Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

computer running slow

Started by jimbo1949 , Jun 21 2014 11:56 AM

This topic is locked

#31
jimbo1949

Posted 23 June 2014 - 07:35 AM

Member

Topic Starter
Member
53 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by jim (administrator) on JIM-PC on 23-06-2014 06:12:07 Running from C:\Users\jim\Downloads Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo...=============== Processes (Whitelisted) ================= (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (VM Host Corporation) C:\ProgramData\MediaDev\1403477976\mediadev.exe () C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe (VM Host Corporation) C:\ProgramData\UpdateServer\1403457996\webdev.exe (The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ehome\mcupdate.exe () C:\ProgramData\UpdateTask\vmhost.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\jim\Downloads\FRST (6).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [EKIJ5000StatusMonitor] => C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe [1638400 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company) HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Run: [cdloader] => C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.) HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-2857200164-3729861948-2052089129-1001\...\MountPoints2: {4b326da4-6d86-11e3-8015-001cc0703165} - E:\ToolLauncher-Bootstrap.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...rosoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...rosoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF2D42C0A0CA2CE01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...= SearchScopes: HKLM - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - DefaultScope {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...= SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...459791&ir= BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...llExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-07] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) Chrome: ======= CHR HomePage: hxxp://google.search.com/ CHR StartupUrls: "hxxp://speedial.com/?f=7&a=spd_dnldstr_14_25_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDyBtDtAtCyCyD0DyDtD0CtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtBtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2StCyB0A0AyCyD0F0DtG0D0D0A0CtGtA0DtAyCtG0EyE0B0BtGtD0C0C0C0AyEtAtAtDyEzz0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtB0FtC0BtDtD0AtG0A0B0A0BtGyCtB0E0DtG0EyEyByDtGtB0FtCtD0EyBtBzzyEyBzy0B2Q&cr=1719459791&ir=", "hxxp://att.yahoo.com/" CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html" CHR Extension: (Google Drive) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-11] CHR Extension: (Speedial) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-22] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25] CHR Extension: (YouTube) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-11] CHR Extension: (Google Search) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-11] CHR Extension: (Google Play Books) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2014-05-11] CHR Extension: (Google Wallet) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-03] CHR Extension: (Gmail) - C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-11] CHR HKLM\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] CHR HKCU\...\Chrome\Extension: [pahlibmflidlfjjalcbfmhocodjolhjp] - C:\Users\jim\AppData\Local\CRE\pahlibmflidlfjjalcbfmhocodjolhjp.crx [2014-05-11] ========================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [119056 2013-05-23] (SUPERAntiSpyware.com) R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company) R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company) R2 MediaDevSrv; C:\ProgramData\MediaDev\1403477976\mediadev.exe [366952 2014-06-22] (VM Host Corporation) R2 System Update kb70007; C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe [16384 2014-04-23] () [File not signed] R2 WinDevSvc; C:\ProgramData\UpdateServer\1403457996\webdev.exe [389992 2014-06-22] (VM Host Corporation) ==================== Drivers (Whitelisted) ==================== R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S1 qknfd; system32\drivers\qknfd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-23 06:11 - 2014-06-23 06:11 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (6).exe 2014-06-22 23:51 - 2014-06-22 23:51 - 00001588 _____ () C:\Users\jim\Desktop\Continue FLVMPlayer.lnk 2014-06-22 23:49 - 2014-06-22 23:49 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (6).exe 2014-06-22 19:38 - 2014-06-22 19:38 - 00226080 _____ (Premium Installer ) C:\Users\jim\Downloads\Player-Chrome.exe 2014-06-22 17:40 - 2014-06-22 17:40 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (5).exe 2014-06-22 17:40 - 2014-06-22 17:40 - 00019148 _____ () C:\Users\jim\Desktop\download.htm 2014-06-22 16:25 - 2014-06-22 16:27 - 00013645 _____ () C:\Users\jim\Downloads\Addition.txt 2014-06-22 16:13 - 2014-06-23 06:12 - 00011372 _____ () C:\Users\jim\Downloads\FRST.txt 2014-06-22 16:12 - 2014-06-23 06:12 - 00000000 ____D () C:\FRST 2014-06-22 16:10 - 2014-06-22 16:10 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (4).exe 2014-06-22 16:10 - 2014-06-22 16:10 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (3).exe 2014-06-22 16:10 - 2014-06-22 16:10 - 00024950 _____ () C:\Users\jim\Desktop\download (2).htm 2014-06-22 16:09 - 2014-06-22 16:09 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (2).exe 2014-06-22 16:09 - 2014-06-22 16:09 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (1).exe 2014-06-22 16:08 - 2014-06-22 16:08 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST.exe 2014-06-22 15:59 - 2014-06-22 15:59 - 00000000 ____D () C:\ProgramData\MediaDev 2014-06-22 15:45 - 2014-06-22 15:45 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Desktop\OTL.exe 2014-06-22 14:54 - 2014-06-22 14:54 - 00000000 ____D () C:\Users\jim\Documents\Optimizer Pro 2014-06-22 14:50 - 2014-06-22 14:50 - 00831000 _____ () C:\Users\jim\Downloads\Adobe_Flash_Setup.exe 2014-06-22 14:41 - 2014-06-22 14:42 - 00738840 _____ ( ) C:\Users\jim\Downloads\install_flashplayer.exe 2014-06-22 12:30 - 2014-06-22 12:30 - 00000000 ____D () C:\_OTL 2014-06-22 12:29 - 2014-06-22 12:30 - 00513256 _____ (firseria sl) C:\Users\jim\Downloads\Setup (8).exe 2014-06-22 11:20 - 2014-06-22 11:20 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (7).exe 2014-06-22 10:47 - 2014-06-22 10:48 - 00010144 _____ () C:\Users\jim\Downloads\Result.txt 2014-06-22 10:45 - 2014-06-22 10:45 - 00400384 _____ (Farbar) C:\Users\jim\Downloads\MiniToolBox.exe 2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\ProgramData\UpdateServer 2014-06-22 10:08 - 2014-06-22 10:08 - 00000000 ____D () C:\Windows\ERUNT 2014-06-22 10:07 - 2014-06-22 10:07 - 01016261 _____ (Thisisu) C:\Users\jim\Downloads\JRT.exe 2014-06-22 10:01 - 2014-06-22 10:01 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (5).exe 2014-06-22 09:56 - 2014-06-22 09:56 - 00000000 ____D () C:\Program Files\MSR 2014-06-22 09:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-06-22 09:39 - 2014-06-22 09:53 - 00000000 ____D () C:\AdwCleaner 2014-06-22 09:38 - 2014-06-22 09:38 - 01333465 _____ () C:\Users\jim\Downloads\adwcleaner_3.212 (1).exe 2014-06-22 09:37 - 2014-06-22 09:37 - 01333465 _____ () C:\Users\jim\Downloads\adwcleaner_3.212.exe 2014-06-22 09:24 - 2014-06-22 09:24 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (4).exe 2014-06-22 08:25 - 2014-06-22 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTL (1).exe 2014-06-22 08:15 - 2014-06-22 08:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\jim\Downloads\tdsskiller.exe 2014-06-22 08:03 - 2014-06-22 08:03 - 00071398 _____ (jpshortstuff) C:\Users\jim\Downloads\GooredFix.exe 2014-06-22 07:43 - 2014-06-22 07:43 - 00000000 ____D () C:\_OTM 2014-06-22 07:42 - 2014-06-22 07:42 - 00522240 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTM.exe 2014-06-22 07:34 - 2014-06-22 07:35 - 00000000 ____D () C:\Users\jim\Downloads\erunt 2014-06-22 07:33 - 2014-06-22 07:33 - 00513320 _____ () C:\Users\jim\Downloads\erunt.zip 2014-06-22 07:23 - 2014-06-22 07:23 - 06769280 _____ (SparkTrust) C:\Users\jim\Downloads\SparkTrust PC Cleaner Plus Setup_cba2b9f_.exe 2014-06-21 10:51 - 2014-06-22 08:54 - 00043692 _____ () C:\Users\jim\Downloads\Extras.Txt 2014-06-21 10:46 - 2014-06-22 08:47 - 00066750 _____ () C:\Users\jim\Downloads\OTL.Txt 2014-06-21 10:25 - 2014-06-21 10:25 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTL.exe 2014-06-20 05:52 - 2014-06-20 05:52 - 01057176 _____ (Adobe) C:\Users\jim\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe 2014-06-18 15:32 - 2014-06-18 15:32 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (3).exe 2014-06-18 05:53 - 2014-06-18 05:53 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (2).exe 2014-06-17 16:49 - 2014-06-18 15:23 - 00000000 ____D () C:\Program Files\FLVM Player 2014-06-17 16:46 - 2014-06-17 16:46 - 00512928 _____ (Firseria sl) C:\Users\jim\Downloads\Setup (1).exe 2014-06-17 16:41 - 2014-06-17 16:42 - 00511776 _____ (Firseria sl) C:\Users\jim\Downloads\java.exe 2014-06-17 16:09 - 2014-06-17 16:35 - 00000000 ____D () C:\SUPERDelete 2014-06-17 06:08 - 2014-06-17 06:09 - 00511776 _____ (Firseria sl) C:\Users\jim\Downloads\Setup.exe 2014-06-15 07:46 - 2014-06-15 07:46 - 00000070 _____ () C:\extensions.ini 2014-06-15 07:46 - 2014-06-15 07:46 - 00000000 _____ () C:\extensions.sqlite 2014-06-12 18:09 - 2014-06-12 18:15 - 00000000 ____D () C:\Users\jim\Desktop\06-12-2014 2014-06-12 18:06 - 2014-06-12 18:06 - 00004588 _____ () C:\Users\jim\AppData\Local\installer.log 2014-06-12 17:59 - 2014-06-12 17:59 - 00002114 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk 2014-06-12 17:53 - 2014-06-12 17:53 - 12603960 _____ (Eastman Kodak Company) C:\Users\jim\Downloads\aio_install.exe 2014-06-12 06:19 - 2014-05-30 02:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 06:19 - 2014-05-30 02:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 06:19 - 2014-05-30 02:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 06:19 - 2014-05-30 01:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 06:19 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 06:19 - 2014-05-30 01:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 06:19 - 2014-05-30 01:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 06:19 - 2014-05-30 01:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 06:19 - 2014-05-30 01:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 06:19 - 2014-05-30 01:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 06:19 - 2014-05-30 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 06:19 - 2014-05-30 01:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 06:19 - 2014-05-30 01:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 06:19 - 2014-05-30 01:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 06:19 - 2014-05-30 01:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 06:19 - 2014-05-30 01:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 06:19 - 2014-05-30 01:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 06:19 - 2014-05-30 01:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 06:19 - 2014-05-30 01:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 06:19 - 2014-05-30 00:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 06:19 - 2014-05-30 00:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 06:19 - 2014-05-30 00:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 06:19 - 2014-05-30 00:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 06:19 - 2014-05-30 00:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 06:19 - 2014-05-30 00:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 06:19 - 2014-05-30 00:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 06:19 - 2014-05-30 00:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 06:19 - 2014-05-30 00:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 06:16 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 06:16 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 06:16 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 06:16 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 06:15 - 2014-06-08 01:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-12 06:15 - 2014-06-08 01:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-12 06:15 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 06:15 - 2014-04-04 19:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 06:15 - 2014-04-04 19:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 22:08 - 2014-06-11 22:08 - 00000000 ____D () C:\Windows\Sun 2014-06-11 05:53 - 2014-06-11 05:53 - 00000000 ____D () C:\Users\jim\AppData\Roaming\serv 2014-06-10 00:21 - 2014-06-10 00:24 - 00000000 ____D () C:\Users\jim\Downloads\New folder ==================== One Month Modified Files and Folders ======= 2014-06-23 06:15 - 2014-06-22 16:13 - 00011372 _____ () C:\Users\jim\Downloads\FRST.txt 2014-06-23 06:12 - 2014-06-22 16:12 - 00000000 ____D () C:\FRST 2014-06-23 06:11 - 2014-06-23 06:11 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (6).exe 2014-06-23 06:09 - 2014-05-11 08:04 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-23 06:07 - 2009-07-13 21:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-23 06:07 - 2009-07-13 21:34 - 00020496 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-23 05:58 - 2014-05-11 08:04 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-23 05:58 - 2013-09-14 09:16 - 00000000 ____D () C:\ProgramData\Kodak 2014-06-23 05:58 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-23 05:57 - 2009-07-13 21:39 - 00046985 _____ () C:\Windows\setupact.log 2014-06-23 01:49 - 2013-08-25 20:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-23 01:46 - 2013-08-25 10:08 - 01224531 _____ () C:\Windows\WindowsUpdate.log 2014-06-23 01:01 - 2014-05-04 07:52 - 00000000 ____D () C:\ProgramData\UpdateTask 2014-06-22 23:51 - 2014-06-22 23:51 - 00001588 _____ () C:\Users\jim\Desktop\Continue FLVMPlayer.lnk 2014-06-22 23:49 - 2014-06-22 23:49 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (6).exe 2014-06-22 19:38 - 2014-06-22 19:38 - 00226080 _____ (Premium Installer ) C:\Users\jim\Downloads\Player-Chrome.exe 2014-06-22 17:40 - 2014-06-22 17:40 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (5).exe 2014-06-22 17:40 - 2014-06-22 17:40 - 00019148 _____ () C:\Users\jim\Desktop\download.htm 2014-06-22 16:36 - 2014-05-10 06:26 - 00000000 ____D () C:\Program Files\VideoLAN 2014-06-22 16:27 - 2014-06-22 16:25 - 00013645 _____ () C:\Users\jim\Downloads\Addition.txt 2014-06-22 16:10 - 2014-06-22 16:10 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (4).exe 2014-06-22 16:10 - 2014-06-22 16:10 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (3).exe 2014-06-22 16:10 - 2014-06-22 16:10 - 00024950 _____ () C:\Users\jim\Desktop\download (2).htm 2014-06-22 16:09 - 2014-06-22 16:09 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (2).exe 2014-06-22 16:09 - 2014-06-22 16:09 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST (1).exe 2014-06-22 16:08 - 2014-06-22 16:08 - 01073152 _____ (Farbar) C:\Users\jim\Downloads\FRST.exe 2014-06-22 16:01 - 2010-11-20 14:48 - 00085320 _____ () C:\Windows\PFRO.log 2014-06-22 15:59 - 2014-06-22 15:59 - 00000000 ____D () C:\ProgramData\MediaDev 2014-06-22 15:45 - 2014-06-22 15:45 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Desktop\OTL.exe 2014-06-22 14:55 - 2014-04-26 11:11 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-22 14:54 - 2014-06-22 14:54 - 00000000 ____D () C:\Users\jim\Documents\Optimizer Pro 2014-06-22 14:50 - 2014-06-22 14:50 - 00831000 _____ () C:\Users\jim\Downloads\Adobe_Flash_Setup.exe 2014-06-22 14:42 - 2014-06-22 14:41 - 00738840 _____ ( ) C:\Users\jim\Downloads\install_flashplayer.exe 2014-06-22 12:30 - 2014-06-22 12:30 - 00000000 ____D () C:\_OTL 2014-06-22 12:30 - 2014-06-22 12:29 - 00513256 _____ (firseria sl) C:\Users\jim\Downloads\Setup (8).exe 2014-06-22 11:20 - 2014-06-22 11:20 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (7).exe 2014-06-22 10:48 - 2014-06-22 10:47 - 00010144 _____ () C:\Users\jim\Downloads\Result.txt 2014-06-22 10:45 - 2014-06-22 10:45 - 00400384 _____ (Farbar) C:\Users\jim\Downloads\MiniToolBox.exe 2014-06-22 10:26 - 2014-06-22 10:26 - 00000000 ____D () C:\ProgramData\UpdateServer 2014-06-22 10:26 - 2014-02-27 09:23 - 00000000 ____D () C:\Users\jim\AppData\Roaming\UpdateServ 2014-06-22 10:08 - 2014-06-22 10:08 - 00000000 ____D () C:\Windows\ERUNT 2014-06-22 10:07 - 2014-06-22 10:07 - 01016261 _____ (Thisisu) C:\Users\jim\Downloads\JRT.exe 2014-06-22 10:01 - 2014-06-22 10:01 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (5).exe 2014-06-22 09:56 - 2014-06-22 09:56 - 00000000 ____D () C:\Program Files\MSR 2014-06-22 09:53 - 2014-06-22 09:39 - 00000000 ____D () C:\AdwCleaner 2014-06-22 09:52 - 2013-08-25 13:40 - 00001142 _____ () C:\Users\jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-22 09:38 - 2014-06-22 09:38 - 01333465 _____ () C:\Users\jim\Downloads\adwcleaner_3.212 (1).exe 2014-06-22 09:37 - 2014-06-22 09:37 - 01333465 _____ () C:\Users\jim\Downloads\adwcleaner_3.212.exe 2014-06-22 09:24 - 2014-06-22 09:24 - 00513440 _____ (firseria sl) C:\Users\jim\Downloads\Setup (4).exe 2014-06-22 08:54 - 2014-06-21 10:51 - 00043692 _____ () C:\Users\jim\Downloads\Extras.Txt 2014-06-22 08:47 - 2014-06-21 10:46 - 00066750 _____ () C:\Users\jim\Downloads\OTL.Txt 2014-06-22 08:25 - 2014-06-22 08:25 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTL (1).exe 2014-06-22 08:15 - 2014-06-22 08:15 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\jim\Downloads\tdsskiller.exe 2014-06-22 08:03 - 2014-06-22 08:03 - 00071398 _____ (jpshortstuff) C:\Users\jim\Downloads\GooredFix.exe 2014-06-22 07:43 - 2014-06-22 07:43 - 00000000 ____D () C:\_OTM 2014-06-22 07:42 - 2014-06-22 07:42 - 00522240 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTM.exe 2014-06-22 07:35 - 2014-06-22 07:34 - 00000000 ____D () C:\Users\jim\Downloads\erunt 2014-06-22 07:33 - 2014-06-22 07:33 - 00513320 _____ () C:\Users\jim\Downloads\erunt.zip 2014-06-22 07:23 - 2014-06-22 07:23 - 06769280 _____ (SparkTrust) C:\Users\jim\Downloads\SparkTrust PC Cleaner Plus Setup_cba2b9f_.exe 2014-06-21 10:25 - 2014-06-21 10:25 - 00602112 _____ (OldTimer Tools) C:\Users\jim\Downloads\OTL.exe 2014-06-20 05:59 - 2013-08-25 20:59 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-06-20 05:59 - 2013-08-25 20:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-06-20 05:52 - 2014-06-20 05:52 - 01057176 _____ (Adobe) C:\Users\jim\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe 2014-06-19 22:54 - 2014-04-26 11:19 - 00000000 ____D () C:\temp 2014-06-18 15:32 - 2014-06-18 15:32 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (3).exe 2014-06-18 15:23 - 2014-06-17 16:49 - 00000000 ____D () C:\Program Files\FLVM Player 2014-06-18 15:18 - 2013-11-22 06:51 - 00000000 ____D () C:\Users\jim\AppData\Local\Downloaded Installations 2014-06-18 05:53 - 2014-06-18 05:53 - 00513256 _____ (Firseria s.l.) C:\Users\jim\Downloads\Setup (2).exe 2014-06-17 16:46 - 2014-06-17 16:46 - 00512928 _____ (Firseria sl) C:\Users\jim\Downloads\Setup (1).exe 2014-06-17 16:42 - 2014-06-17 16:41 - 00511776 _____ (Firseria sl) C:\Users\jim\Downloads\java.exe 2014-06-17 16:35 - 2014-06-17 16:09 - 00000000 ____D () C:\SUPERDelete 2014-06-17 06:09 - 2014-06-17 06:08 - 00511776 _____ (Firseria sl) C:\Users\jim\Downloads\Setup.exe 2014-06-17 06:00 - 2013-08-25 20:33 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-06-15 07:46 - 2014-06-15 07:46 - 00000070 _____ () C:\extensions.ini 2014-06-15 07:46 - 2014-06-15 07:46 - 00000000 _____ () C:\extensions.sqlite 2014-06-12 18:15 - 2014-06-12 18:09 - 00000000 ____D () C:\Users\jim\Desktop\06-12-2014 2014-06-12 18:06 - 2014-06-12 18:06 - 00004588 _____ () C:\Users\jim\AppData\Local\installer.log 2014-06-12 18:03 - 2013-12-24 16:19 - 00000230 _____ () C:\Users\jim\AppData\Local\LaunchHomeCenter.log 2014-06-12 18:00 - 2014-02-16 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kodak 2014-06-12 18:00 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-06-12 17:59 - 2014-06-12 17:59 - 00002114 _____ () C:\Users\Public\Desktop\KODAK AiO Home Center.lnk 2014-06-12 17:59 - 2013-09-14 09:30 - 00000000 ____D () C:\Users\jim\AppData\Local\Eastman_Kodak_Company 2014-06-12 17:57 - 2013-09-14 09:15 - 00000000 ____D () C:\Windows\system32\kodak 2014-06-12 17:56 - 2013-09-14 09:23 - 00000000 ____D () C:\Program Files\Kodak 2014-06-12 17:53 - 2014-06-12 17:53 - 12603960 _____ (Eastman Kodak Company) C:\Users\jim\Downloads\aio_install.exe 2014-06-12 17:44 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\rescache 2014-06-12 16:51 - 2014-05-06 06:02 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-12 07:06 - 2013-08-25 10:22 - 00000000 ____D () C:\Users\jim 2014-06-12 07:06 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-06-12 07:06 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\registration 2014-06-12 07:06 - 2009-07-13 19:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-06-12 06:27 - 2013-09-07 07:35 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 06:25 - 2013-09-07 07:34 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 22:08 - 2014-06-11 22:08 - 00000000 ____D () C:\Windows\Sun 2014-06-11 05:53 - 2014-06-11 05:53 - 00000000 ____D () C:\Users\jim\AppData\Roaming\serv 2014-06-10 00:24 - 2014-06-10 00:21 - 00000000 ____D () C:\Users\jim\Downloads\New folder 2014-06-08 01:48 - 2014-06-12 06:15 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 01:43 - 2014-06-12 06:15 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-30 02:18 - 2014-06-12 06:19 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-30 02:02 - 2014-06-12 06:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-30 02:02 - 2014-06-12 06:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-05-30 01:44 - 2014-06-12 06:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-05-30 01:43 - 2014-06-12 06:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-05-30 01:42 - 2014-06-12 06:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-05-30 01:38 - 2014-06-12 06:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-05-30 01:34 - 2014-06-12 06:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-05-30 01:33 - 2014-06-12 06:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-05-30 01:30 - 2014-06-12 06:19 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-05-30 01:28 - 2014-06-12 06:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-05-30 01:28 - 2014-06-12 06:19 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-05-30 01:27 - 2014-06-12 06:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-05-30 01:21 - 2014-06-12 06:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-05-30 01:16 - 2014-06-12 06:19 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-05-30 01:10 - 2014-06-12 06:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-05-30 01:06 - 2014-06-12 06:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-05-30 01:04 - 2014-06-12 06:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-05-30 01:02 - 2014-06-12 06:19 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-05-30 00:57 - 2014-06-12 06:19 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-05-30 00:56 - 2014-06-12 06:19 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-05-30 00:54 - 2014-06-12 06:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-05-30 00:50 - 2014-06-12 06:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-05-30 00:49 - 2014-06-12 06:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-05-30 00:40 - 2014-06-12 06:19 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-05-30 00:21 - 2014-06-12 06:19 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-05-30 00:15 - 2014-06-12 06:19 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-05-30 00:13 - 2014-06-12 06:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-05-26 18:20 - 2009-07-13 21:53 - 00032584 _____ () C:\Windows\Tasks\SCHEDLGU.TXT ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 09:00 ==================== End Of Log ============================

#32
jimbo1949

Posted 23 June 2014 - 07:37 AM

Member

Topic Starter
Member
53 posts

#33
jimbo1949

Posted 23 June 2014 - 07:39 AM

Member

Topic Starter
Member
53 posts

I redid the scan and it will not do word wrap

#34
zep516

Posted 23 June 2014 - 07:53 AM

Trusted Helper

Malware Removal
8,090 posts

OK,

Lets use OTL

instead and do a Quick scan with that program and post the log.

#35
jimbo1949

Posted 23 June 2014 - 05:52 PM

Member

Topic Starter
Member
53 posts

OTL logfile created on: 6/23/2014 4:07:46 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 54.54% Memory free
3.98 Gb Paging File | 2.60 Gb Available in Paging File | 65.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 432.72 Gb Free Space | 92.91% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/23 16:06:49 | 000,293,208 | ---- | M] (Setup Aplications) -- C:\Users\jim\AppData\Local\Temp\n8117\s8117.exe
PRC - [2014/06/23 16:06:20 | 000,513,256 | ---- | M] (Firseria s.l.) -- C:\Users\jim\Downloads\Setup (10).exe
PRC - [2014/06/23 15:29:24 | 000,293,208 | ---- | M] (Setup Aplications) -- C:\Users\jim\AppData\Local\Temp\n786\s786.exe
PRC - [2014/06/23 15:29:12 | 000,513,256 | ---- | M] (Firseria s.l.) -- C:\Users\jim\Downloads\Setup (9).exe
PRC - [2014/06/23 14:38:21 | 000,370,176 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\MSR\Privoxy\privoxy.exe
PRC - [2014/06/23 01:01:59 | 000,339,456 | ---- | M] () -- C:\ProgramData\UpdateTask\vmhost.exe
PRC - [2014/06/22 15:59:40 | 000,366,952 | ---- | M] (VM Host Corporation) -- C:\ProgramData\MediaDev\1403477976\mediadev.exe
PRC - [2014/06/22 10:26:37 | 000,389,992 | ---- | M] (VM Host Corporation) -- C:\ProgramData\UpdateServer\1403457996\webdev.exe
PRC - [2014/06/22 08:25:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Downloads\OTL (1).exe
PRC - [2014/06/05 06:58:39 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/25 20:39:45 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

========== Modules (No Company Name) ==========

MOD - [2014/06/23 01:01:59 | 000,339,456 | ---- | M] () -- C:\ProgramData\UpdateTask\vmhost.exe
MOD - [2014/06/05 06:58:38 | 000,414,536 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppgooglenaclpluginchrome.dll
MOD - [2014/06/05 06:58:36 | 004,217,672 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
MOD - [2014/06/05 06:58:32 | 000,716,616 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
MOD - [2014/06/05 06:58:31 | 000,126,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\libegl.dll
MOD - [2014/06/05 06:58:30 | 001,732,424 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
MOD - [2014/05/17 17:06:49 | 002,404,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\596140a3921ac96353517d92a9f46925\System.Web.Extensions.ni.dll
MOD - [2014/05/17 09:57:40 | 000,141,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5d4937df67333206a096b29d28fb4ea3\System.Web.Abstractions.ni.dll
MOD - [2014/05/15 05:36:31 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\70dbdd46969daf2bea2443c75b7629d4\System.Web.ni.dll
MOD - [2014/02/28 11:26:00 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\868ad9d8acc0bf80a973c0e4e9cae4fa\System.Core.ni.dll
MOD - [2014/02/28 11:25:53 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\4412bbbb473c356b5ea3e1ea13b25f52\System.Management.ni.dll
MOD - [2014/02/27 22:13:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/27 22:12:53 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/27 22:12:48 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\4f5069e6497e5e6a381ab6aadf05d6a5\Accessibility.ni.dll
MOD - [2014/02/27 22:12:43 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/27 22:12:35 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5b6ddf934128d538cd5cd77bf4209b93\System.Configuration.ni.dll
MOD - [2014/02/27 22:12:00 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/27 22:09:58 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/08/25 20:47:56 | 008,013,664 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll

========== Services (SafeList) ==========

SRV - [2014/06/22 15:59:40 | 000,366,952 | ---- | M] (VM Host Corporation) [Auto | Running] -- C:\ProgramData\MediaDev\1403477976\mediadev.exe -- (MediaDevSrv)
SRV - [2014/06/22 10:26:37 | 000,389,992 | ---- | M] (VM Host Corporation) [Auto | Running] -- C:\ProgramData\UpdateServer\1403457996\webdev.exe -- (WinDevSvc)
SRV - [2014/06/20 05:59:28 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/30 01:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/02 03:11:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\qknfd.sys -- (qknfd)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...91&ir= IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE8SRC IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...91&ir= IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ceid=ie7 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...91&ir= IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D4 2C 0A 0C A2 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE11SR IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...91&ir= IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...nUS550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.search.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Speedial = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Play Books = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Google Wallet = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/06/22 12:39:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [cdloader] C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB4A89B-534C-4591-BA56-1ACFB14EF603}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell - "" = AutoRun
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/22 16:12:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/22 15:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaDev
[2014/06/22 14:54:37 | 000,000,000 | ---D | C] -- C:\Users\jim\Documents\Optimizer Pro
[2014/06/22 12:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/22 10:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\UpdateServer
[2014/06/22 10:08:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 09:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSR
[2014/06/22 09:50:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/22 09:39:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/22 07:43:42 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/06/17 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\FLVM Player
[2014/06/17 16:09:37 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/15 07:46:13 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/06/12 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\jim\Desktop\06-12-2014
[2014/06/11 22:08:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/11 05:53:53 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\serv

========== Files - Modified Within 30 Days ==========

[2014/06/23 16:09:26 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/23 16:08:22 | 000,001,595 | ---- | M] () -- C:\Users\jim\Desktop\Continue FLVMPlayer.lnk
[2014/06/23 15:49:17 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/23 14:52:54 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 14:52:54 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 14:38:16 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/23 14:38:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/23 14:38:00 | 1602,404,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/22 12:39:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/15 07:46:26 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk

========== Files Created - No Company Name ==========

[2014/06/23 15:32:01 | 000,001,595 | ---- | C] () -- C:\Users\jim\Desktop\Continue FLVMPlayer.lnk
[2014/06/15 07:46:26 | 000,000,070 | ---- | C] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2014/05/04 08:02:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/09 11:19:55 | 000,007,597 | ---- | C] () -- C:\Users\jim\AppData\Local\Resmon.ResmonCfg
[2013/12/07 11:04:36 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/11/16 14:26:38 | 000,087,552 | R--- | C] () -- C:\Users\jim\AppData\Roaming\Other.res
[2013/08/25 20:45:10 | 000,000,258 | RHS- | C] () -- C:\Users\jim\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/01/26 09:47:54 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2014/05/10 06:55:50 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\IDM2
[2014/05/11 08:41:40 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\mjusbsp
[2014/06/11 05:53:53 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\serv
[2013/09/14 09:21:42 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Temp
[2014/06/22 10:26:41 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\UpdateServ
[2014/04/05 10:07:25 | 000,000,000 | ---D | M] -- C:\Users\jim\AppData\Roaming\Visan

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

#36
zep516

Posted 23 June 2014 - 06:38 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

First

Lets try resetting chrome browser, take you time read all the instructions and follow through,
Please follow these instructions here to reset chrome.

Next
We need to do a fix to delete some files using OTL

Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.

Under the Custom Scans/Fixes box at the bottom, paste in the following

:COMMANDS
[CREATERESTOREPOINT]

:OTL
SRV - [2014/06/22 15:59:40 | 000,366,952 | ---- | M] (VM Host Corporation) [Auto | Running] -- C:\ProgramData\MediaDev\1403477976\mediadev.exe -- (MediaDevSrv)
SRV - [2014/06/22 10:26:37 | 000,389,992 | ---- | M] (VM Host Corporation) [Auto | Running] -- C:\ProgramData\UpdateServer\1403457996\webdev.exe -- (WinDevSvc)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...91&ir=<br />
IE - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...91&ir=<br />
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://speedial.com/...91&ir=<br />
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...91&ir=<br />
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118
[2014/06/22 15:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\MediaDev
[2014/06/22 14:54:37 | 000,000,000 | ---D | C] -- C:\Users\jim\Documents\Optimizer Pro
[2014/06/22 10:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\UpdateServer

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]

Make sure all other windows are closed.
Click the Run Fix button at the top
Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
Post the log that is found in C:\_OTL\Moved Files in your next reply.
Open OTL again and click the Quick Scan button.

In you next reply:

1-Post the OTL Fix log
2-Post a New OTL after Quick scan
3-Do not download any programs as we work.

Thanks
Joe

#37
jimbo1949

Posted 23 June 2014 - 07:40 PM

Member

Topic Starter
Member
53 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service MediaDevSrv stopped successfully!
Service MediaDevSrv deleted successfully!
C:\ProgramData\MediaDev\1403477976\mediadev.exe moved successfully.
Service WinDevSvc stopped successfully!
Service WinDevSvc deleted successfully!
C:\ProgramData\UpdateServer\1403457996\webdev.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31090377-0740-419E-BEFC-A56E50500D5B}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
C:\ProgramData\MediaDev\1403477976 folder moved successfully.
C:\ProgramData\MediaDev folder moved successfully.
C:\Users\jim\Documents\Optimizer Pro folder moved successfully.
C:\ProgramData\UpdateServer\1403457996 folder moved successfully.
C:\ProgramData\UpdateServer folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\jim\Downloads\cmd.bat deleted successfully.
C:\Users\jim\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: jim
->Temp folder emptied: 953753 bytes
->Temporary Internet Files folder emptied: 245953828 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 81876002 bytes
->Flash cache emptied: 20361 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5802 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 314.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06232014_180836

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#38
jimbo1949

Posted 23 June 2014 - 08:13 PM

Member

Topic Starter
Member
53 posts

OTL logfile created on: 6/23/2014 6:41:07 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jim\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.18% Memory free
3.98 Gb Paging File | 3.33 Gb Available in Paging File | 83.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 434.25 Gb Free Space | 93.24% Space Free | Partition Type: NTFS

Computer Name: JIM-PC | User Name: jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/23 18:37:12 | 000,370,176 | ---- | M] (The Privoxy team - www.privoxy.org) -- C:\Program Files\MSR\Privoxy\privoxy.exe
PRC - [2014/06/22 08:25:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jim\Downloads\OTL (1).exe
PRC - [2014/05/11 08:04:26 | 000,263,048 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
PRC - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe
PRC - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/25 20:39:45 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
PRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/09/02 16:23:28 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/07/13 18:14:44 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wermgr.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2014/06/20 05:59:28 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/30 01:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/04/23 18:52:18 | 000,016,384 | ---- | M] () [Auto | Running] -- C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe -- (System Update kb70007)
SRV - [2013/12/20 23:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/02 03:11:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/23 13:11:42 | 000,119,056 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2013/03/15 15:07:56 | 000,395,640 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2013/01/15 13:07:42 | 000,780,152 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe -- (Kodak AiO Status Monitor Service)
SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- system32\drivers\qknfd.sys -- (qknfd)
DRV - [2011/07/22 09:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 14:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/20 14:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 14:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ceid=ie7 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 D4 2C 0A 0C A2 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {31090377-0740-419E-BEFC-A56E50500D5B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...IE11SR IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...nUS550 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

File not found (No name found) -- C:\PROGRAM FILES\AMIEXT\FLASHENHANCER\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://google.search.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Speedial = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.26_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Play Books = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb\1.1.9_0\
CHR - Extension: Google Wallet = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Gmail = C:\Users\jim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2014/06/22 12:39:00 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [EKStatusMonitor] C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe (Eastman Kodak Company)
O4 - HKCU..\Run: [cdloader] C:\Users\jim\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7AB4A89B-534C-4591-BA56-1ACFB14EF603}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell - "" = AutoRun
O33 - MountPoints2\{4b326da4-6d86-11e3-8015-001cc0703165}\Shell\AutoRun\command - "" = E:\ToolLauncher-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/06/22 16:12:20 | 000,000,000 | ---D | C] -- C:\FRST
[2014/06/22 12:30:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/06/22 10:08:44 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/22 09:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSR
[2014/06/22 09:50:03 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/22 09:39:12 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/22 07:43:42 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/06/17 16:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\FLVM Player
[2014/06/17 16:09:37 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/06/15 07:46:13 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft
[2014/06/12 18:09:40 | 000,000,000 | ---D | C] -- C:\Users\jim\Desktop\06-12-2014
[2014/06/12 06:19:46 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/06/12 06:19:45 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/06/12 06:19:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/06/12 06:19:42 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/06/12 06:19:39 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/06/12 06:19:39 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/06/12 06:19:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/06/12 06:19:38 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/06/12 06:19:38 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/06/12 06:19:37 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/06/12 06:19:33 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/06/12 06:19:32 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/06/12 06:19:31 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/06/12 06:19:30 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/06/12 06:19:28 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/06/12 06:19:28 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/06/12 06:19:22 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/06/12 06:19:20 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/06/12 06:19:11 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/06/12 06:19:08 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/06/12 06:19:01 | 004,244,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/06/12 06:16:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll
[2014/06/12 06:16:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll
[2014/06/12 06:15:40 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2014/06/12 06:15:27 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/12 06:15:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/06/11 22:08:22 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/06/11 05:53:53 | 000,000,000 | ---D | C] -- C:\Users\jim\AppData\Roaming\serv

========== Files - Modified Within 30 Days ==========

[2014/06/23 18:37:31 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/23 18:36:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/23 18:36:54 | 1602,404,352 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/23 18:09:20 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/23 17:49:33 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/23 17:04:34 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 17:04:34 | 000,020,496 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/23 16:08:22 | 000,001,595 | ---- | M] () -- C:\Users\jim\Desktop\Continue FLVMPlayer.lnk
[2014/06/22 12:39:00 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2014/06/20 05:59:25 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/06/20 05:59:25 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/06/15 07:46:26 | 000,000,070 | ---- | M] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | M] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2014/06/08 01:48:16 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014/06/08 01:43:43 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014/05/30 02:02:39 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/30 02:02:03 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/05/30 01:43:06 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/05/30 01:42:16 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/05/30 01:34:17 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/05/30 01:33:48 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/05/30 01:30:43 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/05/30 01:28:33 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/05/30 01:28:30 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/05/30 01:27:56 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/05/30 01:21:36 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/05/30 01:16:26 | 000,368,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/05/30 01:10:46 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/05/30 01:06:06 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/05/30 01:02:32 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/05/30 00:57:16 | 000,595,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/05/30 00:56:50 | 004,244,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/05/30 00:54:14 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/05/30 00:50:09 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/05/30 00:49:38 | 001,964,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/05/30 00:13:47 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

========== Files Created - No Company Name ==========

[2014/06/23 15:32:01 | 000,001,595 | ---- | C] () -- C:\Users\jim\Desktop\Continue FLVMPlayer.lnk
[2014/06/15 07:46:26 | 000,000,070 | ---- | C] () -- C:\extensions.ini
[2014/06/15 07:46:26 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2014/06/12 17:59:21 | 000,002,114 | ---- | C] () -- C:\Users\Public\Desktop\KODAK AiO Home Center.lnk
[2014/05/04 08:02:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/09 11:19:55 | 000,007,597 | ---- | C] () -- C:\Users\jim\AppData\Local\Resmon.ResmonCfg
[2013/12/07 11:04:36 | 000,000,307 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/11/16 14:26:38 | 000,087,552 | R--- | C] () -- C:\Users\jim\AppData\Roaming\Other.res
[2013/08/25 20:45:10 | 000,000,258 | RHS- | C] () -- C:\Users\jim\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

#39
zep516

Posted 23 June 2014 - 08:33 PM

Trusted Helper

Malware Removal
8,090 posts

Hi Jim,

I want you to remove a Chrome - Extension: Speedial

Click the Chrome menu Chrome menu button on the browser toolbar, select Tools and then click on Extensions.

In the Extensions tab, remove Speedial by clicking on the Recycle Bin at the end of the row.

See here--> https://support.goog...er/113907?hl=en

Tell me when that is done.

Joe

#40
jimbo1949

Posted 23 June 2014 - 08:43 PM

Member

Topic Starter
Member
53 posts

done

#41
zep516

Posted 23 June 2014 - 08:49 PM

Trusted Helper

Malware Removal
8,090 posts

Jim,

This scan could take a while and I need to get off the computer. I'll check the results Tomorrow for you.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go >>HERE<< then click on:

Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the icon to install.

All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic.
Now click on:
(Selecting Uninstall application on close if you so wish)

Post the ESET Log report next reply.

Joe

#42
jimbo1949

Posted 24 June 2014 - 06:25 PM

Member

Topic Starter
Member
53 posts

I'm doing another scan my wife turn it off twice

#43
zep516

Posted 24 June 2014 - 06:29 PM

Trusted Helper

Malware Removal
8,090 posts

Hello jim,

Standing by

Joe

#44
jimbo1949

Posted 25 June 2014 - 07:08 AM

Member

Topic Starter
Member
53 posts

C:\AdwCleaner\Quarantine\C\Program Files\MSR\backup\System Update kb70007\Installer.dll.vir a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MSR\backup\System Update kb70007\InstallerLibrary.dll.vir a variant of MSIL/Adware.Proxomoto.E application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\Program Files\MSR\backup\System Update kb70007\WindowsUpdater.exe.vir a variant of MSIL/Adware.Proxomoto.F application cleaned by deleting - quarantined C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir a variant of Win32/ELEX.AD potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{761C8E16-8E8A-43A4-97EA-5F19042004D7}\RP189\A0023314.exe a variant of Win32/InstallBrain potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{761C8E16-8E8A-43A4-97EA-5F19042004D7}\RP193\A0024861.dll a variant of Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined C:\System Volume Information\_restore{761C8E16-8E8A-43A4-97EA-5F19042004D7}\RP193\A0024863.exe a variant of Win32/Toolbar.Zugo potentially unwanted application deleted - quarantined C:\temp\embededstub_new2.exe a variant of Win32/Conduit.SearchProtect.N potentially unwanted application deleted - quarantined C:\temp\t.msi a variant of Win32/AdWare.Adpeak.I application deleted - quarantined C:\Users\jim\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined C:\Users\jim\AppData\Local\Downloaded Installations\{BF3589D3-BF62-48FE-9405-C2FB81574783}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined C:\Users\jim\AppData\Local\Temp\n719\s719.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\Users\jim\AppData\Roaming\Other.res a variant of Win32/Kryptik.BPRR trojan cleaned by deleting - quarantined C:\Users\jim\AppData\Roaming\UpdateServ\ClickAndMark_2040-5250.exe a variant of Win32/AdWare.AddLyrics.AM application cleaned by deleting - quarantined C:\Users\jim\Downloads\install_flashplayer.exe a variant of Win32/Injected.F trojan cleaned by deleting - quarantined C:\Users\jim\Downloads\java.exe a variant of Win32/FirseriaInstaller.K potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Player-Chrome.exe a variant of Win32/AdWare.iBryte.AK application cleaned by deleting - quarantined C:\Users\jim\Downloads\Setup (1).exe a variant of Win32/FirseriaInstaller.K potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (10).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (11).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (2).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (3).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (4).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (5).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (6).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (7).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (8).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup (9).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\Users\jim\Downloads\Setup.exe a variant of Win32/FirseriaInstaller.K potentially unwanted application deleted - quarantined C:\Windows\Installer\dd2d1.msi multiple threats deleted - quarantined C:\Windows\Installer\MSI6220.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined C:\Windows\Installer\MSI68B4.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined C:\Windows\Installer\MSI9BB9.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application deleted - quarantined C:\Windows\Microsoft\System Update kb70007\Installer.dll a variant of MSIL/Adware.Proxomoto.A application cleaned by deleting (after the next restart) - quarantined C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll a variant of MSIL/Adware.Proxomoto.E application cleaned by deleting (after the next restart) - quarantined C:\Windows\Microsoft\System Update kb70007\WindowsUpdater.exe a variant of MSIL/Adware.Proxomoto.F application cleaned by deleting (after the next restart) - quarantined C:\_OTL\MovedFiles\06222014_123018\C_Program Files\pcmax\pcmax.exe a variant of Win32/Conduit.SearchProtect.O potentially unwanted application deleted - quarantined C:\_OTL\MovedFiles\06222014_123018\C_Users\jim\AppData\Local\Temp\n8\s8.exe a variant of MSIL/Solimba.AC potentially unwanted application deleted - quarantined C:\_OTL\MovedFiles\06222014_123018\C_Users\jim\Downloads\Setup (6).exe a variant of Win32/FirseriaInstaller.L potentially unwanted application deleted - quarantined C:\_OTL\MovedFiles\06222014_154751\C_ProgramData\MediaDev\1399215444\mediadev.exe a variant of Win32/SquareNet.A potentially unwanted application deleted - quarantined C:\_OTL\MovedFiles\06232014_180836\C_ProgramData\MediaDev\1403477976\mediadev.exe a variant of Win32/SquareNet.A potentially unwanted application deleted - quarantined C:\_OTL\MovedFiles\06232014_180836\C_ProgramData\UpdateServer\1403457996\webdev.exe a variant of Win32/SquareNet.A potentially unwanted application deleted - quarantined