Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

got a bug...redirects and changed homepage [Closed]


  • This topic is locked This topic is locked

#16
tammy111

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

ok. here is adwcleaner log.....

 

# AdwCleaner v3.211 - Report created 04/06/2014 at 20:31:12
# Updated 26/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Todd - TODD-DXK8MBK1O8
# Running from : C:\Documents and Settings\Todd\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Documents and Settings\Brooke\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[!] Folder Deleted : C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\invalidprefs.js
File Deleted : C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\lq1eq597.default\user.js
File Deleted : C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\whqpobn2.default\user.js
File Deleted : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\File Type Assistant\tsassist.exe]
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Speedial
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
[x] Not Deleted : HKCU\Software\AppDataLow\Software
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\InstallCore
Key Deleted : HKLM\Software\Myfree Codec
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v29.0.1 (en-US)

[ File : C:\Documents and Settings\Brooke\Application Data\Mozilla\Firefox\Profiles\lq1eq597.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=nt&installDate=18/05/2013");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&installDate=18/05/2013&q=");

[ File : C:\Documents and Settings\Tammy\Application Data\Mozilla\Firefox\Profiles\whqpobn2.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=nt&installDate=18/05/2013");
Line Deleted : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&installDate=18/05/2013&q=");

[ File : C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ File : C:\Documents and Settings\Brooke\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Startup_urls] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=hp&installDate=18/05/2013
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd

[ File : C:\Documents and Settings\Tammy\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://feed.snapdo.com/?publisher=QuickObrw&dpid=QuickObrw&co=US&userid=3e9092d3-7cfb-4110-98fc-0063454c5dbf&searchtype=ds&q={searchTerms}&installDate=18/05/2013
Deleted [Extension] : dlnembnfbcpjnepmfjmngjenhhajpdfd

[ File : C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=quickobrw&country=us&feedid=infospace&st=nt&dpid=us&lan=en&start=1
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [6578 octets] - [04/06/2014 13:13:31]
AdwCleaner[S0].txt - [6279 octets] - [04/06/2014 20:31:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6339 octets] ##########
 


  • 0

Advertisements


#17
tammy111

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

jrt log...

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Todd on Wed 06/04/2014 at 20:37:22.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/04/2014 at 20:47:05.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


  • 0

#18
tammy111

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

otl quick scan log....

 

OTL logfile created on: 6/4/2014 9:46:49 PM - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.50 Gb Total Physical Memory | 1.92 Gb Available Physical Memory | 76.70% Memory free
4.35 Gb Paging File | 3.90 Gb Available in Paging File | 89.75% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 233.75 Gb Total Space | 200.80 Gb Free Space | 85.91% Space Free | Partition Type: NTFS
Drive F: | 3.80 Gb Total Space | 0.00 Gb Free Space | 0.08% Space Free | Partition Type: FAT32
 
Computer Name: TODD-DXK8MBK1O8 | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/02 19:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2014/05/11 01:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\21.3.0.12\n360.exe
PRC - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2014/02/07 19:14:28 | 000,311,616 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2014/02/07 19:14:22 | 001,564,992 | ---- | M] (Samsung) -- C:\Program Files\SAMSUNG\Kies\Kies.exe
PRC - [2013/06/26 02:22:46 | 000,005,632 | ---- | M] (The Neat Company) -- C:\Program Files\Neat\exec\NeatStartupService.exe
PRC - [2013/06/25 11:08:26 | 000,192,512 | ---- | M] (Two Pilots) -- C:\WINDOWS\VPDAgent.exe
PRC - [2012/07/18 12:02:42 | 000,313,248 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
PRC - [2012/03/20 08:33:59 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2011/11/15 09:04:06 | 000,366,496 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe
PRC - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HPBDSService\HPBDSService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/22 16:21:48 | 015,007,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Theme\eb1567138a8ca8d15926d88c7bff7a65\Kies.Theme.ni.dll
MOD - [2014/04/22 16:21:47 | 000,307,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\7477a9a40c6b19720545c69677887919\DummyStorePlugin.ni.dll
MOD - [2014/04/22 16:21:46 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\bf499296e051b8e807d08580b8391570\DeviceStoryAlbum.ni.dll
MOD - [2014/04/22 16:21:45 | 000,612,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePodcast\1706bdf8287b74e25f172f0eadc3eaec\DevicePodcast.ni.dll
MOD - [2014/04/22 16:21:43 | 000,296,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceVideo\01c053718094821743086798c5c07da6\DeviceVideo.ni.dll
MOD - [2014/04/22 16:21:42 | 000,363,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DevicePhoto\bd267d0b6bb73dc353c9967fe19a9627\DevicePhoto.ni.dll
MOD - [2014/04/22 16:21:41 | 000,304,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceMusic\1813d6985b692efde809e0f09c659db2\DeviceMusic.ni.dll
MOD - [2014/04/22 16:21:40 | 000,470,528 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\VideoManager\535e5af2606eb0275530dbc10265e5c0\VideoManager.ni.dll
MOD - [2014/04/22 16:21:38 | 000,802,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PhotoManager\6d9c93bf14a4e465a8b9e5a0492e365b\PhotoManager.ni.dll
MOD - [2014/04/22 16:21:36 | 001,989,120 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Phonebook\1e87a622d138b03e75202fa175964a4d\Phonebook.ni.dll
MOD - [2014/04/22 16:21:30 | 000,204,288 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\470fdea1e5c55c5e30f0630e17f3e4dd\StoryAlbumManager.ni.dll
MOD - [2014/04/22 16:21:28 | 000,941,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\MusicManager\a1d21895b79120a0a20bb52831c3d217\MusicManager.ni.dll
MOD - [2014/04/22 16:21:26 | 000,403,968 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\BATPlugin\f9e9b5a5d56f9441824f1090e4726916\BATPlugin.ni.dll
MOD - [2014/04/22 16:21:20 | 000,534,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f5135f3255b705b5136781979c21bd5c\Kies.Common.MediaDB.ni.dll
MOD - [2014/04/22 16:21:20 | 000,029,184 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\04ad4f3a71401a7823e6102f7ae4caad\Kies.Common.StoreManager.ni.dll
MOD - [2014/04/22 16:21:18 | 000,232,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\2207e52f5f4e21ed5d967316928c9045\ASF_cSharpAPI.ni.dll
MOD - [2014/04/22 16:21:18 | 000,063,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\bd8170edbc07c9ce57b7ada16bbd4462\Kies.Common.AllShare.ni.dll
MOD - [2014/04/22 16:21:16 | 000,066,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\1c5d02d34ca5b501c185e9fe1c8d954b\Kies.Common.DBManager.ni.dll
MOD - [2014/04/22 16:21:15 | 000,110,080 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\16e7105de4302d2ab3d0c84ce8907b8d\Kies.Common.CRMManager.ni.dll
MOD - [2014/04/22 16:21:14 | 001,144,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Podcaster\be12b41d0ab13fdf9bc7b7d7f87c6ef4\Podcaster.ni.dll
MOD - [2014/04/22 16:21:11 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\9e778f6e820284ef3b681ac8302a8cdb\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2014/04/22 16:21:10 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\de2f1387ce526e6d640bf20918e0f8f8\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2014/04/22 16:21:09 | 000,582,144 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\203cadbc9047d0c7ff2f82e9c538ed42\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2014/04/22 16:21:09 | 000,178,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\44d00bb04f694aba386f86ed27b2f27a\Interop.DevFileServiceLib.ni.dll
MOD - [2014/04/22 16:21:07 | 001,278,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\42a31a515359413a798ab9a1fddfa885\Kies.Common.DeviceService.ni.dll
MOD - [2014/04/22 16:21:04 | 001,003,008 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\8fa191755bf4ff4c50d1eb1105edd193\DeviceCommonLib.ni.dll
MOD - [2014/04/22 16:21:02 | 000,753,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\07fddf027eb525155222a201d55826d7\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2014/04/22 16:21:00 | 000,202,240 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\994f1dd6044a5db4131d34bc687fe1fc\Kies.Common.MainUI.ni.dll
MOD - [2014/04/22 16:20:31 | 000,046,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ceb5dd754b7521198ff262589e59a31b\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2014/04/22 16:20:30 | 000,975,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\ff94aa3d204ab100470d772d220b2822\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2014/04/22 16:20:27 | 000,032,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\1267c6c36623cf38b0ebd4fb407f31eb\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2014/04/22 16:20:26 | 000,171,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\6158db7c0e85e28461a890af020dae78\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2014/04/22 16:20:26 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\e46d988e3b1489435ef46cab3325a0a7\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2014/04/22 16:20:26 | 000,030,720 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\5b6569f33cfb2179b0235f21ef8f60ac\Interop.PRPLAYERCORELib.ni.dll
MOD - [2014/04/22 16:20:23 | 002,221,568 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\c8b4e1207d0bc136e18acab1fdca52cb\Kies.Common.Multimedia.ni.dll
MOD - [2014/04/22 16:20:16 | 000,643,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d1bf1eac62ef0bb22434e4c0a92742d0\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2014/04/22 16:20:16 | 000,189,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\02efb5a8c92d753ea94bf56a872674e5\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2014/04/22 16:20:06 | 007,245,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\DeviceHost\cc351bceb84fb58cb6f8db599776c2ce\DeviceHost.ni.dll
MOD - [2014/04/22 16:19:54 | 000,395,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CabLib\74824938f97437534d353ccff4c8e07d\CabLib.ni.dll
MOD - [2014/04/22 16:19:53 | 000,322,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\27d22f05aec7d344813f6daf921eeff7\Kies.Common.Util.ni.dll
MOD - [2014/04/22 16:19:51 | 000,052,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\b9206253758b660a73d865cb26547cfb\Interop.DeviceSearchLib.ni.dll
MOD - [2014/04/22 16:19:50 | 001,759,744 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Locale\5f849ed4376b03ccf5fae726d3c29d21\Kies.Locale.ni.dll
MOD - [2014/04/22 16:19:49 | 000,079,360 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\cc6f2718029ae3830649e0d7193f1578\Kies.MVVM.ni.dll
MOD - [2014/04/22 16:19:48 | 001,967,104 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.UI\098f5f50bbc49cdd1911d25effd2a460\Kies.UI.ni.dll
MOD - [2014/04/22 16:19:44 | 000,154,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\581d41d208cbd24a85a9ff43eb4e9509\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2014/04/22 16:19:41 | 001,365,504 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies.Interface\0c1f43fdef5cc1a458d85081f2f5cedf\Kies.Interface.ni.dll
MOD - [2014/04/22 16:19:38 | 002,179,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Kies\6627b4986840bc18732e2272367025fa\Kies.ni.exe
MOD - [2014/02/12 17:36:57 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/02/12 17:36:36 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9ec8060dd7bfb448f298dcd12d547062\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 17:35:44 | 001,801,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\d116eda30a35c490e59221b0ebac6fcd\System.Xaml.ni.dll
MOD - [2014/02/12 17:35:35 | 000,400,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\f0bb94276be98ff9ff0b22152fa633b9\System.Xml.Linq.ni.dll
MOD - [2014/02/12 17:34:58 | 011,906,048 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\f0b0625c2db624ba9c97ad1b12490d79\System.Web.ni.dll
MOD - [2014/02/12 17:34:45 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8cd995f00848816e3ec49dc326e3d49b\System.ServiceProcess.ni.dll
MOD - [2014/02/12 17:34:35 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\5c157466d360a10b2c97e94b41ddc588\System.Management.ni.dll
MOD - [2014/02/12 17:34:34 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
MOD - [2014/02/12 17:34:26 | 001,801,216 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\c7e59f98afa4214b3bee9273cf50d2b0\System.Deployment.ni.dll
MOD - [2014/02/12 17:33:11 | 000,978,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b6e70acd99dc22e29b7fc8f9ac340c4\System.Configuration.ni.dll
MOD - [2014/02/12 17:27:11 | 005,628,928 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/02/12 17:27:04 | 001,014,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/02/12 17:26:27 | 018,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9aafa1869d136f77bc483f25d0795229\PresentationFramework.ni.dll
MOD - [2014/02/12 17:26:00 | 011,451,904 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\b307821c69c09ed0a2ee47122fdcdd4d\PresentationCore.ni.dll
MOD - [2014/02/12 17:25:42 | 003,858,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\49605239a73cd565e3a08048a31b442e\WindowsBase.ni.dll
MOD - [2014/02/12 17:25:29 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a4b5a1a06d2d7f77258943c8c228a5e0\System.Core.ni.dll
MOD - [2014/02/12 17:25:17 | 009,099,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/02/12 17:25:05 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2014/02/12 17:20:39 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2014/02/12 17:12:52 | 005,462,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\7faf645dc46781225cb722edf9e1e738\System.Xml.ni.dll
MOD - [2014/02/12 17:12:45 | 012,434,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1cdfe1998ad6794db3237006906c6fa2\System.Windows.Forms.ni.dll
MOD - [2014/02/12 17:12:28 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\424bff3295c6e7539cc6df62b9425bd0\System.Drawing.ni.dll
MOD - [2014/02/12 17:12:01 | 002,295,808 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\159b4a6888004de346d499841ec088a7\System.Core.ni.dll
MOD - [2014/02/12 17:11:46 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\dad6af4d4f3b92adf0497c5ec9565236\PresentationFramework.ni.dll
MOD - [2014/02/12 17:11:20 | 012,218,880 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\89c032d0f8bccf31bb55b775a10c6992\PresentationCore.ni.dll
MOD - [2014/02/12 17:07:14 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\872e96c13f44bfaeff84d126fb847963\WindowsBase.ni.dll
MOD - [2014/02/12 17:06:50 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\4b0455ae94e3cecca4bb3ba8c96828c9\System.ni.dll
MOD - [2014/02/12 17:06:25 | 011,497,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\dae02331a443fb52216ca83292cb2f21\mscorlib.ni.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/06/25 11:08:26 | 000,048,640 | ---- | M] () -- C:\WINDOWS\system32\sdtnpm.dll
MOD - [2011/10/11 08:40:16 | 000,045,568 | ---- | M] () -- C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\InteropHelper.dll
MOD - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/13 21:18:28 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/11 01:52:43 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/10 00:40:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/14 20:08:53 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/26 02:22:46 | 000,005,632 | ---- | M] (The Neat Company) [Auto | Running] -- C:\Program Files\Neat\exec\NeatStartupService.exe -- (Neat Startup Service)
SRV - [2013/06/25 11:08:26 | 000,192,512 | ---- | M] (Two Pilots) [Auto | Running] -- C:\WINDOWS\VPDAgent.exe -- (Agent)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2003/06/16 19:02:24 | 000,061,440 | ---- | M] () [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe -- (spkrmon)
SRV - [2003/03/03 13:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/05/09 20:07:24 | 001,101,616 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2014/04/05 04:23:34 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140604.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2014/04/05 04:23:34 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140604.005\NAVENG.SYS -- (NAVENG)
DRV - [2014/03/25 18:12:29 | 000,383,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140604.002\IDSXpx86.sys -- (IDSxpx86)
DRV - [2014/03/03 23:18:12 | 000,936,152 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symefa.sys -- (SymEFA)
DRV - [2014/02/17 20:32:41 | 000,423,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symtdi.sys -- (SYMTDI)
DRV - [2014/02/12 20:59:49 | 000,664,280 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\srtsp.sys -- (SRTSP)
DRV - [2013/12/11 06:09:31 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/12/05 22:26:07 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2013/11/17 17:47:57 | 000,142,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2013/09/26 21:45:56 | 000,206,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\ironx86.sys -- (SymIRON)
DRV - [2013/09/25 21:50:25 | 000,127,064 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\ccsetx86.sys -- (ccSet_N360)
DRV - [2013/09/09 21:47:26 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\symds.sys -- (SymDS)
DRV - [2013/09/09 20:49:48 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\1503000.00C\srtspx.sys -- (SRTSPX)
DRV - [2012/03/20 07:36:44 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2003/09/22 12:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-861567501-308236825-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/04 21:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/12/06 09:28:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2013/05/18 15:45:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2014/06/04 12:39:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\m0xxmefr.default-1375845840406\extensions
[2014/06/03 12:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/05/10 00:40:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/10 00:40:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Speedial ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://speedial.com/...r=811558261&ir=
CHR - plugin: First user (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Wallet = C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
 
O1 HOSTS File: ([2003/07/16 15:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-861567501-308236825-839522115-1004\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [StatusAlerts] C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-861567501-308236825-839522115-1004..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder.lnk = C:\Program Files\Creative Home\Hallmark Card Studio 2012 Deluxe\Planner\PLNRnote.exe (Creative Home)
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-308236825-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_51)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7722E195-1173-497E-B325-4C8635A89E81}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7722E195-1173-497E-B325-4C8635A89E81}: NameServer = 8.8.8.8,8.8.4.4
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://i.ebayimg.com...c lw~~60_35.JPG
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/19 20:41:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 20:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/06/04 20:36:28 | 001,016,261 | ---- | C] (Thisisu) -- C:\Documents and Settings\Todd\Desktop\JRT.exe
[2014/06/04 13:14:01 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\WINDOWS\System32\sqlite3.dll
[2014/06/04 13:13:29 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/03 12:36:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/03 12:26:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2014/06/03 12:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2014/06/03 12:26:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2014/06/03 12:25:22 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Documents and Settings\Todd\Desktop\erunt-setup.exe
[2014/06/02 20:21:04 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Todd\Desktop\aswmbr.exe
[2014/06/02 19:31:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2014/06/01 18:16:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\OpenOfficeBeta
[2014/06/01 18:09:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2014/06/01 18:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\FlvPlayer
[2014/06/01 18:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlvPlayer
[2014/05/23 15:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2014/05/23 15:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/23 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/23 15:46:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2014/05/14 12:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014/05/10 00:40:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/04 21:39:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/06/04 21:38:25 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 21:38:25 | 000,000,220 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Logon.job
[2014/06/04 21:38:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/06/04 21:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/04 21:18:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/06/04 20:36:32 | 001,016,261 | ---- | M] (Thisisu) -- C:\Documents and Settings\Todd\Desktop\JRT.exe
[2014/06/04 13:12:18 | 001,327,971 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\AdwCleaner.exe
[2014/06/03 12:26:15 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/06/03 12:26:12 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\NTREGOPT.lnk
[2014/06/03 12:26:11 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\ERUNT.lnk
[2014/06/03 12:25:28 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Documents and Settings\Todd\Desktop\erunt-setup.exe
[2014/06/02 21:12:06 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\MBR.dat
[2014/06/02 20:21:16 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Todd\Desktop\aswmbr.exe
[2014/06/02 19:31:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2014/05/30 04:35:06 | 000,038,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\VT20140530.006
[2014/05/29 23:33:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2014/05/26 19:48:02 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2014/05/26 19:47:12 | 000,664,739 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\Cat.DB
[2014/05/23 15:47:43 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/05/21 14:31:11 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014/05/18 23:28:06 | 002,251,591 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\doc04354820140516150821.pdf
[2014/05/11 01:52:10 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\1503000.00C\isolate.ini
[2014/05/08 22:12:09 | 000,000,214 | ---- | M] () -- C:\WINDOWS\tasks\Microsoft Windows XP End of Service Notification Monthly.job
 
========== Files Created - No Company Name ==========
 
[2014/06/04 13:12:14 | 001,327,971 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\AdwCleaner.exe
[2014/06/03 12:26:15 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Todd\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2014/06/03 12:26:11 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\NTREGOPT.lnk
[2014/06/03 12:26:11 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\ERUNT.lnk
[2014/06/02 21:12:06 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\MBR.dat
[2014/06/02 18:08:02 | 000,000,042 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2014/05/23 15:47:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2014/05/18 23:27:57 | 002,251,591 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\doc04354820140516150821.pdf
[2014/04/23 04:49:37 | 000,520,034 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-861567501-308236825-839522115-1004-0.dat
[2014/04/23 04:49:36 | 000,260,026 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2014/01/23 18:31:12 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2014/01/23 18:31:08 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2014/01/23 18:31:08 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2014/01/23 18:31:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2014/01/23 18:31:08 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2014/01/03 09:48:42 | 000,156,040 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2013/09/29 12:47:26 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\sdtnpm.dll
[2013/07/28 04:36:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/26 08:11:02 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2012/03/19 21:48:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/23 15:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/03/20 18:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Manager
[2013/09/29 13:06:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2014/04/22 16:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2014/06/01 18:09:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/09/29 12:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Neat Company
[2013/04/08 11:33:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/03/21 14:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2014/06/01 18:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\FlvPlayer
[2013/09/29 13:06:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Neat
[2013/09/29 13:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Nuance
[2012/04/02 14:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\OpenOffice.org
[2014/06/01 18:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\OpenOfficeBeta
[2014/04/24 13:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Oracle
[2014/04/22 16:27:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Samsung
 
========== Purity Check ==========
 
 

< End of report >
 


  • 0

#19
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The scans look good. How is the computer behaving now?


  • 0

#20
tammy111

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts

I can open a new window now and it doesn't seem to redirect.

 

Thanks so much for your patience with me !!  ....And all your help !!!

 

tam


  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

You are welcome. Let's scan for any residual malware files and make sure your programs are up to date.
 
Step-1.
Please download Malwarebytes Anti-Malware Free from here.

  • Double click to install the progamme
  • When the popup "Completing the Malwarebytes Anti-Malware Setup Wizard" appears, uncheck the box Enable free trial of Malwarebytes Anti-Malware Premium

MBAMcompletinginstall.jpg

  • The MBAM console/dashboard will appear together with an alert to update - click the green button Update Now
  • When update is complete select Settings > Detection and Protection and check (tick) Scan for rootkits

MBAMSettings-1.jpg

Go back to the Dashboard and click on the green Scan Now button.

MBAM1.jpg

  • If threats are detected, click the Apply Actions button, MBAM may ask for a reboot. Let it do so.

MBAMReboot.JPG

  • On completion of the scan (or after the reboot) select View Detailed Log (to the right on the light green strip)
  • Click on the Export button and select Text file and save to the desktop

MBAMLog.JPG

Copy and paste the log back here.

Step-2.
Run ESET Online Scanner:

Note: Optimized for Internet Explorer but you can use Chrome or Mozilla FireFox for this scan.

Important! You will need to disable your currently installed Anti-Virus program, how to do so can be read here.

  • Please go here then click on:

    realrunesetscannerbutton.jpg

    Note: If using Mozilla Firefox a window will open telling you that you will need to download the ESET Smart Installer. Click on esetsmartinstaller_enu.exe to download the Smart Installer. Save it to the desktop.
    When prompted double click on the esetsmartinstaller_enu.png icon on the desktop. After successful installation of ESET Smart Installer ESET Online Scanner is launched in a new window.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • A new window will open:

    eseteula.jpg
  • Select the option YES, I accept the Terms of Use then click on:

    esetstartaftereulaapproval.jpg
  • When prompted allow the Add-On/Active X to install. The following window will open:

    esetdirectionalchecks.jpg
    • Uncheck the box beside Remove Found Threats
    • Check the box Scan archives.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: esetstartaftersettingsmade.jpg
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours
  • .
  • Wait for the scan to finish. Do not touch either the Mouse or keyboard during the scan
  • . Otherwise it may stall.

When The Scan is Complete:

A.
If No Threats Were Found:

  • Put a checkmark in Uninstall application on close
  • Close the program
  • Report to me that nothing was found

B.
If Threats Were Found:

  • Click on list of threats found
  • Click on export to text file and save it to the desktop
  • as ESET SCAN.txt
  • Click on Back
  • Put a checkmark in Uninstall application on close Be sure you have saved the file first
  • Click on Finish
  • Close the program
  • Don't forget to enable your Antivirus program and screen saver.

Step-3.
Run Security Check
Download Security Check from here or here and save it to the Desktop.

  • Double click the SecurityCheck icon SecurityCheckIcon2.png to run the application.
  • Follow the onscreen instructions inside of the black box.

    securitycheck.jpg
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  • NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

Things For Your Next Post:
Please post the logs in the order requested. Please don't attach the logs unless I request it.
1. The MalwareBytes log
2. The ESET scan log (IF it found anything). If it didn't just tell me.
3. The checkup.txt log


  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP