14
# local_time=2014-01-06 05:51:14 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=27960
# found=0
# cleaned=0
# scan_time=1335


Here is the OTL log:

OTL logfile created on: 1/7/2014 11:21:47 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\bmanley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.98 Mb Total Physical Memory | 639.38 Mb Available Physical Memory | 62.56% Memory free
2.41 Gb Paging File | 2.19 Gb Available in Paging File | 91.12% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 57.63 Gb Free Space | 77.34% Space Free | Partition Type: NTFS
Drive F: | 255.99 Gb Total Space | 76.70 Gb Free Space | 29.96% Space Free | Partition Type: NTFS
Drive P: | 255.99 Gb Total Space | 158.42 Gb Free Space | 61.89% Space Free | Partition Type: NTFS
Drive Y: | 255.99 Gb Total Space | 158.42 Gb Free Space | 61.89% Space Free | Partition Type: NTFS

Computer Name: D67ZSQ41 | User Name: bmanley | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
PRC - [2011/03/19 20:29:02 | 001,459,528 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2011/03/19 20:29:02 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/04/14 02:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/12/11 13:21:59 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/03/19 20:29:02 | 000,349,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2011/03/19 20:29:02 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2011/03/19 20:29:00 | 001,881,368 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2011/03/19 20:29:00 | 001,831,024 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/02/17 09:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2014/01/06 12:18:22 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140106.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/01/06 12:18:21 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20140106.023\NAVENG.SYS -- (NAVENG)
DRV - [2014/01/06 11:34:12 | 000,013,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SWDUMon.sys -- (SWDUMon)
DRV - [2013/11/26 08:17:23 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/11/21 02:21:37 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/09/24 08:51:06 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/03/19 20:29:02 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2011/03/19 20:29:02 | 000,283,184 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2011/03/19 20:29:02 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2011/03/19 20:28:58 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2011/03/19 20:28:58 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2011/03/19 20:28:58 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2011/03/19 20:28:58 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 09 98 F9 12 0B CF 01 [binary data]
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\bmanley\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\

O1 HOSTS File: ([2008/04/14 02:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-962395197-4016970835-1205081151-1295\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1379974000802 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Dayton.Local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CC757D5-7972-4681-ACCE-E4659732CD54}: DhcpNameServer = 10.0.0.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/09/23 16:21:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/06 13:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Malwarebytes
[2014/01/06 13:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/01/06 13:27:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014/01/06 13:27:26 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2014/01/06 13:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2014/01/06 12:17:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/01/06 12:16:58 | 001,036,305 | ---- | C] (Thisisu) -- C:\Documents and Settings\bmanley\Desktop\JRT.exe
[2014/01/06 12:10:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/06 12:02:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/06 11:46:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2013/12/30 11:44:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/30 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\My Documents\Downloads
[2013/12/16 10:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\SlimWare Utilities Inc
[2013/12/16 10:46:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloaded Installers
[2013/12/16 10:32:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\.android
[2013/12/16 10:31:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\cache
[2013/12/16 10:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Local Settings\Application Data\genienext
[2013/12/16 10:07:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/12/16 09:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\MyBackupPlan
[2013/12/16 09:55:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2013/12/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bmanley\Application Data\Yahoo!

========== Files - Modified Within 30 Days ==========

[2014/01/07 10:59:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/01/07 10:59:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/07 10:58:43 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/01/07 10:57:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/07 10:47:05 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/07 10:41:40 | 000,987,410 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\SecurityCheck.exe
[2014/01/06 13:27:35 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 12:17:03 | 001,036,305 | ---- | M] (Thisisu) -- C:\Documents and Settings\bmanley\Desktop\JRT.exe
[2014/01/06 12:09:59 | 001,233,962 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\AdwCleaner.exe
[2014/01/06 11:34:12 | 000,013,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/30 11:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bmanley\Desktop\OTL.exe
[2013/12/16 12:23:47 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\bmanley\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/12/16 10:04:28 | 000,001,330 | ---- | M] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/16 09:50:21 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/11 17:10:37 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/11 09:45:16 | 000,000,000 | ---- | M] () -- C:\t14k.1

========== Files Created - No Company Name ==========

[2014/01/07 10:41:37 | 000,987,410 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\SecurityCheck.exe
[2014/01/06 13:27:35 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2014/01/06 12:09:52 | 001,233,962 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\AdwCleaner.exe
[2013/12/16 10:47:43 | 000,013,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\SWDUMon.sys
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Start Menu\Programs\Create Amazing Presentations.lnk
[2013/12/16 10:04:28 | 000,001,330 | ---- | C] () -- C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk
[2013/12/11 09:45:16 | 000,000,000 | ---- | C] () -- C:\t14k.1
[2013/09/23 21:39:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/09/23 16:46:01 | 000,011,062 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2013/09/23 16:38:08 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2013/09/23 16:34:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/09/23 16:18:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2013/09/23 12:09:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013/09/23 12:08:58 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========

[2013/10/17 14:55:40 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 02:00:00 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 02:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========


========== Purity Check ==========



< End of report >


Thanks.
  • 0

#13
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
  • Step 1: SystemLook

For 32bit systems, please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *VisualBee*
    *Create Amazing Presentations*
    
    :folderfind
    *VisualBee*
    *Create Amazing Presentations*
    
    :regfind
    *VisualBee*
    *Create Amazing Presentations*
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt
  • 0

#14
beerman

beerman

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 188 posts
Here you go:

SystemLook 30.07.11 by jpshortstuff
Log created at 14:53 on 07/01/2014 by bmanley
Administrator - Elevation successful

========== filefind ==========

Searching for "*VisualBee*"
C:\_OTL\MovedFiles\01062014_120253\C_Documents and Settings\All Users\VisualBee\VisualBeeDB.exe --a---- 10747008 bytes [15:05 16/12/2013] [15:06 16/12/2013] AF7AD01C873B7A4A0AA92E14F2C8A691
C:\_OTL\MovedFiles\01062014_120253\C_Documents and Settings\All Users\VisualBee\VisualBeeSoftware.exe --a---- 18867480 bytes [15:04 16/12/2013] [15:05 16/12/2013] 8EC73F6F06F22E185BD83581859592BF

Searching for "*Create Amazing Presentations*"
C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk --a---- 1330 bytes [15:04 16/12/2013] [15:04 16/12/2013] 65178677EC270D572AF4FDF26810C9F5
C:\Documents and Settings\bmanley\Start Menu\Programs\Create Amazing Presentations.lnk --a---- 1330 bytes [15:04 16/12/2013] [15:04 16/12/2013] F134E016B71A1E97DFACB107A6500E1B

========== folderfind ==========

Searching for "*VisualBee*"
C:\_OTL\MovedFiles\01062014_120253\C_Documents and Settings\All Users\VisualBee d------ [15:04 16/12/2013]
C:\_OTL\MovedFiles\01062014_120253\C_Documents and Settings\bmanley\Local Settings\Application Data\VisualBeeExe d------ [15:05 16/12/2013]

Searching for "*Create Amazing Presentations*"
No folders found.

========== regfind ==========

Searching for "*VisualBee*"
No data found.

Searching for "*Create Amazing Presentations*"
No data found.

-= EOF =-

Thanks again.
  • 0

#15
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,127 posts
Your computer looks good to me. We are done so far - so well done! :thumbsup: You were fast at responding and so we could solve your problem very quickly. The "Create Amazing Presentation.ink" files will be deleted with the OTL Fix.

 

I. Removal of Tools and other things



 

  • Step 1: OTL Fix | Delete old restore points and create a new one

  • Run OTL.exe
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Files
    C:\Documents and Settings\bmanley\Desktop\Create Amazing Presentations.lnk	
    C:\Documents and Settings\bmanley\Start Menu\Programs\Create Amazing Presentations.lnk
    %systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c
    
    :Commands
    [EMPTYTEMP]
    [CreateRestorePoint]
    
  • Click the Run Fix button.
  • Your computer will reboot.

  • Step 2: OTL CleanUp

Run OTL and hit the cleanup button. It will remove all the programs we have used plus itself.

Posted Image

  • Step 3: Uninstalling ESET (if you haven't already)

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • ESET
  • Once you have done this, reboot your computer

  • Step 4: Malwarebytes

It is an on demand scanner so it will not conflict with your AntiVirus!
But if you want to uninstall it, then please follow these steps:

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Malwarebytes
  • Once you have done this, reboot your computer

  • Step 5: Uninstalling Adwarecleaner

  • Run Adwarecleaner
  • Please click Uninstall - this will delete the tool from the computer

  • Step 6: Removing other tools

You can remove JRT.exe and SecurityCheck.exe manually.

 

II. Prevention and Future Guidelines



 

  • Step 1: FileHippo's UpdateChecker

Download File-Hippo Updatechecker from here and install it. Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then all your critcal programs are up to date )
  • Click on the first item of the list, download the Update, after that reboot the Computer and take the next item of the list!

  • Step 2: Future Tips

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP