Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help removing srcipt error/malware

quikdisplay.com&colo script

  • Please log in to reply

#31
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

i have almost completed the Essentials installation...last question is "Scan my computers for potential threats after getting the latest updates." should I check or uncheck that box and then hit finish?


  • 0

Advertisements


#32
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts

I think check that box, then finish....

 

Let me know when a scan completes..


  • 0

#33
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

the scan completed Real-time protection: on & Virus and spyware definitions: up to date. No threats were detected on my PC the scan. whats next?


  • 0

#34
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts

Hello,

 

Can we run Malwarebytes now, my instructions for that are in post # 4. You had a problem with that before lets see if it will run now.

 

Thanks

Joe :)


  • 0

#35
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

i right clicked malwarebytes the is on my desktop, run as administrator, and when I clicked on update i got the following message:

Malwarebytes Anti Maleware has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


  • 0

#36
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts

Hello,

 

Lets uninstall it following these guidelines Here  What we want to do is run the "clean" tool, it totally uninstalls it, then we reinstall and follow the directions in Post 4.  I want Malwarebytes to work on your machine so you can run it once a week...

 

Joe


  • 0

#37
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

uhg. same exact thing happened and same message...

Malwarebytes Anti Maleware has stopped working

A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available.


  • 0

#38
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts

Hi,

 

Strange, I have no idea. I would uninstall it again using the clean tool and don't reinstall it. I'll do some research on the issue for you..

 

We need to run an on- line scan as a final check of things. This scan will take a while so you can run it later or when ever. This scan may find things that we already took care of so don't worry if it looks like it found a lot of stuff.

 

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

 

  • Please go >>HERE<< then click on: ESET1st.jpg

     

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 


  • 0

#39
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

C:|program files (x86)\ESET\Esetonlinescanner\log:

 

[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=7f45281236d89f4d80e3007ac389430b
# engine=20232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-19 02:46:20
# local_time=2014-09-19 10:46:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 55667 34013974 0 0
# scanned=150017
# found=47
# cleaned=0
# scan_time=11198
sh=3874C382D024D9237E67F7D7BF945747B11FE874 ft=1 fh=817ae7ba01f9400c vn="a variant of MSIL/Adware.iBryte.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe.vir"
sh=44A7956A5D046523ABEDE48F6073E90961AAC364 ft=1 fh=7006f955c1e9646d vn="a variant of MSIL/Adware.iBryte.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe.vir"
sh=C38158A06AE5F9616D992337A085033C6EEF0173 ft=1 fh=9b1a57604b3382ae vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll.vir"
sh=30117DCFBCCAB480401F889A6353A118547038BB ft=1 fh=6ba17e2649cf61a6 vn="a variant of MSIL/Adware.Proxomoto.E application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll.vir"
sh=3D38B2504C9D0DD8043A629DA0EFEA6A03B34E00 ft=1 fh=c13a1fe50ec0c127 vn="a variant of MSIL/Adware.Proxomoto.G application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.vir"
sh=1DBF1556C82A78CA45882E66DD83C0A977BF8D23 ft=1 fh=328989ef9803066c vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=C5883F4245AE2C0515FB1D04A08FD82885B06398 ft=1 fh=8d649859311d4519 vn="Win64/Thinknice.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=EA186A56E0445AF8E5F382F56F42F91682CFED3B ft=1 fh=875c743a5b727b00 vn="Win32/ELEX.AR potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=9E90A050EB0BB1CEAB5633BCE404E5D5BC307647 ft=1 fh=2563181150dc44ea vn="Win32/Thinknice.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=16CF5D6E11C0F55548A67B8B5D04FA3460C76A2D ft=1 fh=7418003a088e68c3 vn="Win64/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=C03584BE4ED7835858158D1C38D6B08317E2FC82 ft=1 fh=a96a1125b953bd6a vn="Win32/Thinknice.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=67642DACDC22ED45AF7947E4F47B1B8463E4162C ft=1 fh=b08cc40f36e9035a vn="Win64/Thinknice.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9042385F0336C5429FCD45FC347CC29A9BC06BB0 ft=1 fh=a7a426d7c77c80fb vn="Win32/Thinknice.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=02AE1DC4742A7C79A086396549FB68802D80F504 ft=1 fh=5f79a6f6c3eb70f3 vn="a variant of Win32/ShopperPro.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YouTube Accelerator\Updater.exe.vir"
sh=E3B202651C97FD7241F76EB147B5CD163DFD7078 ft=1 fh=c71c00117859331c vn="a variant of Win32/SProtector.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe.dll.vir"
sh=A0D52DCF369EF5A26EDD02F381A30BC06D6159F1 ft=1 fh=c71c00110a80296a vn="a variant of Win64/SProtector.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Fast And Safe\FastAndSafe_x64.dll.vir"
sh=58082C6FD69B624C913A4F5B4F0E1641EAAB2C6F ft=1 fh=311ff3fd5f86bccf vn="a variant of Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=22DF0C5225334D3AD807485F5E9DC92AD42DB731 ft=1 fh=10832299a7779ae3 vn="a variant of MSIL/Adware.StrongVault.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Misty\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir"
sh=4F1198EAE621CD597250A2A074AC09BBDFC4F59F ft=1 fh=81ea31f780d9a20f vn="Win32/Systweak.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Misty\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir"
sh=1051181D6A4E6B06FF83BFD5BAD844647E2B6450 ft=1 fh=a1ff9876a0d9750c vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="a variant of Win64/Riskware.NetFilter.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=9154E6A8D29E68548605AC902B50823C3E7D1521 ft=1 fh=74141f378ba7c9f2 vn="a variant of Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Program Files\pcmax\pcmax.exe.xBAD"
sh=5E6A03871B397414C36AF1E1359FE014C7761B74 ft=1 fh=ee8c5e224a6823f5 vn="a variant of Win32/Bundled.Toolbar.Ask.A potentially unsafe application" ac=I fn="C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe"
sh=16D2E5DB1D6ECBB6954D35AC8A70F26C470100E9 ft=1 fh=e4cfa4e7b96e956d vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Program Files\pcmax\service.exe"
sh=ED3AE0C892B53C95BD9BDE74AEE8396D41B3AF87 ft=1 fh=be30934dd2f4fafd vn="a variant of Win64/Adware.Adpeak.F application" ac=I fn="C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe"
sh=970A76CFB61B7FD30ED1DF81E3287BC60253E391 ft=1 fh=eee9e63f3276efa2 vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\temp\launcher.exe"
sh=14F220CDA344BC6CF82EE972E71CACBC5127475C ft=1 fh=a3d3d6d0575bc0e0 vn="Win32/Conduit.SearchProtect.M potentially unwanted application" ac=I fn="C:\temp\protect.exe"
sh=119E149747A552877117A6D91EFD3BE4B26418AE ft=1 fh=d60c8402287380a1 vn="Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\temp\sp-downloader.exe"
sh=990A77ECC18BC46820C2354D3726F20FAAC791E9 ft=0 fh=0000000000000000 vn="a variant of Win32/AdWare.Adpeak.I application" ac=I fn="C:\temp\t.msi"
sh=62787B5CFC7CEC19C3B235551BFC3818ECF037A2 ft=1 fh=97702881defef2e1 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\Misty\AppData\Local\PCP_100_v3\PCPerformerSetup.exe"
sh=92B820C0E9460A27B84842711D81A7212B2C0A2E ft=1 fh=0592f6b6d132e44d vn="a variant of Win32/AdWare.iBryte.AH application" ac=I fn="C:\Users\Misty\Downloads\Flash_Player_Pro_Update_Setup.exe"
sh=94F850FA5E86E6AB2BEE2552716C9491CA58354E ft=1 fh=546bb2a66f4e8a03 vn="Win32/Idmsq.A potentially unwanted application" ac=I fn="C:\Users\Misty\Downloads\IDM2-Windows-en-us.exe"
sh=CC8DFDB7C0B9A2B2193F650E0ADEECCF638EB796 ft=1 fh=4a8539331613b968 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Misty\Downloads\internetdownloadmanager.exe"
sh=AB75BC9BD82BB34078CE9CA6D43004BAC31D2011 ft=1 fh=3ec43b0557085eff vn="a variant of Win32/AdWare.iBryte.BI application" ac=I fn="C:\Users\Misty\Downloads\Java_Updater_Setup.exe"
sh=AA66558A3446A471E08D8D47C284F4FC7CB61941 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Windows\Installer\2dea1f1b.msi"
sh=571F38A34D64CCCBD914734C8BC01056A78BB5B5 ft=1 fh=d5332291ff13d174 vn="a variant of MSIL/Toolbar.Linkury.E potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=FB6FF772C026ADC3BAA1A9FD0E9981177A953F58 ft=1 fh=19a87532ff09fe43 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\spbl.dll"
sh=B547F49188B8B4FD14FD8AFED2D8DC390D760CA1 ft=1 fh=c0d2b431bd875300 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\sppsm.dll"
sh=09CCC83AE946B1A2F9D123E5BCC160F0B1322E66 ft=1 fh=7225e695ddb52254 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\spusm.dll"
sh=4FF4461EFC14F2B9EE8E54AD459DB3D3C0305017 ft=1 fh=72733531b3b70c5a vn="a variant of MSIL/Toolbar.Linkury.C potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\srbs.dll"
sh=CD6429346DBB54DD36D81145F9D901B8741A3367 ft=1 fh=8a47f1e2252ef3f8 vn="a variant of MSIL/Toolbar.Linkury.F potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\srbu.dll"
sh=052E64A824CD325E5D6448F09F5943BCF231A978 ft=1 fh=9e58a417d67982a0 vn="a variant of MSIL/Toolbar.Linkury.G potentially unwanted application" ac=I fn="C:\Windows\Installer\MSIF6D2.tmp-\srptc.dll"
sh=C38158A06AE5F9616D992337A085033C6EEF0173 ft=1 fh=9b1a57604b3382ae vn="a variant of MSIL/Adware.Proxomoto.A application" ac=I fn="C:\Windows\Microsoft\System Update kb70007\Installer.dll"
sh=30117DCFBCCAB480401F889A6353A118547038BB ft=1 fh=6ba17e2649cf61a6 vn="a variant of MSIL/Adware.Proxomoto.E application" ac=I fn="C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll"
sh=16D2E5DB1D6ECBB6954D35AC8A70F26C470100E9 ft=1 fh=e4cfa4e7b96e956d vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe"
sh=16D2E5DB1D6ECBB6954D35AC8A70F26C470100E9 ft=1 fh=e4cfa4e7b96e956d vn="Win32/Conduit.SearchProtect.O potentially unwanted application" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe"
sh=038AF16619CFB2102B38C8F0D187E14DB7EF1AEA ft=1 fh=0e796303eff9f02f vn="Win32/Conduit.SearchProtect.T potentially unwanted application" ac=I fn="C:\_OTL\MovedFiles\09162014_072045\C_Program Files\pcmax\service.exe"
 


  • 0

#40
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Thanks,

Let me go through that and get back to a bit later..

Joe
  • 0

Advertisements


#41
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Hello,

Files from ESET to delete using OTL to do it.
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    :Files
    C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe
    C:\Program Files\pcmax\service.exe
    C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe
    C:\temp\launcher.exe
    C:\temp\sp-downloader.exe
    C:\temp\t.msi
    C:\Users\Misty\AppData\Local\PCP_100_v3\PCPerformerSetup.exe
    C:\Users\Misty\Downloads\Flash_Player_Pro_Update_Setup.exe
    C:\Users\Misty\Downloads\IDM2-Windows-en-us.exe
    C:\Users\Misty\Downloads\internetdownloadmanager.exe
    C:\Users\Misty\Downloads\Java_Updater_Setup.exe
    C:\Windows\Installer\2dea1f1b.msi
    C:\Windows\Installer\MSIF6D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll
    C:\Windows\Installer\MSIF6D2.tmp-\spbl.dl
    C:\Windows\Installer\MSIF6D2.tmp-\sppsm.dll
    C:\Windows\Installer\MSIF6D2.tmp-\spusm.dll
    C:\Windows\Installer\MSIF6D2.tmp-\srbs.dll
    C:\Windows\Installer\MSIF6D2.tmp-\srbu.dll
    C:\Windows\Installer\MSIF6D2.tmp-\srptc.dll
    C:\Windows\Microsoft\System Update kb70007\Installer.dll
    C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll
    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe
    C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe
    
    :Commands
    [emptytemp]
    
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
Your next reply:

post the OTL Fix log,
Post a new OTL Log after quick scan.


Thanks
Joe :
  • 0

#42
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

OTL fix

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\OEM\Preload\Autorun\APP\Nero 10 Essentials Gateway Edition\ISSetupPrerequisites\{BF80A1C0-C3FF-4B1C-ABEF-22CD4F97A0AB}\Toolbar.exe moved successfully.
C:\Program Files\pcmax\service.exe moved successfully.
C:\Program Files (x86)\6E6B36EB-9156-411B-B951-C735F4747DCF\SupraSavingsService64.exe moved successfully.
C:\temp\launcher.exe moved successfully.
C:\temp\sp-downloader.exe moved successfully.
C:\temp\t.msi moved successfully.
C:\Users\Misty\AppData\Local\PCP_100_v3\PCPerformerSetup.exe moved successfully.
C:\Users\Misty\Downloads\Flash_Player_Pro_Update_Setup.exe moved successfully.
C:\Users\Misty\Downloads\IDM2-Windows-en-us.exe moved successfully.
C:\Users\Misty\Downloads\internetdownloadmanager.exe moved successfully.
C:\Users\Misty\Downloads\Java_Updater_Setup.exe moved successfully.
C:\Windows\Installer\2dea1f1b.msi moved successfully.
C:\Windows\Installer\MSIF6D2.tmp-\Smartbar.Resources.LanguageSettings.resources.dll moved successfully.
File\Folder C:\Windows\Installer\MSIF6D2.tmp-\spbl.dl not found.
C:\Windows\Installer\MSIF6D2.tmp-\sppsm.dll moved successfully.
C:\Windows\Installer\MSIF6D2.tmp-\spusm.dll moved successfully.
C:\Windows\Installer\MSIF6D2.tmp-\srbs.dll moved successfully.
C:\Windows\Installer\MSIF6D2.tmp-\srbu.dll moved successfully.
C:\Windows\Installer\MSIF6D2.tmp-\srptc.dll moved successfully.
C:\Windows\Microsoft\System Update kb70007\Installer.dll moved successfully.
C:\Windows\Microsoft\System Update kb70007\InstallerLibrary.dll moved successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe moved successfully.
File\Folder C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\service[1].exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Misty
->Temp folder emptied: 24168698 bytes
->Temporary Internet Files folder emptied: 823810 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46907488 bytes
->Google Chrome cache emptied: 7294345 bytes
->Flash cache emptied: 5328 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 103412 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 17292760 bytes
 
Total Files Cleaned = 92.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09202014_175647

Files\Folders moved on Reboot...
C:\Users\Misty\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Misty\AppData\Local\Temp\MMDUtl.log moved successfully.
C:\Users\Misty\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

Quick Scan:
OTL logfile created on: 9/20/2014 6:14:27 PM - Run 5
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Misty\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.60 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 66.13% Memory free
7.20 Gb Paging File | 5.84 Gb Available in Paging File | 81.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.16 Gb Total Space | 399.29 Gb Free Space | 88.50% Space Free | Partition Type: NTFS
 
Computer Name: MISTY-PC | User Name: Misty | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/18 20:13:15 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/14 10:49:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misty\Desktop\OTL(1).exe
PRC - [2014/09/10 18:09:01 | 001,870,000 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
PRC - [2014/09/04 05:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/05/04 05:46:58 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/05/04 05:46:56 | 000,365,648 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/05/04 05:46:56 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/05/04 05:46:54 | 001,108,048 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 09:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2012/01/05 17:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
PRC - [2012/01/05 17:21:56 | 000,289,816 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
PRC - [2011/07/22 17:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/18 20:12:21 | 003,734,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/10 18:08:56 | 016,825,520 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014/04/23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/04/23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/01/05 17:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 15:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 15:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2014/08/18 18:03:37 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/22 02:24:24 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/07 20:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/06 20:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/09/18 20:13:13 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/10 18:09:02 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/04 05:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/03/20 18:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/05/04 05:46:56 | 000,365,648 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 09:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/01/17 23:46:42 | 002,439,272 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/01/05 17:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/07/22 17:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/07 15:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/05/12 19:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 18:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/10/01 22:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/03/18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/22 03:36:26 | 010,309,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/08/22 01:28:02 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/04/09 22:35:58 | 002,808,832 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 20:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/01/30 23:38:02 | 000,340,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2012/01/16 03:49:14 | 000,103,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2012/01/01 23:06:04 | 001,601,152 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/11/15 21:35:58 | 000,054,400 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/10/25 11:16:46 | 000,219,776 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/10/25 11:16:46 | 000,102,528 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/09/21 06:08:10 | 000,376,144 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/07/14 01:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 01:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...U221DHP&pc=U221
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "https://bay177.mail....4855&rru=inbox"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.2
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.67.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/09/05 11:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misty\AppData\Roaming\Mozilla\Extensions
[2014/09/12 16:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\94hanpre.default-1409965738064\extensions
[2014/09/18 20:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/09/18 20:13:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://suggest.secci...={searchTerms},
CHR - homepage: https://bay177.mail....64855&rru=inbox
CHR - plugin: Error reading preferences file
CHR - Extension: Google Slides = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\
CHR - Extension: Google Docs = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: YouTube = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Google Sheets = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\
CHR - Extension: CPDD-Blossom = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlialpgnoagkdecfaggejocpfdbommon\1.4_0\
CHR - Extension: Google Wallet = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/09/16 19:22:36 | 000,000,035 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51F13018-30CD-47ED-A79F-9BACC2F26587}: DhcpNameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68C1C730-71A1-4A1B-ACE9-F6EF1C6452F0}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/18 20:48:24 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Misty\Desktop\mbam-setup-2.0.2.1012.exe
[2014/09/18 20:24:50 | 000,321,848 | ---- | C] (Malwarebytes Corporation) -- C:\Users\Misty\Desktop\mbam-clean-2.1.1.1001.exe
[2014/09/18 20:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/09/17 19:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2014/09/17 19:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2014/09/16 17:51:08 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/16 17:49:32 | 002,105,856 | ---- | C] (Farbar) -- C:\Users\Misty\Desktop\FRST64.exe
[2014/09/15 17:49:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/15 15:42:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/15 15:33:08 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Misty\Desktop\JRT.exe
[2014/09/15 15:22:08 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/09/15 15:20:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/14 10:49:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Misty\Desktop\OTL(1).exe
[2014/09/12 16:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2014/09/12 16:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/09/12 16:33:40 | 000,000,000 | ---D | C] -- C:\Users\Misty\AppData\Roaming\Yahoo!
[2014/09/12 16:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2014/09/05 21:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2014/09/05 21:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2014/09/05 21:07:24 | 000,000,000 | ---D | C] -- C:\Users\Misty\Desktop\Old Firefox Data
[2014/09/05 20:58:37 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2014/09/05 14:45:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2014/09/05 11:06:01 | 000,000,000 | ---D | C] -- C:\Users\Misty\AppData\Local\CrashDumps
[2014/09/05 11:05:17 | 000,000,000 | ---D | C] -- C:\Users\Misty\AppData\Local\Windows Live
[2014/09/05 10:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/09/05 10:33:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/02 08:27:21 | 000,000,000 | ---D | C] -- C:\Users\Misty\AppData\Local\Adobe
[2014/08/23 14:18:53 | 000,000,000 | ---D | C] -- C:\Users\Misty\AppData\Local\ElevatedDiagnostics
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/20 18:08:59 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/20 18:08:59 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/20 18:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/20 18:01:35 | 000,067,584 | -H-- | M] () -- C:\Windows\bootstat.dat
[2014/09/20 18:01:29 | 2899,075,072 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/18 20:48:31 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Misty\Desktop\mbam-setup-2.0.2.1012.exe
[2014/09/18 20:44:15 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/18 20:24:50 | 000,321,848 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Misty\Desktop\mbam-clean-2.1.1.1001.exe
[2014/09/17 19:07:56 | 000,869,456 | ---- | M] () -- C:\Users\Misty\Desktop\Norton_Removal_Tool.exe
[2014/09/16 19:23:55 | 000,000,008 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/09/16 19:22:36 | 000,000,035 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/09/16 17:49:33 | 002,105,856 | ---- | M] (Farbar) -- C:\Users\Misty\Desktop\FRST64.exe
[2014/09/15 15:33:09 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Misty\Desktop\JRT.exe
[2014/09/15 15:19:52 | 001,373,475 | ---- | M] () -- C:\Users\Misty\Desktop\adwcleaner_3.310.exe
[2014/09/14 10:49:25 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Misty\Desktop\OTL(1).exe
[2014/09/14 10:12:21 | 000,345,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/09/12 19:59:45 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/12 14:00:15 | 002,142,167 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/09/12 08:36:24 | 000,774,036 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/09/12 08:36:24 | 000,662,130 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/09/12 08:36:24 | 000,121,966 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/09/12 08:36:07 | 000,774,036 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/09/10 17:07:25 | 000,002,290 | ---- | M] () -- C:\Users\Misty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/08 15:18:35 | 002,041,183 | ---- | M] () -- C:\Users\Misty\Documents\Ellen.pdf
[2014/09/05 21:19:33 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/05 20:58:24 | 384,745,693 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/09/05 11:18:35 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/17 19:18:29 | 000,002,124 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2014/09/17 19:07:55 | 000,869,456 | ---- | C] () -- C:\Users\Misty\Desktop\Norton_Removal_Tool.exe
[2014/09/15 15:19:44 | 001,373,475 | ---- | C] () -- C:\Users\Misty\Desktop\adwcleaner_3.310.exe
[2014/09/08 15:18:32 | 002,041,183 | ---- | C] () -- C:\Users\Misty\Documents\Ellen.pdf
[2014/09/05 21:21:00 | 000,002,290 | ---- | C] () -- C:\Users\Misty\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/09/05 21:21:00 | 000,002,190 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/09/05 21:19:33 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/09/05 20:58:24 | 384,745,693 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/09/05 13:59:33 | 000,002,198 | ---- | C] () -- C:\Windows\epplauncher.mif
[2014/09/05 11:18:35 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/09/05 11:18:34 | 000,001,170 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/22 17:46:24 | 000,000,230 | ---- | C] () -- C:\Windows\wininit.ini
[2014/06/14 16:44:42 | 000,000,008 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/06/03 13:31:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013/09/11 05:22:30 | 000,774,036 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/11 05:18:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 22:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 21:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/07/08 20:05:18 | 000,000,000 | ---D | M] -- C:\Users\Misty\AppData\Roaming\Oracle
[2014/06/03 08:49:28 | 000,000,000 | ---D | M] -- C:\Users\Misty\AppData\Roaming\Screensaver
[2014/06/03 09:01:00 | 000,000,000 | ---D | M] -- C:\Users\Misty\AppData\Roaming\SNS
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:56E2E879

< End of report >

 


  • 0

#43
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
Sorry for delay, my turn to post :)

What issues remain with the computer ?

Thanks
Joe :)
  • 0

#44
Mistybiz

Mistybiz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

so far while I have been using it, it has been going pretty well. no pop ups, no software loading itself. mo script errors.

so far so good


  • 0

#45
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,803 posts
OK.

What about Malwarebytes ? Where do we stand with that ? Last "I" told you was to uninstall it using the clean tool, because you were getting a Malwarebytes Anti Malware has stopped working message...

Is it still uninstalled ?

Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP