Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

gosavenow


  • This topic is locked This topic is locked

#1
DThomison

DThomison

    Member

  • Member
  • PipPip
  • 11 posts

How do you remove/uninstall "gosavenow", which is an incredibly annoying advertising popup?


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

First

Please download OTL to your Desktop
  • Double click on the OTLicon.jpg to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox
    and
  • Check the option for All under the Extra Registry section
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic
  • OTL.txt <-- Will be opened, maximized
  • Extras.txt <-- Will be minimized on task bar.
Please post the contents of both OTL.txt and Extras.txt files in your next reply.
  • 0

#3
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OTL logfile created on: 9/11/2014 7:56:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 61.54% Memory free
11.61 Gb Paging File | 9.22 Gb Available in Paging File | 79.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 829.86 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: MININT-8A4R6SD | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/11 19:51:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
PRC - [2014/09/05 19:20:33 | 000,156,568 | ---- | M] (APN LLC.) -- C:\Users\Becky\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
PRC - [2014/08/29 14:13:06 | 001,942,424 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014/08/29 14:13:06 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/10 14:37:46 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/01/10 14:35:58 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2012/01/10 13:18:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2014/09/08 22:34:29 | 000,620,032 | ---- | M] () -- C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/10 14:36:56 | 000,138,088 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2012/01/10 14:36:50 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2012/01/10 14:36:36 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2012/01/10 14:36:10 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/01/10 14:36:08 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/01/10 14:36:06 | 000,380,264 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2012/01/10 10:56:16 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/09/09 21:15:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/08/29 14:13:06 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/10 13:18:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/01/10 10:56:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2011/08/23 01:43:40 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Users\David\AppData\Local\Temp\7zS1B18\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/21 16:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 06:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/16 03:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...8-11&psv=&pt=tb
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\..\SearchScopes\{05544C4F-D92B-4DD8-9CAF-9084B55A2BE3}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...8-11&psv=&pt=tb
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 89 2E E1 58 BE 84 CF 01 [binary data]
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\SearchScopes\{39AC225D-524D-4B3C-82DE-2D3319F2CDAB}: "URL" = http://www.search.as...rms}&psv=&pt=tb
IE - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplimmopphojdpmdigiffloooobbffe\1.8\
CHR - Extension: Google Wallet = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
O2:64bit: - BHO: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O2 - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GosaveaNowi) - {c1be4847-e3ba-4684-ba4e-6a7fdff22e73} - C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://www.worthltd...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1563E7-507A-42D2-8241-A2C5CE44B59A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/11 17:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2014/09/11 03:18:52 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/09/11 03:18:51 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/09/11 03:18:51 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/09/11 03:18:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/09/11 03:18:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/09/11 03:18:50 | 000,758,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/09/11 03:18:50 | 000,547,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/09/11 03:18:50 | 000,446,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/09/11 03:18:50 | 000,289,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/09/11 03:18:50 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/09/11 03:18:50 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/09/11 03:18:50 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/09/11 03:18:50 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/09/11 03:18:50 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/09/11 03:18:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/09/11 03:18:49 | 000,727,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/09/11 03:18:49 | 000,707,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/09/11 03:18:49 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/09/11 03:18:49 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/09/11 03:18:49 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/09/11 03:18:49 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/09/11 03:18:49 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/09/11 03:18:48 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/09/11 03:18:48 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/09/11 03:18:48 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/09/11 03:18:48 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/09/11 03:18:47 | 001,249,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/09/11 03:18:47 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/09/11 03:18:47 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/09/11 03:18:47 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/09/11 03:18:47 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/09/11 03:18:47 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/09/11 03:18:45 | 005,833,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/09/11 03:18:45 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/09/11 03:18:44 | 002,104,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/09/11 03:10:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/11 03:00:50 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2014/09/11 03:00:50 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2014/09/10 04:41:49 | 001,031,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/09/10 04:41:49 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/09/10 04:41:42 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/09/10 04:41:28 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2014/09/10 04:41:25 | 000,578,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/10 04:41:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/08 22:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GosaveaNowi
[2014/09/08 22:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\8f7a10e448aa3039
[2014/09/08 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Torch
[2014/09/08 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Comodo
[2014/09/08 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Chromatic Browser
[2014/08/28 20:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/28 20:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/27 20:52:04 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/19 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Adobe
[2014/08/16 03:00:58 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardagt.exe
[2014/08/16 03:00:58 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardagt.exe
[2014/08/16 03:00:58 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\infocardapi.dll
[2014/08/16 03:00:58 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\infocardapi.dll
[2014/08/16 03:00:57 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardres.dll
[2014/08/16 03:00:57 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardres.dll
[2014/08/16 03:00:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TsWpfWrp.exe
[2014/08/16 03:00:46 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsWpfWrp.exe
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDYAK.DLL
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDYAK.DLL
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDTAT.DLL
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDTAT.DLL
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU1.DLL
[2014/08/15 21:55:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDBASH.DLL
[2014/08/15 21:55:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU1.DLL
[2014/08/15 21:55:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDRU.DLL
[2014/08/15 21:55:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KBDRU.DLL
[2014/08/15 21:55:06 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\KBDBASH.DLL
[2014/08/15 21:54:58 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2014/08/15 21:54:58 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2014/08/15 21:54:58 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2014/08/15 21:54:57 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2014/08/15 21:54:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2014/08/15 21:54:57 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2014/08/15 21:52:08 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/09/11 19:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/11 19:47:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/11 19:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/11 03:55:55 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 03:55:55 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 03:39:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/11 03:39:40 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 03:11:03 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 03:11:03 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 03:11:03 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 03:10:57 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/11 03:10:31 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/09 21:15:40 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/09/09 21:15:40 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/09/08 22:34:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/07 15:36:13 | 004,897,146 | ---- | M] () -- C:\Users\David\Desktop\ANW1244_12_Romantic-Inclination.mp3
[2014/09/04 21:10:43 | 000,578,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll
[2014/09/04 21:05:42 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll
[2014/09/02 22:54:18 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/28 20:07:41 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/28 03:27:23 | 000,476,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/08/22 21:07:00 | 000,404,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2014/08/18 17:29:35 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/08/18 17:19:53 | 005,833,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/08/18 17:15:34 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/08/18 17:15:09 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/08/18 17:14:38 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/08/18 17:14:10 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014/08/18 17:08:08 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/08/18 17:05:01 | 000,596,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/08/18 17:03:47 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/08/18 17:03:01 | 000,758,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/08/18 16:56:17 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/08/18 16:51:29 | 000,446,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/08/18 16:45:23 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/08/18 16:45:12 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/08/18 16:44:44 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/08/18 16:44:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014/08/18 16:40:29 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/08/18 16:39:19 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/08/18 16:39:13 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014/08/18 16:38:12 | 000,289,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/08/18 16:37:17 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/08/18 16:36:07 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/08/18 16:35:24 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/08/18 16:25:40 | 000,727,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/08/18 16:25:16 | 000,707,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/08/18 16:23:17 | 002,104,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/08/18 16:23:16 | 001,249,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014/08/18 16:22:48 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/08/18 16:19:16 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/08/18 16:17:52 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014/08/18 16:08:54 | 002,014,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/08/18 16:07:44 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014/08/18 15:38:41 | 000,775,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/08/18 15:36:30 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/09/08 22:34:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/07 15:36:01 | 004,897,146 | ---- | C] () -- C:\Users\David\Desktop\ANW1244_12_Romantic-Inclination.mp3
[2014/08/28 20:07:41 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\David\Documents\OMA Signed-Scanned Cover Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\David\Documents\OMA Cover Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >



OTL Extras logfile created on: 9/11/2014 7:56:50 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 3.57 Gb Available Physical Memory | 61.54% Memory free
11.61 Gb Paging File | 9.22 Gb Available in Paging File | 79.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 829.86 Gb Free Space | 90.42% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: MININT-8A4R6SD | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1321526782-2136679839-1153412253-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1ECCF851-00B9-4405-A697-202C3C6FB3D6}" = lport=445 | protocol=6 | dir=in | app=system |
"{28DC99C6-1BF5-4E25-9FAB-18B85D7FB2BD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2AF1B366-374E-4656-ADD7-4BA273887FFB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{396FC22B-0900-4941-B39E-D29BAEF7900E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4042742E-FAD7-4924-BA70-7F64D668BC2A}" = lport=138 | protocol=17 | dir=in | app=system |
"{48CC07E4-6A31-4E60-821E-BE6911B0C652}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51461354-5EDE-45BA-B255-9912141F638F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51548FD0-60E9-435C-A706-8F1F76C14B29}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{52CEE2DA-C9D7-4DD8-A858-2F3B3C869D3F}" = rport=445 | protocol=6 | dir=out | app=system |
"{6C37E15E-A707-438E-8CB4-5F86F8D2A122}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F8DBB4C-2AA2-46A1-AB7D-FEF59DFCBDAA}" = rport=137 | protocol=17 | dir=out | app=system |
"{7D971156-C091-4264-B4E9-B051E642469C}" = lport=137 | protocol=17 | dir=in | app=system |
"{906ACBAA-8031-4FB2-BE83-8C9A42B8F82B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9326B283-BBEA-4D50-AC4C-4D3CC2FE2A5B}" = rport=139 | protocol=6 | dir=out | app=system |
"{9883F7A7-AF8B-4A7C-BC21-9D7078CB7D24}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{9997F74E-170E-4763-8218-3FD218FEAD87}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9EE0127B-0ED8-4AF6-8C83-42C9CF0C592C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B161F0D8-E7A2-41EC-AFF9-89D38EB7F5E7}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{C4696226-1AFD-4760-BB27-7A05DB3CFC9B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C75EE680-9874-4E97-9586-4A1216FDCE18}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB119BD1-B10E-4227-BB58-0B0A62E85AFA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CC8DE31F-83AE-4A42-8254-F14C17EA63C6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D887AA59-B5AA-414D-B8B6-9D4D17338F57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EDD9D827-4EA1-4C73-AAEB-EC80D2F21CE3}" = lport=139 | protocol=6 | dir=in | app=system |
"{F49B1CB7-9311-4C90-B9EE-68D508A2277A}" = rport=138 | protocol=17 | dir=out | app=system |
"{F67FB03B-5104-474D-A844-736798EDE1A1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FB6BD9B4-258B-4A04-88DC-E5A6BC18A02E}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00355881-9B80-49BD-88C6-1D9C2B950DC5}" = protocol=1 | dir=out | [email protected]allapi.dll,-28544 |
"{027EFB95-09CB-404B-966F-D81751C36BD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{0C11717B-98A9-41B4-BF72-F0778A2B71AA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1BD52A30-9E52-4E78-880A-051113D6CE5F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F592A5E-D65E-4DCE-820B-9905A3C222AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20724745-92CE-478B-BDEE-FF31BCB177EB}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{21D41245-D70C-43EF-B5FB-8366BA5E9221}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34585D51-53A1-4864-B221-3EA6583D1AC7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{36FF3A0B-92A7-4C53-B18D-1173BB388500}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3D424210-FA95-4685-A707-0DC0E5CBB2C9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3FE04553-C5B7-4106-9990-3638B61C72B6}" = protocol=58 | dir=out | [email protected],-28546 |
"{47755BD9-7B89-4111-B35E-633025FE05C4}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{47760862-D086-456A-9BE6-0EE79F4401FD}" = protocol=58 | dir=in | [email protected],-28545 |
"{503D678E-1E99-496E-9150-02AA129865C5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{5757B764-BD2A-4C54-81EB-CD444784C8BD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D3B8324-FAA1-4013-A79D-76B022A6A7D5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{62166DF7-9847-4F43-81D8-B76D6C4ACBF0}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{622A1032-91B5-4EB0-8EA8-B2F7E21C0477}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6A704DC7-EE89-445D-B6AA-6698A9933AE3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D9AFF98-5C57-4F79-B42E-C19697DFBD55}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6D9D6163-058A-46DB-9EAB-42A79FDFFCB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7035EA71-521C-4A04-B309-0BE6388828F2}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7298360C-CF39-46A5-8282-79EDE139B4AB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{93FA8FF0-2C68-48DB-97BD-D063EE6A7771}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B1BA667B-E9B8-4186-A46F-0DCCA1679AF5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B68B4A87-CED9-4910-8231-D265A9C08735}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B86AFF39-6F07-4AA6-BE56-A8D017F32FBE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{BF88F8A4-2B26-4182-90BC-BCEF47761BE9}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{CD2CE183-A160-4ED7-A6F9-48FC4F2105A0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E901EEEE-40C0-4881-BF38-1A6015437B29}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F3CA6515-5C26-4565-807F-B18DDE4DFF8A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FC5BC89C-7022-4E2F-AB1D-F57A8CA628B5}" = protocol=6 | dir=out | app=system |
"{FF179ED8-5EBB-403B-8902-8A248429EF22}" = protocol=1 | dir=in | [email protected],-28543 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23F2C78C-E131-4CA0-8F84-3473FB7728BA}" = Microsoft Security Client
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"ATT-RC" = ATT-RC Self Support Tool
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}" = QuickBooks Pro 2012
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25E202D1-D8E7-46AF-B4B0-157D9993A93E}" = QuickBooks
"{26A24AE4-039D-4CA4-87B4-2F03217067FF}" = Java 7 Update 67
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F524A2D-5350-4500-76A7-A758B70C1002}" = Search App by Ask
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FE545A1-D215-4216-9189-E7B39C9D1CC1}" = Quicken 2011
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX
"Google Chrome" = Google Chrome
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1321526782-2136679839-1153412253-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2014 7:51:21 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:51:21 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:51:21 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:19 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:19 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:19 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:51 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:51 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/19/2014 7:53:51 PM | Computer Name = MININT-8A4R6SD | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 3/20/2014 1:31:02 AM | Computer Name = MININT-8A4R6SD | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 9/8/2014 11:16:36 PM | Computer Name = MININT-8A4R6SD | Source = Schannel | ID = 36887
Description = The following fatal alert was received: 50.

Error - 9/9/2014 9:41:48 PM | Computer Name = MININT-8A4R6SD | Source = DCOM | ID = 10010
Description =

Error - 9/9/2014 9:41:48 PM | Computer Name = MININT-8A4R6SD | Source = DCOM | ID = 10000
Description =

Error - 9/9/2014 10:11:51 PM | Computer Name = MININT-8A4R6SD | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk5\DR5.

Error - 9/9/2014 10:48:23 PM | Computer Name = MININT-8A4R6SD | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:46:49 PM on ?9/?9/?2014 was unexpected.

Error - 9/9/2014 10:50:49 PM | Computer Name = MININT-8A4R6SD | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 9/9/2014 11:20:12 PM | Computer Name = MININT-8A4R6SD | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 9/11/2014 4:42:00 AM | Computer Name = MININT-8A4R6SD | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%2

Error - 9/11/2014 8:36:43 AM | Computer Name = MININT-8A4R6SD | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 9/11/2014 8:36:43 AM | Computer Name = MININT-8A4R6SD | Source = WMPNetworkSvc | ID = 866333
Description =


< End of report >
  • 0

#4
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Zep516

 

As an FYI, I have had the Windows Task Manager open.  Per it, the following is running:

 

OTL

Extras.Txt - Notepad

OTL.Txt - Notepad

gosavenow-virus, spyware, malware removal - Internet Explorer

 

Obviously, the first three make sense as you requested.  However, somewhat surprised about the last one.  Just prior to logging onto your service, I uninstalled a program.  I think the program name was something like "Glance".  Just wanted to provide maximum information.  I appreciate the help.   


  • 0

#5
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello

please follow my instructions carefully, read and understand then take action.

Delete files using OTL and clean up left over orphaned entries.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    O2:64bit: - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll (APN LLC.)
    O2:64bit: - BHO: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
    O2 - BHO: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (GosaveaNowi) - {c1be4847-e3ba-4684-ba4e-6a7fdff22e73} - C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll ()
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Search App by Ask) - {4F524A2D-5350-4500-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll (APN LLC.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKU\S-1-5-21-1321526782-2136679839-1153412253-1005\..\Toolbar\WebBrowser: (no name) - {4F524A2D-5637-4300-76A7-7A786E7484D7} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    
    :Files
    C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll
    C:\Program Files (x86)\GosaveaNowi
    ipconfig /flushdns /c
    
    :Commands
    
    [emptytemp]
    [resethosts]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.

    Next Scan for adware an clean.

    Please download AdwCleaner by Xplode onto your Desktop.[/b]
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad.
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted.
    • Please post the content of that log file with your next answer.
    • You can find the log file at C:\AdwCleaner
    Next run Malwarebytes.

    Please download Malwarebytes Anti-Malware to your desktop
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits

    MBAMsettings.JPG

    Go back to the Dashboard and select Scan Now

    MBAMScan.JPG

    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

    MBAMReboot.JPG

    MBAMLog.JPG

    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    /Post that log


    In your next reply to me post:

    1- OTL Fix log. That log will pop up in front of you after fix is run and computer reboots.
    2- Adwcleaner Log report.
    3- Malwarebytes log report.
    4- New OTL Log after quick scan.

    Thanks
    Joe :)

  • 0

#6
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Wow, this feels like your are "nailing it". Below is the contents in the Text Document folder in C:\_OTL\Moved Files. I did not include anything under the File Folder.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\ deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport_x64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5637-4300-76A7-7A786E7484D7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4F524A2D-5350-4500-76A7-7A786E7484D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\ deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Passport.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c1be4847-e3ba-4684-ba4e-6a7fdff22e73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1be4847-e3ba-4684-ba4e-6a7fdff22e73}\ deleted successfully.
C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4F524A2D-5350-4500-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}\ not found.
File SPE\Passport.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1321526782-2136679839-1153412253-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1321526782-2136679839-1153412253-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-1321526782-2136679839-1153412253-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5637-4300-76A7-7A786E7484D7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4F524A2D-5637-4300-76A7-7A786E7484D7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon deleted successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
========== FILES ==========
File\Folder C:\Program Files (x86)\GosaveaNowi\lANpbtjeC9tyVZ.dll not found.
Folder move failed. C:\Program Files (x86)\GosaveaNowi scheduled to be moved on reboot.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Becky\Desktop\cmd.bat deleted successfully.
C:\Users\Becky\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Becky
->Temp folder emptied: 65459090 bytes
->Temporary Internet Files folder emptied: 455632805 bytes
->Java cache emptied: 436894 bytes
->Google Chrome cache emptied: 11842669 bytes
->Flash cache emptied: 6204 bytes

User: David
->Temp folder emptied: 651364106 bytes
->Temporary Internet Files folder emptied: 1089614141 bytes
->Java cache emptied: 414197 bytes
->Google Chrome cache emptied: 9964678 bytes
->Flash cache emptied: 93639 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Jennifer
->Temp folder emptied: 88782555 bytes
->Temporary Internet Files folder emptied: 574482006 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 28195004 bytes
->Flash cache emptied: 27838 bytes

User: Julianne
->Temp folder emptied: 249002569 bytes
->Temporary Internet Files folder emptied: 826475769 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 28437934 bytes
->Flash cache emptied: 72745 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1022746112 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32839861 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43362194 bytes
RecycleBin emptied: 2445044046 bytes

Total Files Cleaned = 7,271.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 09112014_220137

Files\Folders moved on Reboot...
C:\Program Files (x86)\GosaveaNowi folder moved successfully.
File move failed. C:\Users\Becky\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Becky\AppData\Local\Temp\~DF5C1ED3B4706D737A.TMP not found!
File\Folder C:\Users\Becky\AppData\Local\Temp\~DF6BACE4CE88DF0E92.TMP not found!
File\Folder C:\Users\Becky\AppData\Local\Temp\~DF888452AD144337AA.TMP not found!
File\Folder C:\Users\Becky\AppData\Local\Temp\~DFACE669CEE20135C9.TMP not found!
File\Folder C:\Users\Becky\AppData\Local\Temp\~DFC0EE35CCBE3431FF.TMP not found!
File\Folder C:\Users\Becky\AppData\Local\Temp\~DFFB196A78418E9F05.TMP not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWC0GEIB\10663795_317400541772763_938847276_n[2].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWC0GEIB\if[2].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZWC0GEIB\serve[2].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZSSG88H1\98fedf04-c934-4a07-8429-4c8a1309d545-2[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZSSG88H1\if[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\10701405_280985218778481_167579606_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\343107-gosavenow[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\proximanova-reg-webfont[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\scomm.782b85c048f5996874a47f427bb592ac[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\tt[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\tt[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\userData[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\V32IRSQP\user_sync[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\if[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\if[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\MTP_ySUJH_bn48VBG8sNSoraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\p-01-0VIaSjnOLg[1].gif not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\serve[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U59AI2QZ\videos[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\proximanova-regit-webfont[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\proximanova-sbold-webfont[1].eot moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\serve[1].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\tt[3].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\usermatch[2].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TPWY1F8P\usermatch[3].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\embed[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\embed[2].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\if[2].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\il_170x135.373433945_5cp3[1].jpg not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\il_170x135.493137678_66iu[1].jpg not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\il_170x135.572274963_ddp1[1].jpg not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[1].js moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[2].js not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[3].js not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[4].js not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[5].js not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\js[6].js not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\p-01-0VIaSjnOLg[1].gif not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\tt[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\THS1OCZV\tt[4].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\if[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\if[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\if[4].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\if[5].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\serve[1].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\tt[4].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PIKOUXWJ\tt[5].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N4K7XZSI\10663943_1516444275266664_1504543092_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N4K7XZSI\bst2tv3[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N4K7XZSI\videos[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N4K7XZSI\videos[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\10705788_277618322428015_1901667066_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\afr[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\cm-2.0[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\embed[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\embed[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\embed[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\embed[4].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\embed[5].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\if[4].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\if[5].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\p-01-0VIaSjnOLg[2].gif moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\serve[1].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MB35W2J0\serve[2].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL8DFIXS\if293MMVLA.htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL8DFIXS\if[10].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL8DFIXS\if[9].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL8DFIXS\tt[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KL8DFIXS\tt[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRW7FNYU\10705931_328725457297097_379845785_n[1].mp4 moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRW7FNYU\if[3].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\JRW7FNYU\vpixel[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\01[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\if[2].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\if[3].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\pixel[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\serve[2].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\st[2] not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\tt[6].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\tt[7].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\tt[8].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IHXFAO2T\tt[9].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EA5UWEWI\229344[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EA5UWEWI\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\EA5UWEWI\videos[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AYXJG3FP\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AYXJG3FP\t2tv6[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AYXJG3FP\tt[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\49025c72-39e1-415f-8ced-4d1f41787ca6-2[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\b4f87ce4-3979-480f-987e-ef155763f8fe-2[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\b8ab2137-7902-43d7-8a1b-ffb76b3d8d77-2[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\df10da2c-4862-4924-bd09-1f85ed8c1dd8-2[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\if3V54237A.htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\if9CPRLQ86.htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\ifK4JQSZ2N.htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\serve[1].htm not found!
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\st[1] not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\ttKI6ZKZIW.htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\vpixel[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9KM7OTD5\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8VL2FDK0\vpixel[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RPD3D5K\01[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RPD3D5K\ba[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8RPD3D5K\inj_tag[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\10701646_149964948510350_367551588_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\10701817_1502271000017118_1949037330_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\iframe3[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\if[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\ttMVCW0NLL.htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\tt[10].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\tt[7].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\tt[8].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\tt[9].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\UserData[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6RIPH5VS\vpixel[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4K1XXQ11\if[6].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4K1XXQ11\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4K1XXQ11\p-01-0VIaSjnOLg[2].gif moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4K1XXQ11\pagination_view[1].htm not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4K1XXQ11\vpixel[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\10705931_328725457297097_379845785_n[1].dat moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\pixel[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\proximanova-bold-webfont[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\proximanova-boldit-webfont[1].eot moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\register_server_layer[2].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\showad[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\Store[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\tt[1].htm moved successfully.
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\383XW5EK\tt[6].htm moved successfully.
File\Folder C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaA0DB.tmp not found!
C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\Becky\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
C:\Users\David\AppData\Local\Temp\7zS1B18\HPSLPSVC64.DLL moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


I am preceding forward with the "adware" steps. If I need to wait please advise.
  • 0

#7
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

There were two AdwCleaner Text Documents; see below.  Preceding with the Malawarebytes.

 

# AdwCleaner v3.309 - Report created 11/09/2014 at 22:34:44
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - MININT-8A4R6SD
# Running from : C:\Users\Becky\Desktop\adwcleaner_3.309.exe
# Option : Scan

***** [ Services ] *****

Service Found : APNMCP

***** [ Files / Folders ] *****

Folder Found : C:\Program Files (x86)\AskPartnerNetwork
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\AskPartnerNetwork
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\Becky\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Becky\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Becky\AppData\Local\torch
Folder Found : C:\Users\David\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\David\AppData\Local\Chromatic Browser
Folder Found : C:\Users\David\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Jennifer\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Jennifer\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Jennifer\AppData\Local\torch
Folder Found : C:\Users\Julianne\AppData\Local\AskPartnerNetwork
Folder Found : C:\Users\Julianne\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Julianne\AppData\Local\torch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\AskPartnerNetwork
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\AskPartnerNetwork
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : HKLM\SOFTWARE\AskPartnerNetwork
Key Found : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.search.ask.com/?tpid=ORJ-SPE&o=APN11405&pf=V7&trgb=IE&p2=%5EBBD%5EOSJ000%5EYY%5EUS&gct=hp&apn_ptnrs=BBD&apn_dtid=%5EOSJ000%5EYY%5EUS&apn_dbr=ie_11.0.9600.17207&apn_uid=2EF8B210-2D0E-4173-8AE8-9B2D49AC228B&itbv=12.15.5.30&doi=2014-08-11&psv=&pt=tb

-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\Julianne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6053 octets] - [11/09/2014 22:34:44]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [6113 octets] ##########

 

 

# AdwCleaner v3.309 - Report created 11/09/2014 at 22:36:47
# Updated 02/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : David - MININT-8A4R6SD
# Running from : C:\Users\Becky\Desktop\adwcleaner_3.309.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : APNMCP

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Becky\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Becky\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Becky\AppData\Local\torch
Folder Deleted : C:\Users\David\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\David\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\David\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Jennifer\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Jennifer\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Jennifer\AppData\Local\torch
Folder Deleted : C:\Users\Julianne\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Julianne\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Julianne\AppData\Local\torch

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v37.0.2062.103

[ File : C:\Users\Becky\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh

[ File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\Jennifer\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

[ File : C:\Users\Julianne\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [6223 octets] - [11/09/2014 22:34:44]
AdwCleaner[S0].txt - [5888 octets] - [11/09/2014 22:36:47]

########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [5948 octets] ##########


  • 0

#8
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Below is the Malwarebytes exported Scanning History Log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/11/2014
Scan Time: 10:55:57 PM
Logfile: Malware 9-11-2014.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.12.01
Rootkit Database: v2014.09.10.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: David

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 465905
Time Elapsed: 8 min, 15 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [2fd1bb31abd0b77fdc1a433d62a060a0],
PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [2fd1bb31abd0b77fdc1a433d62a060a0],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],
PUP.Optional.Ask.A, HKU\S-1-5-21-1321526782-2136679839-1153412253-1007-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [59a79a520f6c93a3f334bdc453afd030],

Registry Values: 2
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{4F524A2D-5350-4500-76A7-7A786E7484D7}, 0, Quarantined, [59a79a520f6c93a3f334bdc453afd030]
PUP.Optional.Ask.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\{4F524A2D-5350-4500-76A7-7A786E7484D7}, Quarantined, [748cb7352b50c76fc463f58c9d65de22],

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#9
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Below is the New OTL log after a Quick Scan.

OTL logfile created on: 9/11/2014 11:23:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Becky\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.80 Gb Total Physical Memory | 4.11 Gb Available Physical Memory | 70.84% Memory free
11.61 Gb Paging File | 9.81 Gb Available in Paging File | 84.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.84 Gb Total Space | 836.21 Gb Free Space | 91.11% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 7.44 Gb Free Space | 54.41% Space Free | Partition Type: NTFS

Computer Name: MININT-8A4R6SD | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/09/11 19:51:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Becky\Desktop\OTL.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/01/10 14:37:46 | 001,175,912 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2012/01/10 14:35:58 | 001,178,984 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE
PRC - [2012/01/10 13:18:06 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
PRC - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/01 16:55:28 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/09/05 01:14:10 | 004,300,456 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2012/01/10 14:36:56 | 000,138,088 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll
MOD - [2012/01/10 14:36:50 | 000,020,840 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.DLL
MOD - [2012/01/10 14:36:36 | 000,042,344 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll
MOD - [2012/01/10 14:36:10 | 000,176,488 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll
MOD - [2012/01/10 14:36:08 | 000,268,648 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll
MOD - [2012/01/10 14:36:06 | 000,380,264 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll
MOD - [2012/01/10 10:56:16 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll
MOD - [2010/11/24 22:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 10:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 17:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/09/09 21:15:41 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/01/10 13:18:06 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/01/10 10:56:52 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2012/01/10 10:56:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2010/11/25 05:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/09/11 22:55:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/11/21 16:31:18 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/10/30 06:56:34 | 000,244,736 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/10/26 15:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/16 03:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/09/18 03:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9MSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{05544C4F-D92B-4DD8-9CAF-9084B55A2BE3}: "URL" = http://www.search.as...archTerms}&psv=
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: First user (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplimmopphojdpmdigiffloooobbffe\1.8\
CHR - Extension: Google Wallet = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2014/09/11 22:17:01 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Report] \AdwCleaner\AdwCleaner[S0].txt ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O16 - DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} https://www.worthltd...intCab&Arch=X86 (RSClientPrint 2008 Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1563E7-507A-42D2-8241-A2C5CE44B59A}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\intu-help-qb5 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/09/11 22:53:02 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/11 22:52:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/11 22:52:36 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/09/11 22:52:36 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/09/11 22:52:36 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/09/11 22:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/09/11 22:52:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/11 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2014/09/11 22:35:21 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/11 22:34:37 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/11 22:01:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/11 17:43:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Motive
[2014/09/11 03:10:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/08 22:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\8f7a10e448aa3039
[2014/09/08 22:34:12 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Comodo
[2014/08/28 20:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/28 20:07:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/28 20:07:11 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/08/19 19:12:51 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Adobe

========== Files - Modified Within 30 Days ==========

[2014/09/11 23:15:50 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 23:15:50 | 000,028,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/11 23:15:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/11 23:08:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/11 23:08:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/11 23:08:15 | 378,888,191 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/11 22:55:57 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/09/11 22:52:42 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/11 22:52:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/09/11 22:17:01 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/09/11 03:11:03 | 000,774,632 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/11 03:11:03 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/11 03:11:03 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/11 03:10:57 | 000,774,632 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/11 03:10:31 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/08 22:34:13 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/07 15:36:13 | 004,897,146 | ---- | M] () -- C:\Users\David\Desktop\ANW1244_12_Romantic-Inclination.mp3
[2014/09/02 22:54:18 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/28 20:07:41 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/28 03:27:23 | 000,476,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2014/09/11 22:52:42 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/08 22:34:13 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/09/07 15:36:01 | 004,897,146 | ---- | C] () -- C:\Users\David\Desktop\ANW1244_12_Romantic-Inclination.mp3
[2014/08/28 20:07:41 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/04/27 09:35:24 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Oracle

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\David\Documents\OMA Signed-Scanned Cover Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\David\Documents\OMA Cover Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >


Wow, great instructions. For feedback purposes, the ONLY time I every had to use a "Help" item was on getting to the Scanning History Log page. After your review, hopefully you will confirm TOTAL success and victory. Assuming everything is in order, do I need to do anything with the three downloaded programs: OTL, AdwCleaner, or Malwarebytes?
  • 0

#10
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,


Don't get a ahead of yourself, we will run 1 more on line scan called "ESET." Please note this scan can take quite a while. This scan result will also show items (Files) that have already be assigned to a quarantine folder so don't worry if the ESET log looks big. We will sort out the bad left over files that may have not been quarantined by adwCleaner, OTL, Malwarebytes, and delete them if necessary. ESET will also look at your downloads folder it will flag any exe there feel free to clear out the downloads folder if you want. If you read the instruction on ESET you will also notice that we do not remove threats, this is because on line scanners can have a higher percentage rate on false positives...


So here we go
ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Your next reply should include:

1 ESET Log report.

I'll review the log, make any necessary deletions. If your machine is then problem free we will clear out all the tools that have been employed to clean your machine up.

Thanks
Joe :)
  • 0

Advertisements


#11
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Below is the Esetonlinescanner log text file.

 

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 


  • 0

#12
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

How is the computer running now ?
  • 0

#13
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

No issues.  Everything appears to be in order.


  • 0

#14
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Lets clean up the tools we used...

Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.
Thanks
Joe :)
  • 0

#15
DThomison

DThomison

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Below is the DelFix Text Document.

 

# DelFix v10.8 - Logfile created 12/09/2014 at 21:51:40
# Updated 29/07/2014 by Xplode
# Username : David - MININT-8A4R6SD
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\David\Downloads\Report_from_Five_Oaks_Lodge.pdf
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Cleaning system restore ...

Deleted : RP #20 [OTL Restore Point - 9/11/2014 10:01:48 PM | 09/12/2014 03:01:48]
Deleted : RP #21 [Windows Update | 09/12/2014 03:49:53]

New restore point created !

########## - EOF - ##########


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP