Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to resolve DNS and failure to load pages in all browsers [Re-op


  • This topic is locked This topic is locked

#106
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:) Do not fear, I am here........and this log looks better than the last one :lol:

Crazy shift patterns for me at the moment due to training for my new job. :wacko:

One concern for me - Have you run Combofix at all on this machine?

Chrome is not showing on the OTL scan same as the last PC so we will go for the brutal option straight away.

1. Uninstall
  • Click Start then select Control Panel
  • In control panel click Uninstall a Program or Programs and Features and uninstall the following:
  • Malwarebytes Anti-Malware version 1.75.0.1300
  • Google Chrome
2. OTL Fix
  • Right click the OTL icon and select Run as Administrator.
  • Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

    :COMMANDS
    [CREATERESTOREPOINT]

    :OTL
    SRV - [2013/10/25 13:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    [2014/01/10 23:25:58 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
    @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:68A41423
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:ED2D63E4
    @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:13019F4B
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:3B75B877
    @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:02F30776
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:7C8AA9A6
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:6A0A47E7
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:87A3A233
    @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:5E73E1C2
    @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:9725F1BC
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:012BC84F
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:F5D01D7C
    @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:C78DADEA

    :FILES
    C:\Users\Owner\AppData\Local\Google\Chrome
    C:\Program Files (x86)\IObit
    ipconfig /flushdns /c

    :COMMANDS
    [RESETHOSTS]
    [EMPTYTEMP]

  • Then click Run Fix
  • Click O.K if asked to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste the Fix Log in your next reply.
3. Run ADWcleaner
  • Right click ADWcleaner and Run as Administrator then select Scan
  • Once the scan is complete click Clean
  • A reboot will be asked for click O.K
  • On reboot a log will be produced, please post in your next reply.
4. Install Chrome
  • Use this link only to download Google Chrome
  • Accept the agreement and follow the prompts. Nothing hidden with this installer.
  • Once installed and open click on the Customize and Control button on the top right hand side of the window, it looks like 3 bars.
  • Click on Settings Under On Startup check the Open a specific page or set of pages box and click the Set Pages link
  • In the Enter url box copy and paste the following https://www.google.com/ and click OK
  • Close Chrome, all done
Things I want to see in your next post.
  • OTL fix.txt
  • ADWcleaner log

  • 0

Advertisements


#107
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL Scan:

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Error: No service named LiveUpdateSvc was found to stop!
Service\Driver key LiveUpdateSvc not found.
File C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{88C7F2AA-F93F-432C-8F0E-B7D85967A527} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
File C:\ProgramData\DP45977C.lfl not found.
Unable to delete ADS C:\ProgramData\Temp:68A41423 .
Unable to delete ADS C:\ProgramData\Temp:ED2D63E4 .
Unable to delete ADS C:\ProgramData\Temp:13019F4B .
Unable to delete ADS C:\ProgramData\Temp:3B75B877 .
Unable to delete ADS C:\ProgramData\Temp:02F30776 .
Unable to delete ADS C:\ProgramData\Temp:7C8AA9A6 .
Unable to delete ADS C:\ProgramData\Temp:6A0A47E7 .
Unable to delete ADS C:\ProgramData\Temp:87A3A233 .
Unable to delete ADS C:\ProgramData\Temp:5E73E1C2 .
Unable to delete ADS C:\ProgramData\Temp:9725F1BC .
Unable to delete ADS C:\ProgramData\Temp:012BC84F .
Unable to delete ADS C:\ProgramData\Temp:F5D01D7C .
Unable to delete ADS C:\ProgramData\Temp:C78DADEA .
========== FILES ==========
File\Folder C:\Users\Owner\AppData\Local\Google\Chrome not found.
C:\Program Files (x86)\IObit\Smart Defrag 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 3 folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update\Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\update folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate\Language folder moved successfully.
C:\Program Files (x86)\IObit\LiveUpdate folder moved successfully.
C:\Program Files (x86)\IObit\IObit Uninstaller folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\Update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\update folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\lib folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\defaults folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content\scripts folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome\content folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected]\bin folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox\[email protected] folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Firefox folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\js folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\filtering folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\dll folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0\db folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod\1.0.0_0 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome\gkcefkcdkepgkpbgncjchhbjgoanleod folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\Chrome folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\Database folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Update folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Freeware folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Owner\Downloads\cmd.bat deleted successfully.
C:\Users\Owner\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Experience
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Owner
->Temp folder emptied: 113479755 bytes
->Temporary Internet Files folder emptied: 5413845 bytes
->Java cache emptied: 4126834 bytes
->FireFox cache emptied: 302046638 bytes
->Flash cache emptied: 42091 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1503697 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15567682 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84921 bytes
RecycleBin emptied: 1826718 bytes
 
Total Files Cleaned = 424.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04072014_101420

Files\Folders moved on Reboot...
C:\Users\Owner\AppData\Local\Temp\7zS6565\HPSLPSVC64.DLL moved successfully.
C:\Users\Owner\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\Cache\_CACHE_001_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\Cache\_CACHE_002_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\Cache\_CACHE_003_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Owner\AppData\Local\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\_CACHE_CLEAN_ moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 


Edited by ColtsFan18, 07 April 2014 - 09:42 AM.

  • 0

#108
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

AdwCleaner Log:

# AdwCleaner v3.023 - Report created 07/04/2014 at 10:31:43
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - AR34KJ8F05
# Running from : C:\Users\Owner\Desktop\AdwCleaner(1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\prefs.js ]


*************************

AdwCleaner[R0].txt - [5088 octets] - [27/02/2014 15:09:04]
AdwCleaner[R1].txt - [1022 octets] - [04/04/2014 21:06:49]
AdwCleaner[R2].txt - [970 octets] - [07/04/2014 10:28:46]
AdwCleaner[S0].txt - [4663 octets] - [27/02/2014 16:39:38]
AdwCleaner[S1].txt - [892 octets] - [07/04/2014 10:31:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [951 octets] ##########
 

 

As I posted earlier, I uninstalled Chrome to get OTL to run and didn't reinstall it.  He hates that browser, so I won't be reinstalling it.


  • 0

#109
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hmm OK not 100% happy with the fix so I will look at that in your next post :thumbsup:


I forgot to mention that I wanted you to uninstall Malwarebytes as I want you to download a fresh copy from my link :)

1. DOWNLOAD and INSTALL MALWAREBYTES
  • using this link download and install Malwarebytes
  • Before clicking Finish Uncheck the Start Free Trial checkbox if present and Select the Update and Launch Checkboxes.
  • Click Finish
  • Any updates found will now be installed and the main screen loads.
  • Select Perform quick scan and click Scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • When complete, a log will open in Notepad. Please paste this in your next reply.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log
2. ESET SCAN ONLY

You will need to disable your currently installed Anti-Virus, how to do so can be read here.


IMPORTANT - Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu, Quick Launch Bar or the Taskbar and select Run as Administrator. For Taskbar right click IE then right click the IE icon that appears.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

Now use this link to run an online scan with the ESET Online Scanner
  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


3. OTL Custom Scan
  • Right click the OTL icon and select Run as Administrator.
  • Select the following boxes:
  • Scan All Users
  • Include 64bit Scans - If present.
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • LOP Check
  • Now Click Run Scan
  • OTL will now scan your computer and produce a log file OTL.txt
  • Please post in your next reply
Things I want to see in your next post.
  • Malwarebytes results
  • ESET results
  • OTL.txt
  • How are things running now?

  • 0

#110
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

I will start all this closer to bedtime, so the eset can run through the night.  God forbid the hubby not have a computer to occupy him during his waking hours, it's a fate worse than death.  I'll have all the logs and such posted in the am (not sure what time that is for you)  so I'll say they will be up in 14 hours LOL!


  • 0

#111
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
:lol: poor hubby. Tell him he shouldn't really be using it at the moment, just in case.

14 hours time is 3:00pm, that's Breakfast time for me :lol:
  • 0

#112
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Eset log File:

 

[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=02a88b900a7c4f4b93ffa11f62419d4b
# engine=17790
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-04-08 08:11:25
# local_time=2014-04-08 03:11:25 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 2554781 148488135 0 0
# scanned=413384
# found=38
# cleaned=19
# scan_time=12978
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Conduit\Community Alerts\Alert.dll"
sh=9EC52FAF5A1E2599243D940FD7030D9332DA7317 ft=1 fh=b27b6d1531ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=59BA6A2447564BB8158403AEF84F35C3E5508D38 ft=1 fh=12d19b5790dd79c7 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=8C54C3698EBAB04801A09866F1A1A04D5C11EE39 ft=1 fh=96feccb4c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe"
sh=904552C6D3D62C2C2897565F3DAD5FF5F92A4500 ft=1 fh=78f1739f17135b7d vn="Win32/Shutdown.NAA potentially unsafe application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe"
sh=0199A64A6B31413AD8B9A19BAE5F6C6EAC5C9200 ft=1 fh=c5c8bdd7e9a2fdb7 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
sh=79C26E5823C32F13CFE3800261610D534D73C00B ft=1 fh=b19d9253e889fcde vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\iet6E4A.tmp.exe"
sh=B703E783EA587311CAAE99B2429F787A06F685DA ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NBV trojan" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\jar_cache243631348126229443.tmp"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\tbBitT.dll"
sh=2442A79DDB6365074BD4E8EB36D8953DF58025E9 ft=1 fh=820cb2a77ef33469 vn="a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\01F7658F.exe"
sh=C284CE65BC7969D72565C9E2F82CB62431483913 ft=1 fh=0fb0cb28c167d9b1 vn="a variant of Win32/AdInstaller potentially unwanted application" ac=I fn="C:\Users\Owner\Desktop\Pictures\Downloads\Downloads\CouponAlert.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\asc-setup (1).exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\asc-setup.exe"
sh=033736CF5EFB70477C757857F08649B4094F9E9C ft=1 fh=c6af5358d9a2bf2f vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Users\Owner\Downloads\driverbooster-cnet-setup.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe"
sh=3661383B652D80B662CDE4829A22A3FD7F803888 ft=1 fh=9461aa84922f14a9 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\PIP_AVR80_.exe"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Owner\Downloads\WeatherBugSetup.msi"
sh=743CF6F7C346A3CF7BB0B81442DC14A7F3DA352D ft=1 fh=67b200ae242c58b1 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Conduit\Community Alerts\Alert.dll"
sh=9EC52FAF5A1E2599243D940FD7030D9332DA7317 ft=1 fh=b27b6d1531ae66dd vn="Win32/Toolbar.MyWebSearch potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEIPlug.dll"
sh=59BA6A2447564BB8158403AEF84F35C3E5508D38 ft=1 fh=12d19b5790dd79c7 vn="a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\2pEZSETP.dll"
sh=8C54C3698EBAB04801A09866F1A1A04D5C11EE39 ft=1 fh=96feccb4c8488278 vn="Win32/Toolbar.MyWebSearch potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISb.dll"
sh=890368473ECBC404DCD42FF0C6C38397102F59C0 ft=1 fh=4c7db45bf4256cb3 vn="Win32/PrcView potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Mozilla Firefox\SmitfraudFix\Process.exe"
sh=904552C6D3D62C2C2897565F3DAD5FF5F92A4500 ft=1 fh=78f1739f17135b7d vn="Win32/Shutdown.NAA potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Mozilla Firefox\SmitfraudFix\restart.exe"
sh=0199A64A6B31413AD8B9A19BAE5F6C6EAC5C9200 ft=1 fh=c5c8bdd7e9a2fdb7 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Program Files\Panda Security\Panda Cloud Antivirus\Tools\PandaSecurityTb.exe"
sh=79C26E5823C32F13CFE3800261610D534D73C00B ft=1 fh=b19d9253e889fcde vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\iet6E4A.tmp.exe"
sh=B703E783EA587311CAAE99B2429F787A06F685DA ft=0 fh=0000000000000000 vn="a variant of Java/TrojanDownloader.OpenStream.NBV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\jar_cache243631348126229443.tmp"
sh=419716F712489099B040AB846B565D808119B5E8 ft=1 fh=562d50baf79e8eca vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\Local\Temp\tbBitT.dll"
sh=2442A79DDB6365074BD4E8EB36D8953DF58025E9 ft=1 fh=820cb2a77ef33469 vn="a variant of Win32/Toolbar.MyWebSearch.O potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Documents\Geel Squad Data Backup\Users\Steve & Tammy\AppData\LocalLow\CouponAlert_2pEI\Installr\Cache\01F7658F.exe"
sh=C284CE65BC7969D72565C9E2F82CB62431483913 ft=1 fh=0fb0cb28c167d9b1 vn="a variant of Win32/AdInstaller potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Desktop\Pictures\Downloads\Downloads\CouponAlert.exe"
sh=BE646C6CFF817AEF33DD0BCBB9B549D4D1406491 ft=1 fh=ee37cf4e4ca74df9 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\asc-setup (1).exe"
sh=8535ED1AB74D7B9547C7D47E75B9159076527253 ft=1 fh=25a511c14236d929 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\asc-setup.exe"
sh=033736CF5EFB70477C757857F08649B4094F9E9C ft=1 fh=c6af5358d9a2bf2f vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\driverbooster-cnet-setup.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\OffercastInstaller_AVR_U-0087-01-P_.exe"
sh=F42337E70886DB01977319E632FFB4356003050E ft=1 fh=234eac9709fa404f vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\OffercastInstaller_AVR_U-0113-01-P_.exe"
sh=3661383B652D80B662CDE4829A22A3FD7F803888 ft=1 fh=9461aa84922f14a9 vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\PIP_AVR80_.exe"
sh=5638CFEBC6EAC7C0352DF1D1D3635278E47ECE12 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Documents and Settings\Owner\Downloads\WeatherBugSetup.msi"
 


  • 0

#113
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL is running now, willl post log when it's done.

 

Machine is running better except for the jumpy YouTube videos.  But at least the site isn't locking up like it used to.


  • 0

#114
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

OTL Log:

 

OTL logfile created on: 4/8/2014 9:18:57 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.97 Gb Total Physical Memory | 1.14 Gb Available Physical Memory | 57.89% Memory free
3.93 Gb Paging File | 2.54 Gb Available in Paging File | 64.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 341.62 Gb Free Space | 75.97% Space Free | Partition Type: NTFS
 
Computer Name: AR34KJ8F05 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/04 20:33:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe
PRC - [2014/03/29 12:17:23 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/07 09:44:20 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013/02/01 21:27:40 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/25 21:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/29 12:16:53 | 003,642,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2010/03/25 21:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 21:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/02/28 23:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV - [2014/03/12 07:08:21 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/01/31 01:24:10 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/15 17:59:24 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/14 15:19:24 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/02/01 21:27:40 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/07/22 14:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/01/15 16:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/12/08 16:43:16 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/28 14:35:45 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/23 14:24:27 | 010,629,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/12/09 04:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/04/16 14:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-255606123-248549968-1413810114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-255606123-248549968-1413810114-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-255606123-248549968-1413810114-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-255606123-248549968-1413810114-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-255606123-248549968-1413810114-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/10/07 09:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/10/07 09:45:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/03/29 12:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/03/29 12:16:39 | 000,000,000 | ---D | M]
 
[2011/07/22 20:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/04/05 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\hcuegx29.default-1396742669274\extensions
[2014/03/29 12:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/03/29 12:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014/03/29 12:16:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2014/03/29 12:16:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/03/29 12:17:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/08/04 22:19:44 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2012/12/19 11:03:08 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
O1 HOSTS File: ([2014/04/07 10:14:53 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-255606123-248549968-1413810114-1001..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-255606123-248549968-1413810114-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-255606123-248549968-1413810114-1001\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-255606123-248549968-1413810114-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69036CF3-8F59-430B-82DD-F282FAA819DE}: DhcpNameServer = 192.168.0.1 205.171.2.226
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\DfLogon: DllName - (LogonDll.dll) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/07 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2014/04/07 10:12:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/04/05 19:11:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/04/05 19:10:37 | 001,038,974 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/04/05 19:04:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Firefox Data
[2014/04/04 20:35:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Owner\Desktop\aswmbr.exe
[2014/03/29 12:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/03/21 13:41:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2014/03/21 12:38:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics
[2014/03/19 16:51:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/03/19 16:51:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2014/03/17 23:06:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\114___08
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/08 09:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/08 09:01:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2014/04/08 08:43:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/08 02:22:12 | 000,000,366 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateXML_Owner.job
[2014/04/08 01:22:22 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Owner.job
[2014/04/07 20:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/07 10:40:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 10:40:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/07 10:37:09 | 000,788,704 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/07 10:37:09 | 000,654,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/07 10:37:09 | 000,120,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/07 10:33:25 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2014/04/07 10:33:08 | 000,001,942 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
[2014/04/07 10:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/07 10:32:39 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/07 10:14:53 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/04/05 19:10:45 | 001,038,974 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
[2014/04/05 07:29:32 | 002,580,080 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_4846.JPG
[2014/04/05 07:29:14 | 003,005,702 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_4845.JPG
[2014/04/05 07:28:56 | 002,699,712 | ---- | M] () -- C:\Users\Owner\Desktop\IMG_4844.JPG
[2014/04/04 23:12:04 | 000,233,942 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks_4_4_14.html
[2014/04/04 23:09:28 | 000,163,805 | ---- | M] () -- C:\Users\Owner\Desktop\bookmarks-2014-04-04.json
[2014/04/04 21:05:24 | 000,000,512 | ---- | M] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/04/04 20:38:07 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2014/04/04 20:37:24 | 001,426,178 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner(1).exe
[2014/04/04 20:36:02 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Owner\Desktop\aswmbr.exe
[2014/04/04 20:35:04 | 000,013,243 | ---- | M] () -- C:\Users\Owner\Desktop\OTL.exe - Shortcut.lnk
[2014/04/03 03:01:45 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/19 16:50:48 | 000,441,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/03/19 16:48:45 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2014/03/19 16:25:49 | 000,788,704 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/03/09 23:14:08 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_784
 
========== Files Created - No Company Name ==========
 
[2014/04/05 20:25:21 | 003,005,702 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_4845.JPG
[2014/04/05 20:25:21 | 002,699,712 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_4844.JPG
[2014/04/05 20:25:21 | 002,580,080 | ---- | C] () -- C:\Users\Owner\Desktop\IMG_4846.JPG
[2014/04/04 23:12:03 | 000,233,942 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks_4_4_14.html
[2014/04/04 23:09:28 | 000,163,805 | ---- | C] () -- C:\Users\Owner\Desktop\bookmarks-2014-04-04.json
[2014/04/04 21:05:23 | 000,000,512 | ---- | C] () -- C:\Users\Owner\Desktop\MBR.dat
[2014/04/04 20:38:07 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Desktop\SecurityCheck.exe
[2014/04/04 20:37:16 | 001,426,178 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner(1).exe
[2014/04/04 20:35:04 | 000,013,243 | ---- | C] () -- C:\Users\Owner\Desktop\OTL.exe - Shortcut.lnk
[2014/04/02 02:18:27 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2014/04/02 02:18:26 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateFiles_Owner.job
[2014/04/02 02:18:24 | 000,000,366 | ---- | C] () -- C:\Windows\tasks\ReclaimerUpdateXML_Owner.job
[2014/03/21 15:14:07 | 000,001,942 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5510 series (Network).lnk
[2014/02/27 18:22:01 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/02/27 18:22:01 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/02/27 18:22:01 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/02/27 18:22:01 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/02/27 18:22:01 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/02/27 17:47:59 | 000,788,704 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/27 17:39:09 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-AR34KJ8F05-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2014/01/31 01:40:29 | 000,676,776 | ---- | C] () -- C:\Users\Owner\AppData\Local\census.cache
[2014/01/31 01:39:56 | 000,091,379 | ---- | C] () -- C:\Users\Owner\AppData\Local\ars.cache
[2014/01/31 01:24:10 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/01/31 01:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/01/31 01:24:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/01/31 01:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/01/31 01:23:27 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/01/31 01:09:46 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2013/09/23 14:24:28 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2013/09/23 14:24:27 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2013/09/23 14:24:26 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2013/09/23 14:14:51 | 000,268,968 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2012/06/03 15:29:47 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2011/11/11 01:08:35 | 000,033,134 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png
[2011/07/22 22:26:39 | 000,000,148 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = c:\windows\syswow64\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/08/22 08:11:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Awem
[2013/02/03 20:03:51 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Blurity
[2011/09/30 12:16:02 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Boolat Games
[2011/08/04 22:19:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina Marketing Corp
[2011/10/29 20:22:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Elephant Games
[2011/11/21 19:47:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ERS Game Studios
[2013/10/17 13:02:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Faerie Solitaire
[2014/02/27 00:10:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\IObit
[2011/07/26 17:15:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MumboJumbo
[2011/07/22 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OEM
[2013/11/05 13:54:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2011/07/24 11:39:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security
[2011/11/11 01:08:33 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking
[2011/11/12 18:32:30 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhotoFiltre
[2013/08/08 20:47:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PhotoScape
[2011/07/23 22:48:43 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PlayFirst
[2011/08/22 16:16:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SpinTop Games
[2011/11/08 11:44:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template
[2011/07/24 10:22:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Tific
[2011/09/30 16:55:37 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vogat Interactive
[2013/10/17 12:58:08 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WildTangent
[2011/07/23 20:03:22 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Windows Live Writer

< End of report >
 


  • 0

#115
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

New Malware downloaded and running now.  Will post log shortly.


  • 0

Advertisements


#116
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

Malware Bytes Log:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.04.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
Owner :: AR34KJ8F05 [administrator]

Protection: Disabled

4/8/2014 9:42:35 AM
mbam-log-2014-04-08 (09-42-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257888
Time elapsed: 3 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

Ball is now in your court.


  • 0

#117
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

Thanks for the logs, off to work now, will get back to you later. Looking much better though :)


  • 0

#118
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
There is a folder on your Desktop called Documents, inside that folder is another folder called Geel Squad Data Backup What is that folder for?
  • 0

#119
ColtsFan18

ColtsFan18

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 372 posts

When our old machine died, we got a new tower and had all of our data transferred by the Geek Squad at Best Buy, I'm pretty sure that is from them.


  • 0

#120
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
OK there is a lot of junk in that folder that I will delete in my next post. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP