Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Out of controll add add pop ups and page redirects

Started by Mrs_Roboto , Nov 29 2014 05:34 PM

  • This topic is locked This topic is locked

#1
Mrs_Roboto
Posted 29 November 2014 - 05:34 PM

Mrs_Roboto

    Member

  • Member
  • PipPip
  • 37 posts

Every time I click on a web page I get pop ups.  Thank you in advance for your help.

 

OTL logfile created on: 11/30/2014 4:16:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Super Dooper User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.99 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 30.87% Memory free
8.20 Gb Paging File | 5.27 Gb Available in Paging File | 64.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.73 Gb Total Space | 242.42 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive D: | 362.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: MATT-PC | User Name: Super Dooper User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/30 16:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
PRC - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/05/13 16:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/04/01 11:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/04/01 11:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 16:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 16:40:53 | 013,695,816 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll
MOD - [2014/05/13 16:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 16:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/23 12:10:06 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/07 16:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/30 12:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 19:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 19:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2008/01/14 16:56:22 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/20 16:33:08 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14326;https=127.0.0.1:14326
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 B3 67 EE A0 EB CE 01  [binary data]
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\..\SearchScopes,DefaultScope = {FF091A63-9B0A-4F74-900D-1DD8B4FAB7B0}
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\..\SearchScopes\{FF091A63-9B0A-4F74-900D-1DD8B4FAB7B0}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
 
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 94 69 23 F1 0C D0 01  [binary data]
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013/12/06 09:10:49 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/23 21:21:47 | 000,517,099 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 static.a-ads.com
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 15481 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D72001A-DD00-4A94-2803-9606A25D8F00} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1000..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1002..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1003..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E2A801E-9280-4474-9B30-3028987B647E}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/09 17:57:07 | 000,000,374 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/30 16:15:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
[2014/11/30 16:07:32 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/30 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Macromedia
[2014/11/30 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Adobe
[2014/11/23 23:27:14 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2014/11/23 21:44:02 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/11/23 21:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/11/23 21:40:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/11/23 21:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2014/11/23 21:39:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/11/23 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/11/23 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014/11/23 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Windows Live
[2014/11/23 21:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2014/11/23 21:14:31 | 000,000,000 | ---D | C] -- C:\temp
[2014/11/23 19:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/11/23 19:26:45 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/11/23 19:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/11/23 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Apple Computer
[2014/11/23 19:14:22 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Google
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Searches
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/23 19:14:09 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Identities
[2014/11/23 19:14:07 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Contacts
[2014/11/23 19:14:06 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\VirtualStore
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\Temporary Internet Files
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Templates
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Start Menu
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\SendTo
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Recent
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\PrintHood
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\NetHood
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Videos
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Pictures
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Music
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\My Documents
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Local Settings
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\History
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Cookies
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Application Data
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\Application Data
[2014/11/23 19:13:56 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/23 19:13:56 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\temp
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Microsoft
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Media Center Programs
[2014/11/23 19:13:55 | 000,000,000 | --SD | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Videos
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Saved Games
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Pictures
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Music
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Links
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Favorites
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Downloads
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Documents
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Desktop
[2014/11/23 19:13:55 | 000,000,000 | -H-D | C] -- C:\Users\Super Dooper User\AppData
[2014/11/23 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/23 12:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/11/23 11:24:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/23 11:24:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/30 16:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
[2014/11/30 15:58:15 | 000,000,973 | ---- | M] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/23 23:32:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/23 23:30:49 | 000,758,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/23 23:30:49 | 000,641,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/23 23:30:49 | 000,119,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/23 23:12:14 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/23 23:12:14 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/23 21:21:47 | 000,517,099 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2014/11/23 20:39:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/23 19:39:31 | 000,000,004 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
[2014/11/23 19:39:05 | 000,002,049 | ---- | M] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/23 19:39:05 | 000,002,025 | ---- | M] () -- C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
[2014/11/23 19:37:50 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/11/23 19:27:09 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/11/23 19:27:08 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/11/23 19:26:53 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/11/23 19:15:09 | 000,000,680 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
[2014/11/23 19:13:59 | 000,000,632 | RHS- | M] () -- C:\Users\Super Dooper User\ntuser.pol
[2014/11/23 19:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/23 15:33:31 | 000,116,300 | ---- | M] () -- C:\Windows\hpoins33.dat
[2014/11/23 15:16:00 | 000,116,270 | ---- | M] () -- C:\Windows\hpoins33.dat.temp
[2014/11/23 11:27:30 | 000,449,919 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2014/11/20 17:10:26 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/11/15 03:24:44 | 000,280,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2014/11/30 15:58:15 | 000,000,973 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/23 21:42:38 | 000,001,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2014/11/23 21:42:19 | 000,001,281 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2014/11/23 21:41:50 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2014/11/23 21:41:21 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2014/11/23 19:39:31 | 000,000,004 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
[2014/11/23 19:27:09 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/11/23 19:27:08 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/11/23 19:27:06 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/11/23 19:26:53 | 000,001,230 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/11/23 19:26:53 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/11/23 19:15:09 | 000,000,680 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
[2014/11/23 19:14:27 | 000,000,949 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/11/23 19:14:22 | 000,002,049 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/23 19:14:22 | 000,002,025 | ---- | C] () -- C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
[2014/11/23 19:14:22 | 000,000,979 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/23 19:14:20 | 000,000,974 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/11/23 19:14:07 | 000,000,915 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2014/11/23 19:13:59 | 000,000,632 | RHS- | C] () -- C:\Users\Super Dooper User\ntuser.pol
[2014/11/23 19:13:56 | 000,000,258 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/23 19:13:56 | 000,000,240 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/23 15:15:58 | 000,116,270 | ---- | C] () -- C:\Windows\hpoins33.dat.temp
[2014/11/23 15:15:58 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2014/11/23 12:09:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/05 14:56:23 | 000,006,294 | ---- | C] () -- C:\Windows\wininit.ini
[2014/10/05 13:28:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/10/05 13:28:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/10/05 13:28:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/10/05 13:28:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/10/05 13:28:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/19 18:18:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/06 09:04:01 | 000,116,300 | ---- | C] () -- C:\Windows\hpoins33.dat
[2013/12/06 09:04:01 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2013/11/27 10:15:55 | 000,751,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/26 14:33:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013/11/26 14:33:38 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013/11/26 14:33:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/11/26 13:24:41 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/12/10 16:47:11 | 000,000,000 | ---D | M] -- C:\Users\Don't Blink\AppData\Roaming\Template
[2013/12/25 14:34:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Template
[2013/11/28 23:20:42 | 000,000,000 | ---D | M] -- C:\Users\Melodee\AppData\Roaming\Template
[2013/12/02 17:06:47 | 000,000,000 | ---D | M] -- C:\Users\Melodee\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >


  • 0

Advertisements

#2
zep516
Posted 29 November 2014 - 06:14 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

We need to do a fix using OTL
  • Double click on the OTLicon.jpg to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
[CREATERESTOREPOINT]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14326;https=127.0.0.1:14326
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:51682;https=127.0.0.1:51682
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:373E1720

:reg

:Files
ipconfig /flushdns /c

:Commands
[emptytemp]
[resethosts]
  • Make sure all other windows are closed.
  • Click the Run Fix button at the top
  • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
  • Post the log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and click the Quick Scan button.
In your next reply post:
  • The OTL Fix log, that log will pop up after you run the fix and the computer reboots.
  • Fresh OTL. after quick scan.

  • 0

#3
Mrs_Roboto
Posted 29 November 2014 - 06:39 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Thank you for your help.  Here are the requested logs.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-227322287-1983885510-2833786511-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-227322287-1983885510-2833786511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-227322287-1983885510-2833786511-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon\ deleted successfully.
ADS C:\ProgramData\TEMP:373E1720 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Super Dooper User\Desktop\cmd.bat deleted successfully.
C:\Users\Super Dooper User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Don't Blink
->Temp folder emptied: 35703 bytes
->Temporary Internet Files folder emptied: 7745371 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
User: Matt
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65978 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 23869944 bytes
->Flash cache emptied: 506 bytes
 
User: Melodee
->Temp folder emptied: 41850 bytes
->Temporary Internet Files folder emptied: 6292638 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 595 bytes
 
User: Molly-Geneva
->Temp folder emptied: 35444 bytes
->Temporary Internet Files folder emptied: 11048370 bytes
->Flash cache emptied: 506 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Super Dooper User
->Temp folder emptied: 3560906 bytes
->Temporary Internet Files folder emptied: 27796167 bytes
->Google Chrome cache emptied: 38924540 bytes
->Flash cache emptied: 602 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 37004228 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18361760 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 167.00 mb
 
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 11302014_171706

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

 

 

OTL logfile created on: 11/30/2014 5:29:02 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Super Dooper User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.99 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.12% Memory free
8.15 Gb Paging File | 6.21 Gb Available in Paging File | 76.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.73 Gb Total Space | 243.41 Gb Free Space | 52.26% Space Free | Partition Type: NTFS
Drive D: | 362.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: MATT-PC | User Name: Super Dooper User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/11/30 16:32:45 | 000,855,216 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe
PRC - [2014/11/30 16:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
PRC - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/04/01 11:14:30 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/04/01 11:14:30 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/08/22 14:14:34 | 000,368,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2014/08/22 14:14:34 | 000,023,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/11/30 16:32:47 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/09/12 02:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/05/07 16:42:15 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/30 12:25:56 | 000,566,696 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/10/23 07:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/07/17 17:05:06 | 000,125,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/03/18 15:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010/05/20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/02/11 19:48:28 | 007,709,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 19:46:53 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (VST64_DPV)
DRV:64bit: - [2008/01/20 19:46:53 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008/01/20 19:46:53 | 000,392,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VSTBS26.SYS -- (VST64HWBS2)
DRV:64bit: - [2008/01/14 16:56:22 | 000,313,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express)
DRV:64bit: - [2007/12/20 16:33:08 | 000,033,888 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\iqvw64e.sys -- (NAL)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F0 94 69 23 F1 0C D0 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013/12/06 09:10:49 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Drive = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014/11/30 17:18:17 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D72001A-DD00-4A94-2803-9606A25D8F00} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WPCUMI] C:\Windows\SysNative\WpcUmi.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E2A801E-9280-4474-9B30-3028987B647E}: DhcpNameServer = 192.168.0.1 205.171.3.25
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/09 17:57:07 | 000,000,374 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/11/30 17:17:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/11/30 16:15:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
[2014/11/30 16:07:32 | 000,000,000 | ---D | C] -- C:\FRST
[2014/11/30 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Macromedia
[2014/11/30 15:59:39 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Adobe
[2014/11/23 21:44:02 | 000,000,000 | ---D | C] -- C:\Windows\en
[2014/11/23 21:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2014/11/23 21:40:01 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2014/11/23 21:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2014/11/23 21:39:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2014/11/23 21:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2014/11/23 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2014/11/23 21:27:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Windows Live
[2014/11/23 21:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2014/11/23 21:14:31 | 000,000,000 | ---D | C] -- C:\temp
[2014/11/23 19:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2014/11/23 19:26:45 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2014/11/23 19:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014/11/23 19:14:31 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Apple Computer
[2014/11/23 19:14:22 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Google
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Searches
[2014/11/23 19:14:21 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/11/23 19:14:09 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Identities
[2014/11/23 19:14:07 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Contacts
[2014/11/23 19:14:06 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\VirtualStore
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\Temporary Internet Files
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Templates
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Start Menu
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\SendTo
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Recent
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\PrintHood
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\NetHood
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Videos
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Pictures
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Documents\My Music
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\My Documents
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Local Settings
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\History
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Cookies
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\Application Data
[2014/11/23 19:13:58 | 000,000,000 | -HSD | C] -- C:\Users\Super Dooper User\AppData\Local\Application Data
[2014/11/23 19:13:56 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/11/23 19:13:56 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\temp
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Local\Microsoft
[2014/11/23 19:13:56 | 000,000,000 | ---D | C] -- C:\Users\Super Dooper User\AppData\Roaming\Media Center Programs
[2014/11/23 19:13:55 | 000,000,000 | --SD | C] -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Videos
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Saved Games
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Pictures
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Music
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Links
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Favorites
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Downloads
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Documents
[2014/11/23 19:13:55 | 000,000,000 | R--D | C] -- C:\Users\Super Dooper User\Desktop
[2014/11/23 19:13:55 | 000,000,000 | -H-D | C] -- C:\Users\Super Dooper User\AppData
[2014/11/23 12:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/11/23 12:10:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2014/11/23 11:24:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/11/23 11:24:45 | 000,000,000 | ---D | C] -- C:\Windows\temp
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/11/30 17:29:12 | 000,758,370 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/30 17:29:12 | 000,641,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/30 17:29:12 | 000,119,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/30 17:22:46 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/11/30 17:21:15 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/30 17:21:15 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/30 17:21:10 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/11/30 17:21:10 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/11/30 17:21:10 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/11/30 17:21:01 | 000,282,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/11/30 17:20:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/30 17:18:17 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS
[2014/11/30 17:02:43 | 000,000,004 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
[2014/11/30 16:15:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Super Dooper User\Desktop\OTL.exe
[2014/11/30 15:58:15 | 000,000,973 | ---- | M] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/23 20:39:21 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/11/23 19:39:05 | 000,002,049 | ---- | M] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/23 19:39:05 | 000,002,025 | ---- | M] () -- C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
[2014/11/23 19:26:53 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/11/23 19:15:09 | 000,000,680 | ---- | M] () -- C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
[2014/11/23 19:13:59 | 000,000,632 | RHS- | M] () -- C:\Users\Super Dooper User\ntuser.pol
[2014/11/23 15:33:31 | 000,116,300 | ---- | M] () -- C:\Windows\hpoins33.dat
[2014/11/23 15:16:00 | 000,116,270 | ---- | M] () -- C:\Windows\hpoins33.dat.temp
[2014/11/23 11:27:30 | 000,449,919 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\HOSTS.MVP
[2014/11/20 17:10:26 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/11/30 15:58:15 | 000,000,973 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/11/23 21:42:38 | 000,001,212 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2014/11/23 21:42:19 | 000,001,281 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2014/11/23 21:41:50 | 000,001,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2014/11/23 21:41:21 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2014/11/23 19:39:31 | 000,000,004 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
[2014/11/23 19:27:09 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2014/11/23 19:27:08 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2014/11/23 19:27:06 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2014/11/23 19:26:53 | 000,001,230 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2014/11/23 19:26:53 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2014/11/23 19:15:09 | 000,000,680 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
[2014/11/23 19:14:27 | 000,000,949 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2014/11/23 19:14:22 | 000,002,049 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/11/23 19:14:22 | 000,002,025 | ---- | C] () -- C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
[2014/11/23 19:14:22 | 000,000,979 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/11/23 19:14:20 | 000,000,974 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2014/11/23 19:14:07 | 000,000,915 | ---- | C] () -- C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2014/11/23 19:13:59 | 000,000,632 | RHS- | C] () -- C:\Users\Super Dooper User\ntuser.pol
[2014/11/23 19:13:56 | 000,000,258 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/11/23 19:13:56 | 000,000,240 | ---- | C] () -- C:\Users\Super Dooper User\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/11/23 15:15:58 | 000,116,270 | ---- | C] () -- C:\Windows\hpoins33.dat.temp
[2014/11/23 15:15:58 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat.temp
[2014/11/23 12:09:57 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/10/05 14:56:23 | 000,006,294 | ---- | C] () -- C:\Windows\wininit.ini
[2014/10/05 13:28:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014/10/05 13:28:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014/10/05 13:28:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014/10/05 13:28:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014/10/05 13:28:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014/05/19 18:18:53 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013/12/06 09:04:01 | 000,116,300 | ---- | C] () -- C:\Windows\hpoins33.dat
[2013/12/06 09:04:01 | 000,001,008 | ---- | C] () -- C:\Windows\hpomdl33.dat
[2013/11/27 10:15:55 | 000,751,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/26 14:33:57 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2013/11/26 14:33:38 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2013/11/26 14:33:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2013/11/26 13:24:41 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/25 09:30:37 | 012,900,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 00:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >

 

 

 

 


  • 0

#4
zep516
Posted 29 November 2014 - 06:47 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

3 Scans to run, 3 logs to post. Thank your and take you time.....

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
  • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner
  • Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.

    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next

    Please download Malwarebytes Anti-Malware to your desktop
    Install the progamme and select update
    Once it has updated select Settings > Detection and Protection
    Tick Scan for rootkits

    MBAMsettings.JPG

    Go back to the Dashboard and select Scan Now

    MBAMScan.JPG

    If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

    MBAMReboot.JPG

    MBAMLog.JPG

    On completion of the scan (or after the reboot) select View Detailed Log
    Select Export > Select text file and save to the desktop
    Attach/Post that log


    In your next reply post:
    • The adwCleaner log after you run the Clean option.
    • The JRT.txt log.
    • The Malwarebytes log

  • 0

#5
Mrs_Roboto
Posted 29 November 2014 - 07:31 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here you go.  I was not prompted for a reboot after I ran MBAM.  So, I rebooted the pc anyway.

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 17:53:45
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Super Dooper User - MATT-PC
# Running from : C:\Users\Super Dooper User\Desktop\adwcleaner_4.102.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found : C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
File Found : C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Folder Found : C:\ProgramData\a49571738b6727b4
Folder Found : C:\Users\Matt\AppData\Local\CrashRpt

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Found : HKLM\SOFTWARE\YTDownloader
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Found : [x64] HKLM\SOFTWARE\YTDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Google Chrome v35.0.1916.114

[C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [45970 octets] - [05/10/2014 16:34:24]
AdwCleaner[R1].txt - [4623 octets] - [23/11/2014 11:49:04]
AdwCleaner[R2].txt - [2262 octets] - [30/11/2014 17:53:45]
AdwCleaner[S0].txt - [40255 octets] - [05/10/2014 16:35:36]
AdwCleaner[S1].txt - [4315 octets] - [23/11/2014 12:01:23]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [2443 octets] ##########

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows ™ Vista Home Premium x64
Ran by Super Dooper User on Sun 11/30/2014 at 17:57:22.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D72001A-DD00-4A94-2803-9606A25D8F00}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D72001A-DD00-4A94-2803-9606A25D8F00}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D72001A-DD00-4A94-2803-9606A25D8F00}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{9D72001A-DD00-4A94-2803-9606A25D8F00}

 

~~~ Files

Successfully deleted: [File] "C:\Users\Super Dooper User\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Super Dooper User\appdata\local\google\chrome\user data\default\local storage\https_static.livelyrics00.live-lyrics.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/30/2014 at 18:00:40.62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/30/2014
Scan Time: 6:04:11 PM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.29.09
Rootkit Database: v2014.11.29.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Super Dooper User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 501766
Time Elapsed: 20 min, 24 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 2
PUP.Optional.ReMarkable.A, C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage, Quarantined, [a9e2a9987dff3bfb502014a7b84c728e],
PUP.Optional.ReMarkable.A, C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal, Quarantined, [7b1072cf3b4145f1610feccf7c887987],

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#6
zep516
Posted 29 November 2014 - 07:36 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,

In the adwcleaner scan it says,

# AdwCleaner v4.102 - Report created 30/11/2014 at 17:53:45
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Super Dooper User - MATT-PC
# Running from : C:\Users\Super Dooper User\Desktop\adwcleaner_4.102.exe
# Option : Scan



Lets run the "Clean" option and get rid of what it found, post the log after running the clean option so we can see deletions.
  • 0

#7
Mrs_Roboto
Posted 29 November 2014 - 07:47 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

here is the log.  Thank you.

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 18:42:44
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Super Dooper User - MATT-PC
# Running from : C:\Users\Super Dooper User\Desktop\adwcleaner_4.102.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\a49571738b6727b4
[!] Folder Deleted : C:\Users\Matt\AppData\Local\CrashRpt
File Deleted : C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\iedll.dll
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA760BA8-5862-4BC5-9263-4452CBC0B264}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93D511B5-143B-4A99-ABFC-B5B78AD0AE1B}
Key Deleted : HKLM\SOFTWARE\YTDownloader
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16592

-\\ Google Chrome v35.0.1916.114

[C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://rts.dsrlte.com/?affID=na&q={searchTerms}
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [45970 octets] - [05/10/2014 16:34:24]
AdwCleaner[R1].txt - [4623 octets] - [23/11/2014 11:49:04]
AdwCleaner[R2].txt - [2531 octets] - [30/11/2014 17:53:45]
AdwCleaner[R3].txt - [2267 octets] - [30/11/2014 18:39:18]
AdwCleaner[S0].txt - [40255 octets] - [05/10/2014 16:35:36]
AdwCleaner[S1].txt - [4315 octets] - [23/11/2014 12:01:23]
AdwCleaner[S2].txt - [2126 octets] - [30/11/2014 18:42:44]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [2186 octets] ##########


  • 0

#8
zep516
Posted 29 November 2014 - 07:51 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Very good ! I like deleted :)

Lets take a different look at the computer. Most important this scan Farber recovery scan tool or (FRST) must be downloaded to the desktop. Post both logs. I'll review them and get back to you with any necessary fixes.. Instructions to follow:

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#9
Mrs_Roboto
Posted 29 November 2014 - 07:58 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here you go. 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Super Dooper User (administrator) on MATT-PC on 30-11-2014 18:54:35
Running from C:\Users\Super Dooper User\Desktop
Loaded Profile: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-227322287-1983885510-2833786511-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51682;https=127.0.0.1:51682
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0946923F10CD001
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-227322287-1983885510-2833786511-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-12-06]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (Google Drive) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (YouTube) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Google Search) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Gmail) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 18:54 - 2014-11-30 18:54 - 00015502 _____ () C:\Users\Super Dooper User\Desktop\FRST.txt
2014-11-30 18:54 - 2014-11-30 18:53 - 02117632 _____ (Farbar) C:\Users\Super Dooper User\Desktop\FRST64.exe
2014-11-30 18:53 - 2014-11-30 18:53 - 02117632 _____ (Farbar) C:\Users\Super Dooper User\Downloads\FRST64.exe
2014-11-30 18:37 - 2014-11-30 18:37 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Apple
2014-11-30 18:00 - 2014-11-30 18:00 - 00001663 _____ () C:\Users\Super Dooper User\Desktop\JRT.txt
2014-11-30 17:57 - 2014-11-30 17:57 - 00000000 ____D () C:\Windows\ERUNT
2014-11-30 17:51 - 2014-11-30 17:50 - 01707646 _____ (Thisisu) C:\Users\Super Dooper User\Desktop\JRT.exe
2014-11-30 17:50 - 2014-11-30 17:50 - 01707646 _____ (Thisisu) C:\Users\Super Dooper User\Downloads\JRT.exe
2014-11-30 17:50 - 2014-11-30 17:49 - 02148864 _____ () C:\Users\Super Dooper User\Desktop\adwcleaner_4.102.exe
2014-11-30 17:49 - 2014-11-30 17:49 - 02148864 _____ () C:\Users\Super Dooper User\Downloads\adwcleaner_4.102.exe
2014-11-30 17:20 - 2014-11-30 18:43 - 00001104 _____ () C:\Windows\PFRO.log
2014-11-30 17:17 - 2014-11-30 17:17 - 00000000 ____D () C:\_OTL
2014-11-30 16:28 - 2014-11-30 16:28 - 00049232 _____ () C:\Users\Super Dooper User\Desktop\Extras.Txt
2014-11-30 16:26 - 2014-11-30 17:36 - 00071954 _____ () C:\Users\Super Dooper User\Desktop\OTL.Txt
2014-11-30 16:15 - 2014-11-30 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Super Dooper User\Desktop\OTL.exe
2014-11-30 16:07 - 2014-11-30 18:54 - 00000000 ____D () C:\FRST
2014-11-30 15:59 - 2014-11-30 15:59 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Macromedia
2014-11-30 15:59 - 2014-11-30 15:59 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Adobe
2014-11-23 21:44 - 2014-11-23 21:44 - 00000000 ____D () C:\Windows\en
2014-11-23 21:42 - 2014-11-23 21:42 - 00001281 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-11-23 21:42 - 2014-11-23 21:42 - 00001212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-11-23 21:42 - 2014-11-23 21:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-23 21:41 - 2014-11-23 21:41 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-23 21:41 - 2014-11-23 21:41 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-23 21:40 - 2014-11-23 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-23 21:40 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-11-23 21:39 - 2014-11-23 21:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-23 21:39 - 2014-11-23 21:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-23 21:39 - 2014-11-23 21:39 - 00000000 ____D () C:\Program Files\Windows Live
2014-11-23 21:38 - 2014-11-23 21:38 - 00000363 _____ () C:\Windows\DirectX.log
2014-11-23 21:27 - 2014-11-30 18:02 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Windows Live
2014-11-23 21:27 - 2009-08-04 01:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-11-23 21:27 - 2009-08-04 01:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-11-23 21:21 - 2014-11-23 21:21 - 00136016 _____ () C:\Users\Super Dooper User\Downloads\hosts (1).zip
2014-11-23 21:14 - 2014-11-30 18:25 - 00000000 ____D () C:\temp
2014-11-23 21:12 - 2014-11-23 21:12 - 00136016 _____ () C:\Users\Super Dooper User\Downloads\hosts.zip
2014-11-23 19:39 - 2014-11-30 17:02 - 00000004 _____ () C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
2014-11-23 19:27 - 2014-11-30 18:45 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-30 17:21 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-30 17:21 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-23 19:27 - 00003816 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-11-23 19:27 - 2014-11-23 19:27 - 00003462 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-11-23 19:27 - 2014-11-23 19:27 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-11-23 19:26 - 2014-11-23 19:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-23 19:26 - 2014-11-23 19:26 - 00001230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-23 19:26 - 2014-11-23 19:26 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-23 19:26 - 2014-11-23 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-23 19:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-23 19:21 - 2014-11-23 19:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.4.exe
2014-11-23 19:15 - 2014-11-23 19:15 - 00000680 _____ () C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
2014-11-23 19:14 - 2014-11-30 16:15 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Google
2014-11-23 19:14 - 2014-11-30 16:06 - 00067168 _____ () C:\Users\Super Dooper User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 19:14 - 2014-11-23 19:39 - 00002025 _____ () C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
2014-11-23 19:14 - 2014-11-23 19:15 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\VirtualStore
2014-11-23 19:14 - 2014-11-23 19:14 - 00000979 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000974 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000949 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000915 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Apple Computer
2014-11-23 19:13 - 2014-11-23 19:13 - 00000632 __RSH () C:\Users\Super Dooper User\ntuser.pol
2014-11-23 19:13 - 2014-11-23 19:13 - 00000020 ___SH () C:\Users\Super Dooper User\ntuser.ini
2014-11-23 19:13 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 19:13 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 15:15 - 2014-11-23 15:16 - 00116270 ____N () C:\Windows\hpoins33.dat.temp
2014-11-23 15:15 - 2008-12-11 05:27 - 00001008 ____N () C:\Windows\hpomdl33.dat.temp
2014-11-23 15:09 - 2014-11-23 15:09 - 00000795 _____ () C:\Windows\setupact.log
2014-11-23 15:09 - 2014-11-23 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 12:27 - 2014-11-23 12:27 - 00043232 _____ () C:\Users\Melodee\Documents\cc_20141123_122737.reg
2014-11-23 12:11 - 2014-11-23 12:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 12:10 - 2014-11-23 12:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 12:09 - 2014-11-30 18:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 12:09 - 2014-11-30 17:33 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-23 11:24 - 2014-11-23 11:24 - 00014128 _____ () C:\ComboFix.txt
2014-11-19 03:03 - 2014-10-23 18:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 03:03 - 2014-10-23 17:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-15 03:07 - 2014-10-12 16:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 03:07 - 2014-09-18 17:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 03:07 - 2014-09-18 17:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 03:05 - 2014-08-11 19:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-15 03:05 - 2014-08-11 19:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 03:04 - 2014-10-17 18:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-15 03:04 - 2014-10-17 17:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-15 03:04 - 2014-10-09 18:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 03:04 - 2014-10-09 18:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 03:04 - 2014-10-09 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 03:04 - 2014-10-09 18:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-15 03:04 - 2014-10-09 18:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 03:04 - 2014-10-09 16:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 03:04 - 2014-10-09 16:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 03:04 - 2014-10-02 18:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 03:04 - 2014-10-02 18:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 03:04 - 2014-10-02 18:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 03:04 - 2014-10-02 18:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 03:04 - 2014-10-02 18:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 03:04 - 2014-10-02 18:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 03:04 - 2014-10-02 18:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 03:04 - 2014-10-02 16:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-15 03:00 - 2014-10-23 18:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-15 03:00 - 2014-10-23 17:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 03:00 - 2014-08-26 17:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 03:00 - 2014-08-26 17:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-15 03:00 - 2014-08-26 17:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 03:00 - 2014-08-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 14:47 - 2014-11-14 14:47 - 00000000 ____D () C:\Users\Matt\Desktop\Melodee
2014-11-14 14:44 - 2014-10-27 13:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-14 14:44 - 2014-10-27 13:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-14 14:44 - 2014-10-27 13:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-14 14:44 - 2014-10-27 13:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-14 14:44 - 2014-10-27 13:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-14 14:44 - 2014-10-27 13:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-14 14:44 - 2014-10-27 13:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-14 14:44 - 2014-10-27 13:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-14 14:44 - 2014-10-27 13:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-14 14:44 - 2014-10-27 13:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-14 14:44 - 2014-10-27 13:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-14 14:44 - 2014-10-27 12:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-14 14:44 - 2014-10-27 12:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-14 14:44 - 2014-10-27 12:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-14 14:44 - 2014-10-27 11:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-14 14:44 - 2014-10-27 11:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-14 14:44 - 2014-10-27 11:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-14 14:44 - 2014-10-27 11:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-14 14:44 - 2014-10-27 11:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-14 14:44 - 2014-10-27 11:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-14 14:44 - 2014-10-27 11:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-14 14:44 - 2014-10-27 11:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-14 14:44 - 2014-10-27 11:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 18:51 - 2006-11-02 05:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 18:48 - 2008-01-20 18:53 - 01101825 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 18:43 - 2006-11-02 08:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 18:43 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 18:43 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 18:43 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 18:42 - 2014-10-05 16:34 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:04 - 2014-10-04 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 17:36 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache
2014-11-30 17:33 - 2013-11-27 10:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-30 17:33 - 2013-11-27 10:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-30 17:21 - 2006-11-02 08:21 - 00282032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 21:39 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-23 20:37 - 2014-10-05 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-23 19:26 - 2014-10-05 14:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-23 19:17 - 2013-12-10 08:13 - 00000632 __RSH () C:\Users\Matt\ntuser.pol
2014-11-23 19:17 - 2013-11-26 11:54 - 00000000 ____D () C:\Users\Matt
2014-11-23 15:33 - 2013-12-06 09:04 - 00116300 _____ () C:\Windows\hpoins33.dat
2014-11-23 15:33 - 2013-12-06 09:04 - 00001584 _____ () C:\ProgramData\hpzinstall.log
2014-11-23 12:11 - 2013-11-27 10:43 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-23 11:27 - 2006-11-02 05:34 - 00449919 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP
2014-11-23 11:24 - 2014-10-05 13:28 - 00000000 ____D () C:\Qoobox
2014-11-23 11:22 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-23 11:12 - 2014-10-04 17:44 - 00000000 ____D () C:\Smitfraud
2014-11-23 11:00 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\Web
2014-11-20 17:10 - 2014-10-04 17:48 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 17:10 - 2014-10-04 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 17:10 - 2014-10-04 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 03:03 - 2013-11-26 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 03:01 - 2006-11-02 05:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-14 14:48 - 2013-12-25 14:34 - 00000988 _____ () C:\Users\Matt\AppData\Roaming\wklnhst.dat

Some content of TEMP:
====================
C:\Users\Super Dooper User\AppData\Local\temp\Quarantine.exe
C:\Users\Super Dooper User\AppData\Local\temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-30 18:51

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by Super Dooper User at 2014-11-30 18:55:07
Running from C:\Users\Super Dooper User\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 3.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{449CE12D-E2C7-4B97-B19E-55D163EA9435}) (Version: 7.0.619.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
C5500 (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destination Component (x32 Version: 110.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
French Spelling Settings (HKLM-x32\...\FrRefEng) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 12.0 (HKLM\...\HPExtendedCapabilities) (Version: 12.0 - HP)
HP Imaging Device Functions 12.0 (HKLM\...\HP Imaging Device Functions) (Version: 12.0 - HP)
HP Photosmart C5500 All-In-One Driver Software 12.0 Rel .4 (HKLM\...\{B8000353-9E60-4e84-BF3E-CD9996EF80EE}) (Version: 12.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing (HKLM\...\HP Smart Web Printing) (Version: 4.05 - HP)
HP Solution Center 12.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 12.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 120.0.150.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® Network Connections 12.4.38.0 (HKLM\...\PROSetDX) (Version: 12.4.38.0 - Intel)
iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 120.0.226.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{6965A8D2-465D-4F98-9FAA-0E9E2348F329}) (Version: 3.22.270.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM-x32\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PS_AIO_04_C5500_Software_Min (x32 Version: 120.0.234.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Scan (x32 Version: 12.0.0.0 - Hewlett-Packard) Hidden
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 12 - HP)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Status (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
WebReg (x32 Version: 120.0.194.000 - Hewlett-Packard) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

05-10-2014 10:44:04 Windows Update
05-10-2014 23:42:13 Removed Driver Restore.
05-10-2014 23:45:12 Removed FastClean PRO
08-10-2014 23:45:28 Scheduled Checkpoint
12-10-2014 06:13:39 Windows Update
12-10-2014 09:00:13 Windows Update
13-10-2014 06:00:01 Scheduled Checkpoint
15-10-2014 10:09:59 Windows Update
21-10-2014 04:33:09 Windows Update
22-10-2014 10:00:38 Scheduled Checkpoint
23-10-2014 08:58:59 Scheduled Checkpoint
24-10-2014 07:59:55 Scheduled Checkpoint
24-10-2014 11:43:36 Windows Update
25-10-2014 09:03:17 Scheduled Checkpoint
26-10-2014 21:59:25 Scheduled Checkpoint
27-10-2014 12:13:03 Scheduled Checkpoint
27-10-2014 23:09:40 Windows Update
29-10-2014 05:23:51 Scheduled Checkpoint
04-11-2014 05:02:05 Windows Update
05-11-2014 20:58:17 Scheduled Checkpoint
07-11-2014 01:23:07 Scheduled Checkpoint
08-11-2014 22:41:45 Windows Update
09-11-2014 22:28:27 Scheduled Checkpoint
14-11-2014 21:46:54 Windows Update
15-11-2014 10:00:13 Windows Update
19-11-2014 10:00:10 Windows Update
23-11-2014 17:07:26 Windows Update
23-11-2014 22:19:55 Device Driver Package Install: Hewlett-Packard Printers
24-11-2014 04:23:04 Windows Update
30-11-2014 23:10:32 Windows Update
01-12-2014 00:17:18 OTL Restore Point - 11/30/2014 5:17:18 PM

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 05:34 - 2014-11-30 17:18 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BAFF6EF-1DDC-4CCA-BFFE-5C043DAAE729} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {51691287-5676-4C7D-AD4C-195107D43DD4} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {59A9ABDA-924B-4F4B-A00A-497EB915C595} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {5D22EB19-286D-44E4-8123-169DBC46C1C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-30] (Adobe Systems Incorporated)
Task: {7E11E062-945B-4242-B967-9273565EEAA8} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {CF3C90FE-519E-4CE4-906C-82CFA903F4EB} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D6D637C7-3F8C-47FC-B46F-58D7D44AB595} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

==================== Loaded Modules (whitelisted) =============

2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-23 19:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-23 19:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-23 19:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-23 19:26 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-23 19:26 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-227322287-1983885510-2833786511-500 - Administrator - Disabled)
Don't Blink (S-1-5-21-227322287-1983885510-2833786511-1002 - Limited - Enabled) => C:\Users\Don't Blink
Guest (S-1-5-21-227322287-1983885510-2833786511-501 - Limited - Disabled)
Matt (S-1-5-21-227322287-1983885510-2833786511-1000 - Limited - Enabled) => C:\Users\Matt
Melodee (S-1-5-21-227322287-1983885510-2833786511-1001 - Limited - Enabled) => C:\Users\Melodee
Molly-Geneva (S-1-5-21-227322287-1983885510-2833786511-1003 - Limited - Enabled) => C:\Users\Molly-Geneva
Super Dooper User (S-1-5-21-227322287-1983885510-2833786511-1004 - Administrator - Enabled) => C:\Users\Super Dooper User

==================== Faulty Device Manager Devices =============

Name: Microsoft Tun Miniport Adapter #2
Description: Microsoft Tun Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunmp
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 06:44:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (11/30/2014 06:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 06:28:11 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.

Error: (11/30/2014 06:27:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (11/30/2014 06:44:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Beep

Error: (11/30/2014 06:42:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Software Licensing11200001Restart the service

Error: (11/30/2014 06:42:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Search1300001Restart the service

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: iPod Service1

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Security Center Service1600001Restart the service

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Windows Live ID Sign-in Assistant1100001Restart the service

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: SeaPort1

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Updating Service1600001Restart the service

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Spybot-S&D 2 Scanner Service1600001Restart the service

Error: (11/30/2014 06:42:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: MSCamSvc1

Microsoft Office Sessions:
=========================
Error: (11/30/2014 06:44:49 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (11/30/2014 06:44:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/30/2014 06:28:11 PM) (Source: MsiInstaller) (EventID: 1013) (User: NT AUTHORITY)
Description: Product: Skype Click to Call -- Installation cannot proceed on this operating system.(NULL)(NULL)(NULL)(NULL)

Error: (11/30/2014 06:27:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

CodeIntegrity Errors:
===================================
  Date: 2014-11-30 18:10:27.141
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:27.032
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:26.907
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:26.783
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:26.393
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:26.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:26.174
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:10:25.987
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:04:43.964
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-30 18:04:43.840
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E5200 @ 2.50GHz
Percentage of memory in use: 44%
Total physical RAM: 4084.27 MB
Available physical RAM: 2274.06 MB
Total Pagefile: 8393.83 MB
Available Pagefile: 6451.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.73 GB) (Free:242.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (LifeCam_30) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 19F5C167)
Partition 1: (Not Active) - (Size=31 MB) - (Type=DE)
Partition 2: (Active) - (Size=465.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


  • 0

#10
zep516
Posted 29 November 2014 - 08:13 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Hello,


C:\ComboFix.txt <------ Can you navigate to that folder and post the combofix.txt log.

Then
Lets reset chrome,
Please follow these instructions here to reset chrome.

Next

Please download MiniToolBox http://download.blee...MiniToolBox.exe and run it.

Checkmark following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings

    Click Go and post the result.

    Next
    A few items to fix

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Copy/Paste the contents of the code box below into Notepad.

    start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-227322287-1983885510-2833786511-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51682;https=127.0.0.1:51682
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-227322287-1983885510-2833786511-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Super Dooper User\AppData\Local\temp\Quarantine.exe
C:\Users\Super Dooper User\AppData\Local\temp\sqlite3.dll

Emptytemp:
reboot:
end

  • Click Format and ensure Wordwrap is unchecked.
    Save as Fixlist.txt to your Desktop (Must be in this location)
    Run FRST/FRST64 and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

    Your next reply should include:

  • Minitoolbox results.
  • Combofix.txt
  • fixlog.txt
  • Fresh FRST log report, just run FRST again and post a new log report.
    Thanks
    Joe :)



  • 0

Advertisements

#11
Mrs_Roboto
Posted 29 November 2014 - 08:47 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Here you go.  Thank you.

 

 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by Super Dooper User (administrator) on 30-11-2014 at 19:35:30
Running from "C:\Users\Super Dooper User\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

**** End of log ****

 

 

 

 

ComboFix 14-11-24.02 - Matt 11/23/2014  11:16:45.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4084.2721 [GMT -7:00]
Running from: c:\smitfraud\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-23 to 2014-11-23  )))))))))))))))))))))))))))))))
.
.
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Molly-Geneva\AppData\Local\temp
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Melodee\AppData\Local\temp
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Matt\AppData\Local\temp
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Don't Blink\AppData\Local\temp
2014-11-23 18:22 . 2014-11-23 18:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-23 17:11 . 2014-09-16 22:37 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{72A12E08-AB88-42CC-8D50-651B83508D17}\gapaengine.dll
2014-11-23 17:08 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A2DA006B-CFB7-4A56-AF93-9FBCA783167C}\mpengine.dll
2014-11-20 16:42 . 2014-11-02 04:20 11632448 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-11-19 10:03 . 2014-10-24 01:03 499200 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-19 10:03 . 2014-10-24 00:39 656384 ----a-w- c:\windows\system32\kerberos.dll
2014-11-15 10:07 . 2014-10-12 23:52 2782208 ----a-w- c:\windows\system32\win32k.sys
2014-11-15 10:07 . 2014-09-19 00:50 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2014-11-15 10:07 . 2014-09-19 00:45 347136 ----a-w- c:\windows\system32\schannel.dll
2014-11-15 10:05 . 2014-08-12 02:25 729600 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2014-11-15 10:05 . 2014-08-12 02:11 923136 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-15 10:00 . 2014-10-24 01:04 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-11-15 10:00 . 2014-10-24 00:39 77312 ----a-w- c:\windows\system32\packager.dll
2014-11-15 10:00 . 2014-08-27 00:55 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-11-15 10:00 . 2014-08-27 00:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-15 10:00 . 2014-08-27 00:41 1869824 ----a-w- c:\windows\system32\msxml3.dll
2014-11-15 10:00 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-23 17:31 . 2014-10-05 00:48 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-15 10:01 . 2006-11-02 12:35 103374192 ----a-w- c:\windows\system32\mrt.exe
2014-10-30 11:25 . 2013-11-26 19:28 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-08 21:35 . 2014-10-08 21:35 4 ----a-w- c:\users\Matt\AppData\Roaming\appdataFr2.bin
2014-10-05 20:21 . 2014-07-11 21:14 21976 ----a-w- c:\windows\system32\drivers\SPPD.sys
2014-10-01 18:11 . 2014-10-05 00:48 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-10-05 00:48 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 18:11 . 2014-10-05 00:48 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-24 20:38 . 2013-11-27 17:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 20:38 . 2013-11-27 17:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-16 22:37 . 2013-11-28 15:33 1188440 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-09-09 06:40 . 2014-09-25 09:01 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 06:24 . 2014-09-25 09:01 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-04 23:38 . 2014-10-12 09:04 198656 ----a-w- c:\windows\system32\drivers\fastfat.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-15 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ    hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-01 19:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 182784]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://www.google.com/?gws_rd=ssl
mStart Page = hxxp://www.google.com
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
mSearch Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:14326;https=127.0.0.1:14326
TCP: DhcpNameServer = 8.8.8.8 8.8.4.4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{9D72001A-DD00-4A94-2803-9606A25D8F00} - c:\programdata\LuckyyShopper\xxhledD6.dll
BHO-{F689EE79-AB4D-2F88-9113-4D8A5A355D7D} - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKCU-Run-BlockNSurf - c:\program files (x86)\BlockAndSurf-soft\BlockNSurf.exe
Wow6432Node-HKCU-Run-YTDownloader - c:\program files (x86)\YTDownloader\YTDownloader.exe
BHO-{9D72001A-DD00-4A94-2803-9606A25D8F00} - c:\programdata\LuckyyShopper\xxhledD6.x64.dll
AddRemove-{1B9604EE-B104-45C8-8551-5F63BA631E23} - c:\programdata\{EC8EAC95-AB39-4699-974D-A45DFE7C2764}\WeatherBugSetup.exe
AddRemove-DesktopWeatherAlerts - c:\users\Matt\AppData\Local\WeatherAlerts\DesktopWeatherAlertsuninstall.exe
AddRemove-Linkey - c:\program files (x86)\Linkey\uninstall.exe
AddRemove-Yahoo! Search - c:\users\Matt\AppData\Local\Pay-By-Ads\Yahoo! Search\1.3.8.2\dsrlte.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-11-23  11:24:43
ComboFix-quarantined-files.txt  2014-11-23 18:24
ComboFix2.txt  2014-10-05 21:07
.
Pre-Run: 262,161,162,240 bytes free
Post-Run: 262,127,251,456 bytes free
.
- - End Of File - - 399AEA875161439BC06B3541856EDF21
5C616939100B85E558DA92B899A0FC36

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Super Dooper User at 2014-11-30 19:37:11 Run:1
Running from C:\Users\Super Dooper User\Desktop
Loaded Profile: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-227322287-1983885510-2833786511-1003\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51682;https=127.0.0.1:51682
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-227322287-1983885510-2833786511-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR dev: Chrome dev build detected! <======= ATTENTION
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
C:\Users\Super Dooper User\AppData\Local\temp\Quarantine.exe
C:\Users\Super Dooper User\AppData\Local\temp\sqlite3.dll

Emptytemp:
reboot:
end
*****************

Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-227322287-1983885510-2833786511-1003\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
CHR dev: Chrome dev build detected! <======= ATTENTION => Error: No automatic fix found for this entry.
catchme => Service deleted successfully.
IpInIp => Service deleted successfully.
NwlnkFlt => Service deleted successfully.
NwlnkFwd => Service deleted successfully.
C:\Users\Super Dooper User\AppData\Local\temp\Quarantine.exe => Moved successfully.
C:\Users\Super Dooper User\AppData\Local\temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 69 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Super Dooper User (administrator) on MATT-PC on 30-11-2014 19:47:01
Running from C:\Users\Super Dooper User\Desktop
Loaded Profile: Super Dooper User (Available profiles: Matt & Melodee & Don't Blink & Molly-Geneva & Super Dooper User)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\wpcumi.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
(Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [WPCUMI] => C:\Windows\system32\WpcUmi.exe [182784 2006-11-02] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF0946923F10CD001
HKU\S-1-5-21-227322287-1983885510-2833786511-1004\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-227322287-1983885510-2833786511-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Users\Melodee\Desktop\Picasa3\npPicasa3.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2013-12-06]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-23]
CHR Extension: (Google Drive) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-23]
CHR Extension: (YouTube) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-23]
CHR Extension: (Google Search) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-23]
CHR Extension: (Gmail) - C:\Users\Super Dooper User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [135168 2008-10-16] (Hewlett-Packard Co.) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-07-18] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Beep; No ImagePath
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [392704 2008-01-20] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1523712 2008-01-20] (Conexant Systems, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 19:43 - 2014-11-30 19:43 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-30 19:43 - 2014-11-30 19:43 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-30 19:43 - 2014-11-30 19:43 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 19:43 - 2014-11-30 19:43 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 19:35 - 2014-11-30 19:35 - 00000693 _____ () C:\Users\Super Dooper User\Desktop\Result.txt
2014-11-30 19:34 - 2014-11-30 19:34 - 00401920 _____ (Farbar) C:\Users\Super Dooper User\Downloads\MiniToolBox.exe
2014-11-30 19:34 - 2014-11-30 19:34 - 00401920 _____ (Farbar) C:\Users\Super Dooper User\Desktop\MiniToolBox.exe
2014-11-30 18:55 - 2014-11-30 18:57 - 00022098 _____ () C:\Users\Super Dooper User\Desktop\Addition.txt
2014-11-30 18:54 - 2014-11-30 19:47 - 00014804 _____ () C:\Users\Super Dooper User\Desktop\FRST.txt
2014-11-30 18:54 - 2014-11-30 18:53 - 02117632 _____ (Farbar) C:\Users\Super Dooper User\Desktop\FRST64.exe
2014-11-30 18:53 - 2014-11-30 18:53 - 02117632 _____ (Farbar) C:\Users\Super Dooper User\Downloads\FRST64.exe
2014-11-30 18:37 - 2014-11-30 18:37 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Apple
2014-11-30 18:00 - 2014-11-30 18:00 - 00001663 _____ () C:\Users\Super Dooper User\Desktop\JRT.txt
2014-11-30 17:57 - 2014-11-30 17:57 - 00000000 ____D () C:\Windows\ERUNT
2014-11-30 17:51 - 2014-11-30 17:50 - 01707646 _____ (Thisisu) C:\Users\Super Dooper User\Desktop\JRT.exe
2014-11-30 17:50 - 2014-11-30 17:50 - 01707646 _____ (Thisisu) C:\Users\Super Dooper User\Downloads\JRT.exe
2014-11-30 17:50 - 2014-11-30 17:49 - 02148864 _____ () C:\Users\Super Dooper User\Desktop\adwcleaner_4.102.exe
2014-11-30 17:49 - 2014-11-30 17:49 - 02148864 _____ () C:\Users\Super Dooper User\Downloads\adwcleaner_4.102.exe
2014-11-30 17:20 - 2014-11-30 18:43 - 00001104 _____ () C:\Windows\PFRO.log
2014-11-30 17:17 - 2014-11-30 17:17 - 00000000 ____D () C:\_OTL
2014-11-30 16:28 - 2014-11-30 16:28 - 00049232 _____ () C:\Users\Super Dooper User\Desktop\Extras.Txt
2014-11-30 16:26 - 2014-11-30 17:36 - 00071954 _____ () C:\Users\Super Dooper User\Desktop\OTL.Txt
2014-11-30 16:15 - 2014-11-30 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Super Dooper User\Desktop\OTL.exe
2014-11-30 16:07 - 2014-11-30 19:47 - 00000000 ____D () C:\FRST
2014-11-30 15:59 - 2014-11-30 15:59 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Macromedia
2014-11-30 15:59 - 2014-11-30 15:59 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Adobe
2014-11-23 21:44 - 2014-11-23 21:44 - 00000000 ____D () C:\Windows\en
2014-11-23 21:42 - 2014-11-23 21:42 - 00001281 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2014-11-23 21:42 - 2014-11-23 21:42 - 00001212 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2014-11-23 21:42 - 2014-11-23 21:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-11-23 21:41 - 2014-11-23 21:41 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2014-11-23 21:41 - 2014-11-23 21:41 - 00001091 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-23 21:40 - 2014-11-23 21:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-11-23 21:40 - 2012-03-08 18:40 - 00048488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fssfltr.sys
2014-11-23 21:39 - 2014-11-23 21:44 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-23 21:39 - 2014-11-23 21:39 - 00000000 ____D () C:\Windows\PCHEALTH
2014-11-23 21:39 - 2014-11-23 21:39 - 00000000 ____D () C:\Program Files\Windows Live
2014-11-23 21:38 - 2014-11-23 21:38 - 00000363 _____ () C:\Windows\DirectX.log
2014-11-23 21:27 - 2014-11-30 18:02 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Windows Live
2014-11-23 21:27 - 2009-08-04 01:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-11-23 21:27 - 2009-08-04 01:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-11-23 21:21 - 2014-11-23 21:21 - 00136016 _____ () C:\Users\Super Dooper User\Downloads\hosts (1).zip
2014-11-23 21:14 - 2014-11-30 18:25 - 00000000 ____D () C:\temp
2014-11-23 21:12 - 2014-11-23 21:12 - 00136016 _____ () C:\Users\Super Dooper User\Downloads\hosts.zip
2014-11-23 19:39 - 2014-11-30 17:02 - 00000004 _____ () C:\Users\Super Dooper User\AppData\Roaming\appdataFr2.bin
2014-11-23 19:27 - 2014-11-30 19:39 - 00000656 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-30 17:21 - 00000628 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-30 17:21 - 00000458 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-11-23 19:27 - 2014-11-23 19:27 - 00003816 _____ () C:\Windows\System32\Tasks\Scan the system (Spybot - Search & Destroy)
2014-11-23 19:27 - 2014-11-23 19:27 - 00003462 _____ () C:\Windows\System32\Tasks\Refresh immunization (Spybot - Search & Destroy)
2014-11-23 19:27 - 2014-11-23 19:27 - 00003022 _____ () C:\Windows\System32\Tasks\Check for updates (Spybot - Search & Destroy)
2014-11-23 19:26 - 2014-11-23 19:30 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-23 19:26 - 2014-11-23 19:26 - 00001230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-23 19:26 - 2014-11-23 19:26 - 00001218 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-23 19:26 - 2014-11-23 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-23 19:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-23 19:21 - 2014-11-23 19:23 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Matt\Downloads\spybot-2.4.exe
2014-11-23 19:15 - 2014-11-23 19:15 - 00000680 _____ () C:\Users\Super Dooper User\AppData\Local\d3d9caps.dat
2014-11-23 19:14 - 2014-11-30 16:15 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\Google
2014-11-23 19:14 - 2014-11-30 16:06 - 00067168 _____ () C:\Users\Super Dooper User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-23 19:14 - 2014-11-23 19:39 - 00002025 _____ () C:\Users\Super Dooper User\Desktop\Google Chrome.lnk
2014-11-23 19:14 - 2014-11-23 19:15 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Local\VirtualStore
2014-11-23 19:14 - 2014-11-23 19:14 - 00000979 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000974 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000949 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000915 _____ () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2014-11-23 19:14 - 2014-11-23 19:14 - 00000000 ____D () C:\Users\Super Dooper User\AppData\Roaming\Apple Computer
2014-11-23 19:13 - 2014-11-30 19:39 - 00000008 __RSH () C:\Users\Super Dooper User\ntuser.pol
2014-11-23 19:13 - 2014-11-23 19:13 - 00000020 ___SH () C:\Users\Super Dooper User\ntuser.ini
2014-11-23 19:13 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-11-23 19:13 - 2008-01-20 20:20 - 00000000 ___RD () C:\Users\Super Dooper User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-23 15:15 - 2014-11-23 15:16 - 00116270 ____N () C:\Windows\hpoins33.dat.temp
2014-11-23 15:15 - 2008-12-11 05:27 - 00001008 ____N () C:\Windows\hpomdl33.dat.temp
2014-11-23 15:09 - 2014-11-23 15:09 - 00000795 _____ () C:\Windows\setupact.log
2014-11-23 15:09 - 2014-11-23 15:09 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-23 12:27 - 2014-11-23 12:27 - 00043232 _____ () C:\Users\Melodee\Documents\cc_20141123_122737.reg
2014-11-23 12:11 - 2014-11-23 12:10 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-23 12:10 - 2014-11-23 12:10 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-23 12:10 - 2014-11-23 12:10 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-23 12:09 - 2014-11-30 19:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-23 12:09 - 2014-11-30 17:33 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-23 11:24 - 2014-11-23 11:24 - 00014128 _____ () C:\ComboFix.txt
2014-11-19 03:03 - 2014-10-23 18:03 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 03:03 - 2014-10-23 17:39 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-15 03:07 - 2014-10-12 16:52 - 02782208 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-15 03:07 - 2014-09-18 17:50 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-15 03:07 - 2014-09-18 17:45 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-15 03:05 - 2014-08-11 19:25 - 00729600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-15 03:05 - 2014-08-11 19:11 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-15 03:04 - 2014-10-17 18:08 - 00564224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-15 03:04 - 2014-10-17 17:46 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-15 03:04 - 2014-10-09 18:10 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-15 03:04 - 2014-10-09 18:09 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-15 03:04 - 2014-10-09 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-15 03:04 - 2014-10-09 18:01 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-15 03:04 - 2014-10-09 18:00 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-15 03:04 - 2014-10-09 16:53 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-15 03:04 - 2014-10-09 16:22 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-15 03:04 - 2014-10-02 18:18 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-15 03:04 - 2014-10-02 18:17 - 00396800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-15 03:04 - 2014-10-02 18:17 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-15 03:04 - 2014-10-02 18:03 - 00313344 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-15 03:04 - 2014-10-02 18:02 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-15 03:04 - 2014-10-02 18:01 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-15 03:04 - 2014-10-02 18:01 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-15 03:04 - 2014-10-02 16:49 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\audiodg.exe
2014-11-15 03:00 - 2014-10-23 18:04 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-15 03:00 - 2014-10-23 17:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-15 03:00 - 2014-08-26 17:55 - 01249280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-15 03:00 - 2014-08-26 17:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-15 03:00 - 2014-08-26 17:41 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-15 03:00 - 2014-08-26 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-14 14:47 - 2014-11-14 14:47 - 00000000 ____D () C:\Users\Matt\Desktop\Melodee
2014-11-14 14:44 - 2014-10-27 13:32 - 17870336 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-14 14:44 - 2014-10-27 13:13 - 02339840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-14 14:44 - 2014-10-27 13:12 - 10921472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-14 14:44 - 2014-10-27 13:07 - 01388032 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-14 14:44 - 2014-10-27 13:06 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-14 14:44 - 2014-10-27 13:05 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-14 14:44 - 2014-10-27 13:05 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-14 14:44 - 2014-10-27 13:05 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-14 14:44 - 2014-10-27 13:04 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-14 14:44 - 2014-10-27 13:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-14 14:44 - 2014-10-27 13:03 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-14 14:44 - 2014-10-27 13:03 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-14 14:44 - 2014-10-27 13:03 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-14 14:44 - 2014-10-27 12:10 - 12366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-14 14:44 - 2014-10-27 12:05 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-14 14:44 - 2014-10-27 12:02 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-14 14:44 - 2014-10-27 11:59 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-14 14:44 - 2014-10-27 11:59 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-14 14:44 - 2014-10-27 11:58 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-14 14:44 - 2014-10-27 11:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-14 14:44 - 2014-10-27 11:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-14 14:44 - 2014-10-27 11:56 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-14 14:44 - 2014-10-27 11:55 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-14 14:44 - 2014-10-27 11:55 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-14 14:44 - 2014-10-27 11:55 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-14 14:44 - 2014-10-27 11:55 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-14 14:44 - 2014-10-27 11:54 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 19:46 - 2006-11-02 05:46 - 00758370 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 19:42 - 2008-01-20 18:53 - 01107589 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 19:38 - 2014-05-19 18:18 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-11-30 19:38 - 2006-11-02 08:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 19:38 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 19:38 - 2006-11-02 08:22 - 00003712 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 19:37 - 2006-11-02 08:42 - 00032590 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 19:37 - 2006-11-02 06:34 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-11-30 18:42 - 2014-10-05 16:34 - 00000000 ____D () C:\AdwCleaner
2014-11-30 18:04 - 2014-10-04 17:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-30 17:36 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\rescache
2014-11-30 17:33 - 2013-11-27 10:34 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-30 17:33 - 2013-11-27 10:34 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-30 17:21 - 2006-11-02 08:21 - 00282032 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-23 21:39 - 2006-11-02 06:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-23 20:37 - 2014-10-05 14:20 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-23 19:26 - 2014-10-05 14:20 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-11-23 19:17 - 2013-12-10 08:13 - 00000632 __RSH () C:\Users\Matt\ntuser.pol
2014-11-23 19:17 - 2013-11-26 11:54 - 00000000 ____D () C:\Users\Matt
2014-11-23 15:33 - 2013-12-06 09:04 - 00116300 _____ () C:\Windows\hpoins33.dat
2014-11-23 15:33 - 2013-12-06 09:04 - 00001584 _____ () C:\ProgramData\hpzinstall.log
2014-11-23 12:11 - 2013-11-27 10:43 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-23 11:27 - 2006-11-02 05:34 - 00449919 _____ () C:\Windows\system32\Drivers\etc\HOSTS.MVP
2014-11-23 11:24 - 2014-10-05 13:28 - 00000000 ____D () C:\Qoobox
2014-11-23 11:22 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-23 11:12 - 2014-10-04 17:44 - 00000000 ____D () C:\Smitfraud
2014-11-23 11:00 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\Web
2014-11-20 17:10 - 2014-10-04 17:48 - 00000941 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-20 17:10 - 2014-10-04 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-20 17:10 - 2014-10-04 17:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-15 03:03 - 2013-11-26 13:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-15 03:01 - 2006-11-02 05:35 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-14 14:48 - 2013-12-25 14:34 - 00000988 _____ () C:\Users\Matt\AppData\Roaming\wklnhst.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-30 19:45

==================== End Of Log ============================

 

 

 

 

 


  • 0

#12
zep516
Posted 29 November 2014 - 08:54 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
How is the computer ?


What's popping up and in what browser ?

Joe
  • 0

#13
Mrs_Roboto
Posted 29 November 2014 - 08:58 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

The browser that was having the issue was Chrome.  It appears to be functioning well now.  What was happening was when I would open a page several pages(tabs) would open with adds for various things.  This no longer seems to be happening.   Do you think that we fixed it?


  • 0

#14
zep516
Posted 29 November 2014 - 09:02 PM

zep516

    Trusted Helper

  • Malware Removal
  • 8,093 posts
Yes. I think so.

Lets run an online scan called ESET. This scan may take a while. This scan may show files we already took care of. So when you get time run ESET and post the results. You will need to use Firefox or Internet explorer for this scan. Detailed instructions to follow:


ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt).
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)
Post the ESET results.

Thanks
Joe :)
  • 0

#15
Mrs_Roboto
Posted 30 November 2014 - 09:08 PM

Mrs_Roboto

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts

Sorry for taking so long.  Here is the ESET log you requested...

 

C:\AdwCleaner\Quarantine\C\Program Files\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir a variant of Win64/Adware.Vitruvian.B application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\AnyProtectEx\AnyProtectTrayIcon.exe.vir a variant of Win32/AnyProtect.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll.vir a variant of Win32/DealPly.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLive.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveBroker.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveHandler.exe.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\BonanzaDealsLiveOnDemand.exe.vir a variant of Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\goopdate.dll.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir Win32/DealPly.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psmachine.dll.vir Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\psuser.dll.vir a variant of Win32/DealPly.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\BuzzSearchUn.exe.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\BuzzSearchUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\updateBuzzSearch.exe.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\ba099a85e825480283e7.dll.vir a variant of Win32/BrowseFox.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\ba099a85e825480283e764.dll.vir Win64/BrowseFox.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserAdapter.exe.vir a variant of Win32/BrowseFox.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserAdapter64.exe.vir Win64/BrowseFox.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserFilter.Helper.dll.old.56c2193b-a011-4686-8f1e-8a0a3df0b06a.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.BrowserFilter.Helper.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.PurBrowse.exe.vir a variant of Win32/BrowseFox.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearch.PurBrowse64.exe.vir a variant of Win64/BrowseFox.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\BuzzSearchBrowserFilter.exe.vir a variant of MSIL/BrowseFox.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\utilBuzzSearch.exe.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\{ba099a85-e825-4802-83e7-d386a5b4a734}.dll.vir a variant of Win32/BrowseFox.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\{ba099a85-e825-4802-83e7-d386a5b4a734}64.dll.vir Win64/BrowseFox.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.Bromon.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BroStats.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapter.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserAdapterS.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.BrowserFilter.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.CompatibilityChecker.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.DspSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.FeSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.FFUpdate.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.GCUpdate.dll.vir a variant of MSIL/BrowseFox.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.IEUpdate.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.OfSvc.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.PurBrowse.dll.vir a variant of MSIL/BrowseFox.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BuzzSearch\bin\plugins\BuzzSearch.Repmon.dll.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-2.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-3.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-4.exe.vir a variant of Win32/Toolbar.CrossRider.AK potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\13dd8bf3-8295-4928-b7c1-849e5ce4bce2-5.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-bg.exe.vir a variant of Win32/Toolbar.CrossRider.AL potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Freeven pro-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AJ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.BP potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Freeven pro\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-11.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-2.exe.vir a variant of Win32/Toolbar.CrossRider.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-4.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-5.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-64.exe.vir a variant of Win64/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\02607119-ba9a-440c-90af-5e984570b9f4-7.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\58aab648-6173-4e2a-897a-7a6e5399aa39.dll.vir a variant of Win32/Toolbar.CrossRider.BM potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\765f16b7-2f30-4905-96e2-a640e6c6c071.dll.vir a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\iWebar-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\iWebar\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Helper.dll.vir a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\LinkeyDeals.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\Uninstall.exe.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\IEExtension\iedll.dll.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\IEExtension\iedll64.dll.vir a variant of Win32/Toolbar.SearchSuite.U potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\1293297481.mxaddon.vir JS/Toolbar.Crossrider.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-11.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-2.exe.vir a variant of Win32/Toolbar.CrossRider.AR potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-3.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-4.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-5.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-6.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-64.exe.vir a variant of Win64/Toolbar.Crossrider.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\27f66b22-41d3-4c58-99e9-25f818d57110-7.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\2c45f15c-4307-4ad4-ac1b-71a6d2618c31.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\810884ce-3099-4e82-835b-17527a05d5cf.dll.vir a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bg.exe.vir a variant of Win32/Toolbar.CrossRider.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bho.dll.vir a variant of Win32/Toolbar.CrossRider.AF potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil.dll.vir a variant of Win32/Toolbar.CrossRider.BD potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil64.dll.vir a variant of Win64/Toolbar.Crossrider.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-buttonutil64.exe.vir a variant of Win64/Toolbar.Crossrider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Object Browser-codedownloader.exe.vir a variant of Win32/Toolbar.CrossRider.AV potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\Uninstall.exe.vir a variant of Win32/Toolbar.CrossRider.AW potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Object Browser\utils.exe.vir Win32/Packed.VMDetector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir a variant of Win32/SProtector.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir a variant of Win32/SProtector.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll.vir a variant of Win32/AdWare.Vitruvian.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Quiknowledge\Service\qksvc.exe.vir a variant of Win32/AdWare.Vitruvian.C application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Uninstaller\Uninstall.exe.vir a variant of MSIL/DomaIQ.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\converter.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadAPI.dll.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\DownloadHelper.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\sbmntr.sys.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDownloader.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\YTDownloader\YTDUninstall.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.dll.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.exe.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\FlaasHCoupon\C9g6biUy.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.dll.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.exe.vir a variant of Win32/AdWare.MultiPlug.T application
C:\AdwCleaner\Quarantine\C\ProgramData\saviinGtoyiou\1_AsDh.x64.dll.vir a variant of Win64/Adware.MultiPlug.C application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.dll.vir a variant of Win32/AdWare.MultiPlug.AY application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.exe.vir a variant of Win32/AdWare.MultiPlug.AG application
C:\AdwCleaner\Quarantine\C\ProgramData\TicTaCiouupon\YkDdD.x64.dll.vir a variant of Win64/Adware.MultiPlug.D application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\upfst_us_70.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\Download\majfstusau.exe.vir multiple threats
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_70\Download\majfst_gentleus.exe.vir Win32/AdWare.EoRezo.AW application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\fst_us_87\upfst_us_87.exe.vir a variant of Win32/Adware.EoRezo.AJ application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\chrmXtn.dll.vir a variant of Win32/Toolbar.Montiera.M potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\pay-by-ads\Yahoo! Search\1.3.8.2\ffxtn.dll.vir a variant of Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Matt\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\AnyProtectScannerSetup.exe.vir Win32/AnyProtect.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.1_0\background.js.vir Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhjjdgbhohaallcimgcmakfiobacimkm\1.0.1_0\content.js.vir Win32/BrowseFox.Q potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dkok9aoF.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrsetup.exe.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\oeimWmjm.dll.vir a variant of Win32/Toolbar.Montiera.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\res.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Local\WeatherAlerts\DesktopWeatherAlertsApp.exe.vir a variant of MSIL/Adware.StrongVault.A application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Melodee\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrlte.exe.vir a variant of Win32/Toolbar.Montiera.L potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\dsrsetup.exe.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\hfAbmn8o.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\klghRbpf.dll.vir a variant of Win32/Toolbar.Montiera.N potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Molly-Geneva\AppData\Local\pay-by-ads\Yahoo! Search\1.3.12.4\res.dll.vir Win32/Toolbar.Montiera.R potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir Win64/AdvancedSystemProtector.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}t.sys.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ba099a85-e825-4802-83e7-d386a5b4a734}t64.sys.vir a variant of Win64/BrowseFox.BA potentially unwanted application
C:\Herb Korff\Guest\AppData\LocalLow\ConduitEngine\ConduitEngine.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application
C:\Program Files\Common Files\System\SysMenu.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\Program Files\Common Files\System\SysMenu64.dll a variant of Win32/SBWatchman.D potentially unwanted application
C:\ProgramData\flgjdmgpakkffmapnkhncfhiedmnchim\EvNii2y5MY.js JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\170.dll.vir a variant of Win32/AdWare.AddLyrics.BH application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfB15.exe.vir a variant of Win32/AdWare.AddLyrics.AM application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfC.exe.vir a variant of Win32/AdWare.AddLyrics.AO application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfgd170.dll.vir a variant of Win32/AdWare.AddLyrics.BA application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockAndSurfgd170.exe.vir a variant of Win32/AdWare.AddLyrics.AN application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\BlockNSurf.exe.vir a variant of Win32/AdWare.AddLyrics.AR application
C:\Qoobox\Quarantine\C\Program Files (x86)\BlockAndSurf-soft\Uninstall.exe.vir a variant of Win32/AdWare.AddLyrics.AS application
C:\Qoobox\Quarantine\C\Program Files (x86)\Freeven pro\FrEEven pro-bho64.dll.vir a variant of Win64/Toolbar.Crossrider.J potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyPC Backup\Configuration Updater.exe.vir a variant of MSIL/RunElevated.A potentially unsafe application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir a variant of MSIL/MyPCBackup.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\LTV.exe.vir MSIL/Tuguu.C potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayer.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\NewPlayerUpdaterService.exe.vir MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\NewPlayer\references\NewPlayerChecker.exe.vir a variant of MSIL/NewPlayer.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.I potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir a variant of Win32/Conduit.SearchProtect.H potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir a variant of Win32/ClientConnect.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\manifest.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\SPRemove.exe.vir a variant of Win32/SBWatchman.D potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\Updater.exe.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\FireFox\content\overlay.js.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.exe.vir Win32/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\jsdrv.sys.vir Win64/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.exe.vir Win32/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\Program Files (x86)\ShopperPro\JSDriver\1.37.0.871\jsdrv.sys.vir Win64/ShopperPro.B potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\BETterPriceCheicu\ECIkraoIwM.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\database1_0_0.json.vir JS/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\ShopperPro.dll.vir a variant of Win32/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\ShopperPro\ShopperPro64.dll.vir a variant of Win64/ShopperPro.A potentially unwanted application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.dll.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.exe.vir a variant of Win32/AdWare.MultiPlug.BN application
C:\Qoobox\Quarantine\C\ProgramData\unicoupons\CaNS.x64.dll.vir a variant of Win64/Adware.MultiPlug.E application
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\content.js.vir JS/Chromex.Agent.L trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\gIbWkh.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl\1.26.17_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\nsw7529.tmp.vir Win32/AnyProtect.D potentially unwanted application
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\content.js.vir JS/Chromex.Agent.L trojan
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\196\gIbWkh.js.vir JS/Kryptik.ATB trojan
C:\Qoobox\Quarantine\C\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\imonhoeiopfgoncjdldhhfjgocghkbbl\1.26.17_0\extensionData\plugins\91.js.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\All Users\flgjdmgpakkffmapnkhncfhiedmnchim\EvNii2y5MY.js JS/Kryptik.ATB trojan
C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application
C:\Users\Matt\Downloads\uplayermediaplayer-setup (1).exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Melodee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfneigogocifpmjngcpbhfmjhbckjcao\15514.8955.2241_0\extensionData\plugins\91.js JS/Toolbar.Crossrider.B potentially unwanted application

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP