Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Audio adds running in the background [Closed]

Started by kaykweb , Apr 23 2014 11:17 PM
Dont know what this means

  • This topic is locked This topic is locked

#1
kaykweb
Posted 23 April 2014 - 11:17 PM

kaykweb

    New Member

  • Member
  • Pip
  • 1 posts

For a few days now I have had unwanted audio adds running in the background on my computer.  They're like pop-ups without a picture.  They run almost constantly--perhaps with a few minutes break.  Sometimes multiple adds run all at the same time and sometimes in a foreign lanquage--Spanish I think.  Sometimes these adds are very staticy too.  I can just turn the sound off and use my computer normally but much of the time I need my speakers on such as when I'm using Skype or trying to watch a video with sound.  The unwanted adds just continue in the background making it impossible to enjoy Skype or videos.  I have to idea where this problem came from but it got by Microsoft Security Essentials, and the free editions of Super Anti Spyware and Spybot Seach and Destroy  I have tried Spy Hunter which I purchased (big mistake)  as well as AdwCleaner in a effort to solve this problem but with no success.  Other than the "voices" my computer seems to be working just fine--perhaps a little slow but barely noticable.  My computer is a Dell Studio 17 laptop and I'm running Wintows Vista.  It's about 5 years old so maybe it just needs to be replaced at this point.  Thank you for any help or advice you can give me.

Kay

 

 

OTL logfile created on: 4/23/2014 11:19:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kay\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.96 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 40.31% Memory free
8.13 Gb Paging File | 5.52 Gb Available in Paging File | 67.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.01 Gb Total Space | 175.73 Gb Free Space | 61.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 1.46 Gb Free Space | 14.56% Space Free | Partition Type: NTFS
Drive G: | 14.83 Gb Total Space | 14.36 Gb Free Space | 96.82% Space Free | Partition Type: FAT32
Drive H: | 596.02 Gb Total Space | 581.41 Gb Free Space | 97.55% Space Free | Partition Type: FAT32
 
Computer Name: KAY-PC | User Name: Kay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2014/04/23 23:08:26 | 000,350,488 | ---- | M] () -- C:\Program Files (x86)\bomlabio\bin\utilbomlabio.exe
PRC - [2014/04/23 22:57:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Desktop\OTL.exe
PRC - [2014/04/23 22:05:15 | 000,350,488 | ---- | M] () -- C:\Program Files (x86)\bomlabio\updatebomlabio.exe
PRC - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe
PRC - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 17:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/01/26 17:07:52 | 001,058,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/27 20:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 12:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/12/17 23:27:22 | 004,823,928 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/05 17:17:08 | 000,095,488 | ---- | M] (Sensible Vision ) -- C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
PRC - [2008/07/04 14:16:58 | 000,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/02/19 10:43:30 | 000,438,403 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/22 11:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/02/26 13:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2008/12/17 23:24:14 | 006,510,416 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtGui4.dll
MOD - [2008/12/17 23:24:14 | 001,657,168 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtCore4.dll
MOD - [2008/12/17 23:24:14 | 000,396,112 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtOpenGL4.dll
MOD - [2008/12/17 23:24:14 | 000,366,928 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\QtNetwork4.dll
MOD - [2008/12/17 23:24:14 | 000,027,472 | ---- | M] () -- C:\Program Files (x86)\Dell Video Chat\SDL.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/30 22:23:42 | 000,127,752 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2014/03/11 12:34:10 | 000,347,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/03/11 12:34:10 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/01/09 07:15:48 | 001,025,408 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2012/07/11 13:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Disabled | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2012/05/10 14:00:00 | 000,608,864 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/12/12 00:00:00 | 000,135,824 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\EscSvc64.exe -- (EpsonScanSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2008/12/22 05:35:16 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/12/22 04:26:38 | 000,281,600 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/12/22 04:26:06 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_cce24a4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/12/18 13:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\svchost.exe -- (hpqddsvc)
SRV:64bit: - [2008/01/20 21:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (hpqcxs08)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/04/23 23:08:26 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\bomlabio\bin\utilbomlabio.exe -- (Util bomlabio)
SRV - [2014/04/23 22:05:15 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\bomlabio\updatebomlabio.exe -- (Update bomlabio)
SRV - [2014/04/16 13:35:07 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/01 15:11:20 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/12/14 17:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 17:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/10/02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/05 17:16:54 | 002,340,096 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/11 09:52:30 | 000,133,928 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/03/02 04:10:44 | 000,050,976 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2014/01/07 03:47:06 | 000,014,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/09/15 23:21:09 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/12/14 17:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/06/22 11:01:32 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/29 00:25:16 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/03/08 10:03:36 | 000,067,104 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\itecir.sys -- (itecir)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/04/11 00:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/03/08 17:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 07:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2008/12/22 05:34:48 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/12/22 04:26:52 | 000,472,064 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/17 04:22:04 | 001,526,776 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/11/24 03:29:58 | 000,126,464 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/08/25 06:26:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/08/02 16:36:16 | 000,243,840 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\facap.sys -- (FACAP)
DRV:64bit: - [2008/07/17 05:59:12 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2008/07/17 05:59:10 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/07/17 05:59:08 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2008/07/16 06:50:42 | 000,239,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2008/02/21 03:10:36 | 000,196,992 | ---- | M] (Omnivision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ov550ivx.sys -- (OV550I)
DRV:64bit: - [2008/01/20 21:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/11/14 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/03 17:05:18 | 000,114,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2007/07/03 17:04:44 | 000,142,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2007/07/03 17:04:16 | 000,016,040 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2007/07/03 17:02:12 | 000,105,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2006/11/02 02:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{62B15CB1-3DAC-4D69-9F14-391078AD261E}: "URL" = https://www.google.c...?q={searchTerms}
IE - HKCU\..\SearchScopes\{CC0D8809-079A-4D6A-A069-D4BB73DED3DA}: "URL" = http://www.google.co...1I7AURU_enUS501
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.MapsGalaxy_39.com/Plugin: C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@lightspark.github.com/Lightspark;version=1: C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/26 15:49:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013/10/21 01:18:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\VideoPlayerV3\VideoPlayerV3beta563\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha545\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014/02/05 00:51:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1827\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1253\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha9273\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home429\ff
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013/10/21 01:18:13 | 000,000,000 | ---D | M]
 
[2013/09/15 21:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kay\AppData\Roaming\Mozilla\Extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\BETTERSURF\BETTERSURFPLUS\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAPLAYERV1\MEDIAPLAYERV1ALPHA545\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAVIEWERV1\MEDIAVIEWERV1ALPHA1827\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAVIEWV1\MEDIAVIEWV1ALPHA1253\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAVIEWV1\MEDIAVIEWV1ALPHA9273\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\MEDIAWATCHV1\MEDIAWATCHV1HOME429\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\VIDEOPLAYERV3\VIDEOPLAYERV3BETA563\FF
File not found (No name found) -- C:\PROGRAM FILES (X86)\WEBEXPENHANCEDV1\WEBEXPENHANCEDV1ALPHA797\FF
 
O1 HOSTS File: ([2012/10/30 16:11:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FAIESSOHelper Class) - {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (E-Web Print) - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\EPSON Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [LTCM Client] C:\Program Files (x86)\LTCM Client\ltcmClient.exe (Leader Technologies Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Driver Manager] C:\Program Files (x86)\Driver Manager\Driver Manager\DriverManager.exe (PC Drivers Headquarters)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Circus.lnk = C:\Program Files (x86)\Jacquie Lawson Circus\Jacquie Lawson Circus.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1694DBF-D6C2-4B79-B95C-1E97B7C54433}: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O24 - Desktop WallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Kay\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/04/21 21:24:27 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/23 23:08:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/23 22:56:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kay\Desktop\OTL.exe
[2014/04/22 08:04:42 | 000,000,000 | -HSD | C] -- C:\found.000
[2014/04/21 21:23:47 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2014/04/21 21:23:40 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2014/04/21 21:23:40 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/04/21 21:22:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2014/04/21 20:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileParade bundle uninstaller
[2014/04/21 13:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/04/17 05:03:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2014/04/03 16:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2014/04/03 16:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2014/04/03 15:24:55 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\iWebar
[2014/04/03 15:23:55 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\pptaddin
[2014/04/03 15:21:01 | 000,000,000 | ---D | C] -- C:\Users\Kay\AppData\Local\CrashRpt
[2014/03/31 22:28:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/03/31 22:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/03/30 22:59:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/03/30 22:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2014/03/30 22:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2014/03/30 22:15:39 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/03/30 21:17:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/03/30 20:42:53 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/23 23:15:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/23 23:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/04/23 23:00:00 | 000,000,788 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 4121856030.job
[2014/04/23 23:00:00 | 000,000,788 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 3420081092.job
[2014/04/23 22:57:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kay\Desktop\OTL.exe
[2014/04/23 22:41:10 | 000,000,081 | ---- | M] () -- C:\Windows\SysNative\sguekpy.vks
[2014/04/23 21:33:08 | 000,000,910 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Circus.lnk
[2014/04/23 21:31:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/23 21:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 21:30:56 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/04/23 21:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/04/23 21:30:39 | 4251,865,088 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/21 21:24:27 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2014/04/21 21:23:47 | 000,002,087 | ---- | M] () -- C:\Users\Kay\Desktop\SpyHunter.lnk
[2014/04/21 13:47:27 | 000,000,163 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/04/21 13:11:40 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014/04/21 13:11:40 | 000,011,240 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014/04/21 13:11:36 | 000,007,962 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2014/04/20 02:12:52 | 000,303,616 | ---- | M] () -- C:\Users\Kay\Documents\Easter'14 Web.hmk
[2014/04/19 00:35:05 | 000,961,566 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Rachel.avi
[2014/04/19 00:34:18 | 000,289,792 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Rachel.hmk
[2014/04/19 00:29:39 | 000,099,840 | ---- | M] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/04/16 18:28:04 | 000,770,374 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Everyone.avi
[2014/04/16 18:05:30 | 001,012,062 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 P & S.avi
[2014/04/16 17:12:58 | 000,191,488 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Eurya.hmk
[2014/04/16 16:29:15 | 000,159,232 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Helen.hmk
[2014/04/16 16:07:06 | 000,165,888 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Cap.hmk
[2014/04/15 14:50:51 | 000,156,672 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 MJ.hmk
[2014/04/15 14:41:33 | 000,740,864 | ---- | M] () -- C:\Users\Kay\Documents\Easter '14 Starks.hmk
[2014/04/10 17:26:55 | 000,005,053 | ---- | M] () -- C:\Users\Kay\Documents\Koemen Donation '14.mht
[2014/04/06 23:24:50 | 000,334,336 | ---- | M] () -- C:\Users\Kay\Documents\Birthday '14 Jackie 87.hmk
[2014/04/03 16:04:20 | 000,000,000 | ---- | M] () -- C:\END
[2014/03/31 00:49:40 | 000,002,373 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2014/03/31 00:08:45 | 000,002,747 | ---- | M] () -- C:\Users\Kay\Application Data\Microsoft\Internet Explorer\Quick Launch\Event Planner 2010.lnk
[2014/03/30 22:29:30 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\uqqzfo.hbj
[2014/03/30 22:29:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\jxxijed.zro
[2014/03/30 22:13:10 | 000,299,344 | --S- | M] () -- C:\Windows\SysNative\pqxyyq.xbl
[2014/03/30 21:28:19 | 000,000,680 | ---- | M] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2014/03/26 23:03:50 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/03/25 22:44:00 | 000,098,304 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\wzbspw.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/23 15:08:15 | 4251,865,088 | -HS- | C] () -- C:\hiberfil.sys
[2014/04/21 23:06:30 | 000,285,747 | ---- | C] () -- C:\shldr
[2014/04/21 23:06:30 | 000,008,192 | ---- | C] () -- C:\shldr.mbr
[2014/04/21 21:24:27 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/04/21 21:23:53 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2014/04/21 21:23:47 | 000,002,087 | ---- | C] () -- C:\Users\Kay\Desktop\SpyHunter.lnk
[2014/04/21 13:34:54 | 000,000,163 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/04/21 13:11:33 | 000,007,962 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2014/04/20 02:12:52 | 000,303,616 | ---- | C] () -- C:\Users\Kay\Documents\Easter'14 Web.hmk
[2014/04/19 00:34:18 | 000,289,792 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Rachel.hmk
[2014/04/19 00:30:19 | 000,961,566 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Rachel.avi
[2014/04/16 18:28:16 | 000,770,374 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Everyone.avi
[2014/04/16 18:05:50 | 001,012,062 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 P & S.avi
[2014/04/16 17:12:58 | 000,191,488 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Eurya.hmk
[2014/04/16 16:29:15 | 000,159,232 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Helen.hmk
[2014/04/16 16:07:05 | 000,165,888 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Cap.hmk
[2014/04/15 14:50:51 | 000,156,672 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 MJ.hmk
[2014/04/15 14:41:32 | 000,740,864 | ---- | C] () -- C:\Users\Kay\Documents\Easter '14 Starks.hmk
[2014/04/10 17:26:54 | 000,005,053 | ---- | C] () -- C:\Users\Kay\Documents\Koemen Donation '14.mht
[2014/04/06 23:24:50 | 000,334,336 | ---- | C] () -- C:\Users\Kay\Documents\Birthday '14 Jackie 87.hmk
[2014/04/03 15:01:30 | 000,000,000 | ---- | C] () -- C:\END
[2014/03/30 22:59:09 | 000,011,240 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014/03/30 22:47:48 | 000,000,081 | ---- | C] () -- C:\Windows\SysNative\sguekpy.vks
[2014/03/30 22:29:30 | 000,000,064 | ---- | C] () -- C:\Windows\SysNative\uqqzfo.hbj
[2014/03/30 22:29:30 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\jxxijed.zro
[2014/03/30 22:13:10 | 000,299,344 | --S- | C] () -- C:\Windows\SysNative\pqxyyq.xbl
[2014/03/30 20:12:33 | 000,000,788 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 4121856030.job
[2014/03/29 17:18:41 | 000,000,788 | ---- | C] () -- C:\Windows\tasks\Security Center Update - 3420081092.job
[2014/03/25 22:44:00 | 000,098,304 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wzbspw.dll
[2014/01/30 01:58:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/11/11 01:34:51 | 000,038,442 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\Comma Separated Values (Windows).ADR
[2013/10/21 22:10:19 | 000,000,045 | ---- | C] () -- C:\Windows\WF-2530.ini
[2013/10/20 23:38:15 | 000,146,856 | ---- | C] () -- C:\Windows\hpoins31.dat
[2013/10/19 01:13:10 | 000,020,164 | ---- | C] () -- C:\Windows\hpqins11.dat
[2013/10/01 13:35:01 | 000,000,258 | RHS- | C] () -- C:\Users\Kay\ntuser.pol
[2013/07/31 23:04:23 | 000,000,055 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\mbam.context.scan
[2013/01/25 16:09:05 | 000,178,720 | ---- | C] () -- C:\Program Files (x86)\gtres.dll
[2011/11/15 00:01:41 | 001,493,071 | ---- | C] () -- C:\Users\Kay\Jackie swim.rtf
[2010/11/30 21:42:36 | 000,568,832 | -HS- | C] () -- C:\Users\Kay\ehthumbs_vista.db
[2010/08/03 20:36:26 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Enhance Tuning
[2010/08/03 20:36:26 | 000,000,268 | RH-- | C] () -- C:\Users\Kay\AppData\Roaming\Effects
[2010/08/03 20:36:26 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT
[2010/08/03 20:22:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Electric Piano
[2010/08/03 20:22:14 | 000,000,268 | RH-- | C] () -- C:\Users\Kay\AppData\Roaming\Dynamic Library
[2010/08/03 20:22:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2010/02/14 23:46:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/09/01 00:50:44 | 000,000,680 | ---- | C] () -- C:\Users\Kay\AppData\Local\d3d9caps.dat
[2009/05/09 22:33:25 | 000,099,840 | ---- | C] () -- C:\Users\Kay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/09 17:55:22 | 000,035,692 | ---- | C] () -- C:\Users\Kay\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"" = \\?\globalroot\Device\HarddiskVolume3\Users\Kay\AppData\Local\Temp\skoylxi\siorime\wow.dll
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"" = \\?\globalroot\Device\HarddiskVolume3\Users\Kay\AppData\Local\Temp\skoylxi\siorime\wow.dll
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== LOP Check ==========
 
[2013/11/25 01:29:39 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Epson
[2014/03/16 14:14:55 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\JLCircus
[2013/10/23 23:49:34 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Leader Technologies
[2013/10/21 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Leadertech
[2012/02/03 13:47:38 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Nikon
[2012/11/01 14:18:32 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\TeamViewer
[2013/06/20 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Template
[2011/08/11 08:56:44 | 000,000,000 | ---D | M] -- C:\Users\Kay\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 877 bytes -> C:\Users\Kay\Documents\Fw_ Frog Leap Test    It can be done!!!!!!.eml:OECustomProperty
@Alternate Data Stream - 869 bytes -> C:\Users\Kay\Documents\Grandma Faith's Website _ Circle the Cat.eml:OECustomProperty
@Alternate Data Stream - 841 bytes -> C:\Users\Kay\Documents\Emailing_ Lorraine's salmon loaf.eml:OECustomProperty
@Alternate Data Stream - 797 bytes -> C:\Users\Kay\Documents\Random act of culture.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\Kay\Documents\Webster's Holiday Greeting.eml:OECustomProperty
@Alternate Data Stream - 781 bytes -> C:\Users\Kay\Documents\I'm Sending You Spring!!.eml:OECustomProperty
@Alternate Data Stream - 777 bytes -> C:\Users\Kay\Documents\Fw_ Happy Easter with cute message.eml:OECustomProperty
@Alternate Data Stream - 669 bytes -> C:\Users\Kay\Documents\Breezy Point map.eml:OECustomProperty
@Alternate Data Stream - 662 bytes -> C:\Users\Kay\Documents\Fw_ In the land that made me, me.eml:OECustomProperty
@Alternate Data Stream - 649 bytes -> C:\Users\Kay\Documents\Camels.eml:OECustomProperty
@Alternate Data Stream - 587 bytes -> C:\Users\Kay\Documents\Helpful Hints.eml:OECustomProperty
@Alternate Data Stream - 559 bytes -> C:\Users\Kay\Documents\Goddess.eml:OECustomProperty
@Alternate Data Stream - 470 bytes -> C:\Users\Kay\Documents\XM 09 letter, email version.eml:OECustomProperty
@Alternate Data Stream - 470 bytes -> C:\Users\Kay\Documents\Email Christmas Letter 2.eml:OECustomProperty
@Alternate Data Stream - 4096 bytes -> C:\Users\Kay\Documents\Christmas '09 email final version.eml:OECustomProperty
@Alternate Data Stream - 1951 bytes -> C:\Users\Kay\Documents\Fwd_ Fw_ For Elvis Fans.eml:OECustomProperty
@Alternate Data Stream - 1659 bytes -> C:\Users\Kay\Documents\Fwd_ Norwegian Royal Guard____AWESOME.eml:OECustomProperty
@Alternate Data Stream - 1352 bytes -> C:\Users\Kay\Documents\Fw_ Bowling.eml:OECustomProperty
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 1029 bytes -> C:\Users\Kay\Documents\Fw_ The Art of Sleeping in a Box.eml:OECustomProperty

< End of report >


  • 0

Advertisements

#2
Essexboy
Posted 24 April 2014 - 07:07 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there you appear to have the Blackbeard/Zekos Trojan. This will take at least three or four runs to kill

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    OTL_Fix.GIF[/*]
    [/list] 
    :Commands
[CREATERESTOREPOINT]

:OTL
SRV - [2014/04/23 23:08:26 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\bomlabio\bin\utilbomlabio.exe -- (Util bomlabio)
SRV - [2014/04/23 22:05:15 | 000,350,488 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\bomlabio\updatebomlabio.exe -- (Update bomlabio)
O3 - HKLM\..\Toolbar: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (InboxDollars) - {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll File not found
[2014/04/23 23:00:00 | 000,000,788 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 4121856030.job
[2014/04/23 23:00:00 | 000,000,788 | ---- | M] () -- C:\Windows\tasks\Security Center Update - 3420081092.job
[2014/04/23 22:41:10 | 000,000,081 | ---- | M] () -- C:\Windows\SysNative\sguekpy.vks
[2014/03/30 22:29:30 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\uqqzfo.hbj
[2014/03/30 22:29:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\jxxijed.zro
[2014/03/30 22:13:10 | 000,299,344 | --S- | M] () -- C:\Windows\SysNative\pqxyyq.xbl
[2014/03/25 22:44:00 | 000,098,304 | ---- | M] () -- C:\Users\Kay\AppData\Roaming\wzbspw.dll

:Files
C:\Program Files (x86)\bomlabio
C:\Program Files (x86)\InboxDollars

:Commands
[resethosts]
[emptytemp]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

    THEN

    Download and Install Combofix

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    [list][*]Double click on ComboFix.exe & follow the prompts.
    [*]Accept the disclaimer and allow to update if it asks

    [img width=426 height=293]http://img.photobuck...claimer_ENG.png

NSIS_extraction.png
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.
  • Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
    3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


    Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

  • 0

#3
Essexboy
Posted 28 April 2014 - 08:51 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP