Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

IDVault.exe - Bad Image [Closed]


  • This topic is locked This topic is locked

#1
willie242

willie242

    New Member

  • Member
  • Pip
  • 1 posts

I have a PC that will connect to the rounter that other devices access just fine, but I can not get to the internet on just this PC.  I keep getting this error over and over.  IDVault.exe - Bad Image  C:\Windows\system32\SecureAssit.dll is either not designed to run on Windows or it contains an error.  Try installing the program again using the original installation media or contact your adminstrator or the software vendor for support.

I have purchased Malwarebytes Anti-Malware and ran it with no success.

 

Here is the log file from the OTL report, any help would be greatly appreciated:

 

OTL logfile created on: 6/24/2014 8:43:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Moms Desktop\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.48 Gb Total Physical Memory | 5.98 Gb Available Physical Memory | 80.01% Memory free
14.96 Gb Paging File | 13.15 Gb Available in Paging File | 87.92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.60 Gb Total Space | 569.29 Gb Free Space | 62.24% Space Free | Partition Type: NTFS
Drive D: | 16.82 Gb Total Space | 2.10 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive G: | 7.52 Gb Total Space | 6.56 Gb Free Space | 87.33% Space Free | Partition Type: FAT32
 
Computer Name: MOMSDESKTOP-HP | User Name: Moms Desktop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/24 20:41:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moms Desktop\Desktop\OTL.exe
PRC - [2014/06/24 20:39:32 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2014/05/23 18:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
PRC - [2014/05/12 08:18:00 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 08:17:54 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/28 16:32:48 | 000,041,024 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
PRC - [2014/04/28 16:32:46 | 002,546,752 | ---- | M] (White Sky, Inc.) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
PRC - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/08/16 17:03:24 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/26 16:11:14 | 002,868,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\9b7a5ab89ab75ec85de0cedebfde4c5f\ReachFramework.ni.dll
MOD - [2014/02/25 22:08:43 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll
MOD - [2014/02/25 22:08:37 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll
MOD - [2014/02/25 22:08:34 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/02/25 22:08:27 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll
MOD - [2014/02/25 22:08:26 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/02/25 22:08:23 | 002,825,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll
MOD - [2014/02/25 22:08:22 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/02/25 22:08:22 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/02/25 22:08:19 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll
MOD - [2014/02/25 22:08:17 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll
MOD - [2014/02/25 22:08:16 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/02/25 22:08:10 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SupraSavings\SecureAssist.exe -- (SecureAssist)
SRV:64bit: - [2014/06/14 12:47:38 | 000,706,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\003\nuttkoqiez64.exe -- (nuttkoqiez64)
SRV:64bit: - [2014/05/30 05:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/09/26 05:46:50 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/05/23 18:20:17 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe -- (N360)
SRV - [2014/05/17 09:03:34 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/05/14 18:24:21 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 08:18:02 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 08:18:00 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/28 16:32:48 | 000,041,024 | ---- | M] (White Sky, Inc.) [Auto | Running] -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe -- (IDVaultSvc)
SRV - [2013/12/21 02:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 19:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 09:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/08/16 17:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 12:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/24 20:03:03 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/06/12 13:15:52 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2014/06/12 13:15:52 | 000,075,016 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2014/05/15 06:45:52 | 000,049,752 | ---- | M] (Zemana Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AntiLog64.sys -- (AntiLog32)
DRV:64bit: - [2014/05/12 08:19:28 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 08:19:16 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/03/04 00:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 21:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 21:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/12/31 10:43:26 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2013/12/31 10:43:25 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2013/11/27 17:53:23 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/09/26 22:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 22:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 22:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 21:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/24 11:25:24 | 000,025,056 | ---- | M] (Zemana Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KeyCrypt64.sys -- (keycrypt)
DRV:64bit: - [2013/05/13 16:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2013/05/13 16:36:06 | 000,029,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2013/05/06 09:32:28 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/11/28 09:32:50 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/05/04 17:15:56 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/04 17:15:56 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/26 05:47:17 | 000,310,784 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/26 05:47:14 | 010,203,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/14 06:35:45 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/03 23:38:37 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/03 10:37:50 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/08/03 10:37:48 | 000,078,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/06/10 22:24:52 | 000,486,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/06/10 22:24:52 | 000,142,128 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/05/09 21:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140606.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/03/26 18:04:59 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140618.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...LION&pf=desktop
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...LION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...trol21220_sp_ie
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{06DD694F-FA98-491A-A67E-2E163D788560}: "URL" = http://search.yahoo....E7DefaultSearch
IE - HKCU\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...or={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://start.mysearc...r=1664580624=
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7HPIA
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.xfinit...&q={searchTerms}
IE - HKCU\..\SearchScopes\{8F97F7AC-E9DA-415A-8588-80E2035F5574}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{BEFEBB59-F171-4064-806E-1346A6AB6080}: "URL" = http://www.google.co...ie7&rlz=1I7HPIA
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80116&lng=en
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:30.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_2j.com: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin [2014/06/24 19:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/24 20:02:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/06/24 19:30:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/05/25 10:27:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Moms Desktop\AppData\Roaming\mozilla\Extensions
[2014/06/18 09:09:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/06/18 09:09:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/05/11 21:54:28 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Toolbar BHO) - {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Assistant BHO) - {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll ()
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.425.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Recipe Hub) - {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Recipe Hub) - {CF51DE5B-EB36-4114-BB69-84DF63FBADB4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\SecureAssist.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\SecureAssist.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\SecureAssist.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\SecureAssist.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\SecureAssist.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D54E8F2-5017-4942-92BE-BA1E501F3CE0}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D54E8F2-5017-4942-92BE-BA1E501F3CE0}: NameServer = 75.75.75.75,75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL) - C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(1).dll (Zemana Ltd.)
O20 - AppInit_DLLs: (c:\progra~2\keycry~1\keycry~3.dll) - c:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(1).dll (Zemana Ltd.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/10 13:10:52 | 000,000,215 | R--- | M] () - G:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/24 20:42:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Moms Desktop\Desktop\OTL.exe
[2014/06/24 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Roaming\Opera
[2014/06/24 20:39:05 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Local\Opera
[2014/06/24 20:39:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2014/06/24 20:33:34 | 010,307,952 | ---- | C] (Opera Software ASA) -- C:\Users\Moms Desktop\Opera_1151_int_Setup.exe
[2014/06/24 20:11:35 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Desktop\Old Firefox Data
[2014/06/24 19:50:12 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/24 19:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/24 19:50:04 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/06/24 19:50:04 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/06/24 19:50:04 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/06/24 19:25:10 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Local\ElevatedDiagnostics
[2014/06/24 12:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/06/24 12:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/23 08:07:35 | 000,000,000 | ---D | C] -- C:\NPE
[2014/06/22 11:00:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CraftEdge
[2014/06/22 11:00:19 | 000,000,000 | ---D | C] -- C:\ProgramData\CraftEdge
[2014/06/22 11:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Craft Edge
[2014/06/14 12:49:48 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
[2014/06/14 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupraSavings
[2014/06/14 12:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\003
[2014/06/14 12:31:43 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Local\Make The Cut! Premium
[2014/06/14 12:31:39 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Local\Make The Cut! Library
[2014/06/12 13:20:59 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/06/12 13:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Provocraft
[2014/06/12 13:16:15 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\AppData\Roaming\com.cricut.Cricut-CraftRoom
[2014/06/12 13:16:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cricut-Craft Room
[2014/06/12 13:15:52 | 000,256,392 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftd2xx.dll
[2014/06/12 13:15:52 | 000,218,504 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysWow64\ftd2xx.dll
[2014/06/12 13:15:52 | 000,214,920 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\FTLang.dll
[2014/06/12 13:15:52 | 000,108,936 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftbusui.dll
[2014/06/12 13:15:52 | 000,085,384 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\drivers\ftser2k.sys
[2014/06/12 13:15:52 | 000,075,016 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\drivers\ftdibus.sys
[2014/06/12 13:15:52 | 000,065,416 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftcserco.dll
[2014/06/12 13:15:52 | 000,055,176 | ---- | C] (FTDI Ltd.) -- C:\Windows\SysNative\ftserui2.dll
[2014/06/11 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Documents\Troop 177
[2014/06/08 13:05:21 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Documents\Cricut
[2014/06/01 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Documents\Optimizer Pro
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/24 20:41:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Moms Desktop\Desktop\OTL.exe
[2014/06/24 20:39:04 | 000,001,831 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/06/24 20:33:49 | 010,307,952 | ---- | M] (Opera Software ASA) -- C:\Users\Moms Desktop\Opera_1151_int_Setup.exe
[2014/06/24 20:24:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/24 20:22:54 | 000,786,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/24 20:22:54 | 000,665,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/24 20:22:54 | 000,123,134 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/24 20:10:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/24 20:10:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/24 20:06:53 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/24 20:03:03 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/24 20:02:43 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/24 20:02:25 | 000,003,132 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-3.job
[2014/06/24 20:02:25 | 000,002,140 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-4.job
[2014/06/24 20:02:25 | 000,001,502 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-5.job
[2014/06/24 20:02:25 | 000,001,404 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-1.job
[2014/06/24 20:02:25 | 000,001,380 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-2.job
[2014/06/24 20:02:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/24 20:02:11 | 1727,471,615 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/24 19:50:08 | 000,001,104 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/24 19:33:44 | 000,000,000 | ---- | M] () -- C:\Users\Moms Desktop\AppData\Local\{DB9658D7-4A72-4BD7-92D6-AE14C5C8BADF}
[2014/06/17 04:30:53 | 000,039,538 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\VT20140617.006
[2014/06/16 12:08:41 | 000,066,053 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\dragonfly cover.jpg
[2014/06/14 12:54:35 | 000,000,000 | ---- | M] () -- C:\END
[2014/06/14 12:49:17 | 000,002,536 | ---- | M] () -- C:\Windows\SysWow64\SecureAssistOff.ini
[2014/06/14 12:49:17 | 000,002,536 | ---- | M] () -- C:\Windows\SysNative\SecureAssistOff.ini
[2014/06/12 13:20:57 | 002,074,570 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1503000.00C\Cat.DB
[2014/06/12 13:16:12 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk
[2014/06/12 13:15:52 | 000,256,392 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ftd2xx.dll
[2014/06/12 13:15:52 | 000,218,504 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysWow64\ftd2xx.dll
[2014/06/12 13:15:52 | 000,214,920 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\FTLang.dll
[2014/06/12 13:15:52 | 000,108,936 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ftbusui.dll
[2014/06/12 13:15:52 | 000,085,384 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\drivers\ftser2k.sys
[2014/06/12 13:15:52 | 000,075,016 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\drivers\ftdibus.sys
[2014/06/12 13:15:52 | 000,065,416 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ftcserco.dll
[2014/06/12 13:15:52 | 000,055,176 | ---- | M] (FTDI Ltd.) -- C:\Windows\SysNative\ftserui2.dll
[2014/06/05 15:00:27 | 000,002,442 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/06/03 10:54:23 | 000,017,393 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\purple dragonfly.jpg
[2014/06/02 11:43:34 | 000,565,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/06/01 09:15:40 | 000,045,091 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\no regrets.jpg
[2014/06/01 09:15:22 | 000,098,879 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\I am blessed.jpg
[2014/06/01 09:14:52 | 000,127,118 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\spend time.jpg
[2014/06/01 09:14:42 | 000,024,386 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\phone down.jpg
[2014/06/01 09:14:13 | 000,034,986 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\love me.jpg
[2014/06/01 09:14:02 | 000,120,613 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\thinking.jpg
[2014/06/01 09:13:25 | 000,030,859 | ---- | M] () -- C:\Users\Moms Desktop\Desktop\take care.jpg
 
========== Files Created - No Company Name ==========
 
[2014/06/24 20:39:33 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 11.51 1087.lnk
[2014/06/24 20:39:04 | 000,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014/06/24 20:39:04 | 000,001,831 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014/06/24 19:50:08 | 000,001,104 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/06/24 19:33:44 | 000,000,000 | ---- | C] () -- C:\Users\Moms Desktop\AppData\Local\{DB9658D7-4A72-4BD7-92D6-AE14C5C8BADF}
[2014/06/16 12:08:56 | 000,066,053 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\dragonfly cover.jpg
[2014/06/14 12:54:29 | 000,000,000 | ---- | C] () -- C:\END
[2014/06/14 12:49:32 | 000,295,080 | ---- | C] () -- C:\Windows\SysWow64\SecureAssist.dll
[2014/06/12 13:16:12 | 000,000,975 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cricut-Craft Room.lnk
[2014/06/12 13:16:12 | 000,000,963 | ---- | C] () -- C:\Users\Public\Desktop\Cricut-Craft Room.lnk
[2014/06/03 10:54:34 | 000,017,393 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\purple dragonfly.jpg
[2014/06/01 09:15:45 | 000,045,091 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\no regrets.jpg
[2014/06/01 09:15:27 | 000,098,879 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\I am blessed.jpg
[2014/06/01 09:14:55 | 000,127,118 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\spend time.jpg
[2014/06/01 09:14:46 | 000,024,386 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\phone down.jpg
[2014/06/01 09:14:16 | 000,034,986 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\love me.jpg
[2014/06/01 09:14:06 | 000,120,613 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\thinking.jpg
[2014/06/01 09:13:37 | 000,030,859 | ---- | C] () -- C:\Users\Moms Desktop\Desktop\take care.jpg
[2014/04/23 15:50:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/03/21 12:27:16 | 000,005,696 | ---- | C] () -- C:\Windows\SysWow64\SecureAssist.ini
[2014/03/21 12:27:16 | 000,002,536 | ---- | C] () -- C:\Windows\SysWow64\SecureAssistOff.ini
[2013/03/17 16:03:13 | 000,000,004 | ---- | C] () -- C:\Users\Moms Desktop\AppData\Local\pcdit.dat
[2013/02/03 15:41:47 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/08/14 20:42:14 | 000,056,912 | ---- | C] () -- C:\Users\Moms Desktop\g2mdlhlpx.exe
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 22:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 22:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/17 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Alibre Design
[2013/03/17 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Alibre, Inc
[2014/06/24 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\BabSolution
[2013/08/28 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Babylon
[2014/06/12 13:46:19 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\com.cricut.Cricut-CraftRoom
[2013/05/18 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\DriverCure
[2014/06/24 20:40:17 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\ID Vault
[2014/06/24 20:39:05 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Opera
[2013/05/18 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\ParetoLogic
[2013/01/01 19:25:00 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\SoftGrid Client
[2012/12/28 11:57:21 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\TP
[2012/12/28 11:54:27 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 

< End of report >

Attached Files

  • Attached File  OTL.Txt   107.65KB   42 downloads

  • 0

Advertisements


#2
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Greetings,

Welcome to Geeks to Go--the friendliest online community dedicated to the sole goal of helping people from all around the world! :)

I am Pyxis and I will be assisting you with the problem at hand. Whilst I am taking the time to analyse your set of provided logs, I would like to stress the following reminders:
  • I am a student that is currently undergoing training. As such, my responses have to be checked by a professional before I present them to you to ensure you get the best quality help. If you deem I have overlooked your thread, which is in a matter of more than 24 hours, please send me a PM and I will get back to you shortly.
  • It is important that you do not install anything unless asked while the process is ongoing. Doing so may hinder or even complicate the cleaning of your system. You will get the chance to install things as you would like after the process has been completed.
  • Ensure you take extra caution to precisely follow my instructions. It is important that you only use the tools I have asked you to. The instructions for your computer are unique and should therefore only apply to your system.
I hope you keep in mind these reminders. I will be right back with a full response! :thumbsup:

Thank you.
  • 0

#3
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Hi willie242,

The error you are getting is from a malicious program. Let's get rid of it alongside with the rest that are plaguing your system. :)
  • Step 1

    Run your copy of OTL by double-clicking it.
    • Copy and paste the following into the Custom Scans/Fixes box:
      :Commands
      [resethosts]
      [createrestorepoint]
      
      :OTL
      PRC - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
      SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\SupraSavings\SecureAssist.exe -- (SecureAssist)
      SRV:64bit: - [2014/06/14 12:47:38 | 000,706,560 | ---- | M] () [Auto | Stopped] -- C:\Program Files\003\nuttkoqiez64.exe -- (nuttkoqiez64)
      SRV:64bit: - [2014/04/18 08:47:52 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
      IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
      IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...referrer:source?}
      IE:64bit: - HKLM\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
      IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
      IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
      IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
      IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
      IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
      IE - HKLM\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
      IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
      IE - HKLM\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...or={searchTerms}
      IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
      IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
      IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
      IE - HKCU\..\URLSearchHook: {cc8ae5b8-005b-4b1a-a27d-307eddffe5c8} - No CLSID value found
      IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
      IE - HKCU\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.condui...trol21220_sp_ie
      IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
      IE - HKCU\..\SearchScopes\{06DD694F-FA98-491A-A67E-2E163D788560}: "URL" = http://search.yahoo....E7DefaultSearch
      IE - HKCU\..\SearchScopes\{163D5E30-922E-403B-9026-3694580A5B1E}: "URL" = http://www.amazon.co...ds={searchTerms}
      IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
      IE - HKCU\..\SearchScopes\{35e9438f-19d4-4516-b2ac-59ba9241de4d}: "URL" = http://search.mywebs...or={searchTerms}
      IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://start.mysearc...r=1664580624=
      IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...ie7&rlz=1I7HPIA
      IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://search.xfinit...&q={searchTerms}
      IE - HKCU\..\SearchScopes\{8F97F7AC-E9DA-415A-8588-80E2035F5574}: "URL" = http://www.bing.com/...rc=IE-SearchBox
      IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
      IE - HKCU\..\SearchScopes\{BEFEBB59-F171-4064-806E-1346A6AB6080}: "URL" = http://www.google.co...ie7&rlz=1I7HPIA
      IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox...id=80116&lng=en
      IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....ch={searchTerms}
      IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...kw={searchTerms}
      FF - HKLM\Software\MozillaPlugins\@RecipeHub_2j.com/Plugin: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\NP2jStub.dll (MindSpark)
      FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_2j.com: C:\Program Files (x86)\RecipeHub_2j\bar\1.bin [2014/06/24 19:30:25 | 000,000,000 | ---D | M]
      O2 - BHO: (Toolbar BHO) - {06e3475c-5521-4de8-bb12-50720f21631c} - C:\PROGRA~2\RECIPE~2\bar\1.bin\2jbar.dll File not found
      O2 - BHO: (Search Assistant BHO) - {b7acdf9c-c4f9-4d5d-998e-b147866b4d4c} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jSrcAs.dll ()
      O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll File not found
      O3 - HKLM\..\Toolbar: (Recipe Hub) - {cf51de5b-eb36-4114-bb69-84df63fbadb4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
      O3 - HKCU\..\Toolbar\WebBrowser: (Recipe Hub) - {CF51DE5B-EB36-4114-BB69-84DF63FBADB4} - C:\Program Files (x86)\RecipeHub_2j\bar\1.bin\2jbar.dll (MindSpark)
      O4 - HKLM..\Run: []  File not found
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
      O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Windows\SysNative\SecureAssist64.dll (SecureAssist)
      O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\SecureAssist.dll ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\SecureAssist.dll ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\SecureAssist.dll ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\SecureAssist.dll ()
      O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\SysWow64\SecureAssist.dll ()
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      [2014/06/14 12:49:48 | 000,338,120 | ---- | C] (SecureAssist) -- C:\Windows\SysNative\SecureAssist64.dll
      [2014/06/14 12:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SupraSavings
      [2014/06/14 12:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\003
      [2014/06/11 14:25:41 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Documents\Troop 177
      [2014/06/01 14:06:35 | 000,000,000 | ---D | C] -- C:\Users\Moms Desktop\Documents\Optimizer Pro
      [2014/06/24 20:02:25 | 000,003,132 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-3.job
      [2014/06/24 20:02:25 | 000,002,140 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-4.job
      [2014/06/24 20:02:25 | 000,001,502 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-5.job
      [2014/06/24 20:02:25 | 000,001,404 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-1.job
      [2014/06/24 20:02:25 | 000,001,380 | ---- | M] () -- C:\Windows\tasks\1ecc71f2-97a5-4467-a6ba-a33d21ec2cf4-2.job
      [2014/06/24 19:33:44 | 000,000,000 | ---- | M] () -- C:\Users\Moms Desktop\AppData\Local\{DB9658D7-4A72-4BD7-92D6-AE14C5C8BADF}
      [2014/03/21 12:27:16 | 000,005,696 | ---- | C] () -- C:\Windows\SysWow64\SecureAssist.ini
      [2014/03/21 12:27:16 | 000,002,536 | ---- | C] () -- C:\Windows\SysWow64\SecureAssistOff.ini
      [2013/03/17 16:03:13 | 000,000,004 | ---- | C] () -- C:\Users\Moms Desktop\AppData\Local\pcdit.dat
      [2013/03/17 16:03:46 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Alibre Design
      [2013/03/17 16:03:18 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Alibre, Inc
      [2014/06/24 19:30:27 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\BabSolution
      [2013/08/28 20:11:37 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\Babylon
      [2013/05/18 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\DriverCure
      [2013/05/18 21:56:17 | 000,000,000 | ---D | M] -- C:\Users\Moms Desktop\AppData\Roaming\ParetoLogic
      
      :Files
      C:\Program Files (x86)\RecipeHub_2j
      ipconfig /release /c
      ipconfig /renew /c
      ipconfig /flushdns /c
      netsh winsock reset all /c
      netsh int ip reset all /c
      
      :Commands
      [emptytemp]

      cF4ib.png

    • Click Run Fix.
    • OTL will reboot your system. Allow it by clicking OK.
    • After the reboot, a Notepad window will appear, named MMDDYYYY_HHMMSS.log. Alternatively, you can find that log at C:\_OTL\MovedFiles\MMDDYYYY_HHMMSS.log.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 2

    Download 'AdwCleaner by Xplode' and save it to your desktop.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • Click Scan and choose Clean after.
    • Wait for it to finish. It won't take long.
    • Click OK for the next prompts. Your system will automatically reboot.
    • A log will automatically pop-up after rebooting. Alternatively, you can find it at C:\AdwCleaner[S*].txt.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Step 3

    Download 'Junkware Removal Tool by thisisu' and save it to your desktop.
    • Ensure all programs and windows are closed before proceeding.
    • Simply double-click the program icon to run it. It will ask for administrator privileges.
    • A black window will appear. Press any key to continue.
    • Wait for it to finish. It won't take long.
    • A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
    • Copy (CTRL + A and CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
  • Logs to Post

    In summary of the above, I will need you to post the following log(s):
    • MMDDYYYY_HHMMSS.log (OTL)
    • AdwCleaner[S*].txt (AdwCleaner)
    • JRT.txt (Junkware Removal Tool)

  • 0

#4
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Redacted.
  • 0

#5
Pyxis

Pyxis

    Trusted Helper

  • Malware Removal
  • 1,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a new topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP