Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PC running extremely slow & no option to create new folder when ri


  • Please log in to reply

#1
chaldo

chaldo

    Member

  • Member
  • PipPip
  • 31 posts

The PC is just dragging, even while just working within windows. While on the internet, I've also been getting a lot of java messages that scripts need to be stopped because they are slowing down the website. I ran CCleaner before posting here just to clear up my cache/temp files as well as speed up any potential scans I will need to run. This is the first time I'm posting here. I used to post my virus logs on the TweakXP forums, but they went inactive now. I posted on bleepingcomputer but didn't get a response, and so now I'm trying here! Thanks in advance!

 

 

OTL Log

OTL logfile created on: 11/30/2014 6:44:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 44.25% Memory free
7.93 Gb Paging File | 4.78 Gb Available in Paging File | 60.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.90 Gb Total Space | 173.59 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
PRC - [2014/11/15 02:06:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/09/14 12:04:34 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\oidimkiswsgx.exe
PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe
PRC - [2009/07/13 20:14:30 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\regsvr32.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014/11/15 02:06:38 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/09/14 12:04:34 | 014,669,128 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/09/14 12:04:34 | 008,537,928 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\pdf.dll
MOD - [2014/09/14 12:04:34 | 001,732,936 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/09/14 12:04:34 | 000,718,152 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\libglesv2.dll
MOD - [2014/09/14 12:04:34 | 000,353,096 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD - [2014/09/14 12:04:34 | 000,126,280 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\libegl.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/11/15 02:06:38 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/07/14 17:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 17:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe -- (N360)
SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtspx64.sys -- (SRTSPX)
DRV:[b]64bit:[/b] - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\srtsp64.sys -- (SRTSP)
DRV:[b]64bit:[/b] - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ccsetx64.sys -- (ccSet_N360)
DRV:[b]64bit:[/b] - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symefa64.sys -- (SymEFA)
DRV:[b]64bit:[/b] - [2012/03/23 14:12:17 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/11/16 22:37:59 | 000,405,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symnets.sys -- (SymNetS)
DRV:[b]64bit:[/b] - [2011/11/16 22:17:49 | 000,190,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\ironx64.sys -- (SymIRON)
DRV:[b]64bit:[/b] - [2011/08/16 01:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0604000.009\symds64.sys -- (SymDS)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:[b]64bit:[/b] - [2009/11/06 15:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012/12/06 02:58:42 | 002,084,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121205.021\ex64.sys -- (NAVEX15)
DRV - [2012/12/06 02:58:42 | 000,126,112 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121205.021\eng64.sys -- (NAVENG)
DRV - [2012/10/23 18:34:23 | 001,384,608 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121130.005\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/09/06 03:54:30 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121204.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/08/09 11:05:33 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {C97AE766-4933-4AA7-AE3D-1E4200DF20C6}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\..\SearchScopes\{C97AE766-4933-4AA7-AE3D-1E4200DF20C6}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{DFC25293-F318-46A2-92BE-3FC664D84FE3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.startup.homepage: "yahoo.com/"
FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
 
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn\ [2012/12/16 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn\ [2012/12/16 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
 
[2012/02/17 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2014/11/23 23:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions
[2012/04/24 18:00:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2014/06/13 20:02:59 | 001,999,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
[2014/07/17 18:00:13 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
[2014/11/14 09:45:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/13 12:31:17 | 000,002,402 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\searchplugins\bingp.xml
[2014/11/19 23:23:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/11/19 23:24:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Catalina Savings Printer (Enabled) = C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.916.0.7_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coieplg.dll (Symantec Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
O4 - HKCU..\Run: [ymrotvk] C:\Users\Owner\AppData\Local\Google\ymrotvk.dll (Borland Software Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B15C00-BCB8-4AAD-AF7E-C50C43273F51}: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FF79A6-ABEA-48E0-B5E6-B9F27F7BDF11}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18:[b]64bit:[/b] - Protocol\Handler\skype4com - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{cbf6d6b9-b528-11e1-b8b1-f04da2f82063}\Shell - "" = AutoRun
O33 - MountPoints2\{cbf6d6b9-b528-11e1-b8b1-f04da2f82063}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014/11/30 18:44:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/11/28 19:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2014/11/27 22:34:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2014/11/27 22:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/11/27 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/11/27 22:21:35 | 005,162,080 | ---- | C] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup500.exe
[2014/11/27 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics
[2014/11/27 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\docs
[2014/11/27 14:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\downloads
[2014/11/27 14:03:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\owner folder
[2014/11/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2014/11/23 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/11/23 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/11/22 17:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VibiKavi
[2014/11/22 17:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VodelOzbuf
[2014/11/20 19:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2014/11/20 19:20:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
[2014/11/15 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/03/26 21:45:33 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
[2014/11/30 18:36:46 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\leiu.hss
[2014/11/30 18:30:00 | 000,000,290 | ---- | M] () -- C:\Windows\tasks\Dealply.job
[2014/11/30 18:22:36 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/30 18:22:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/30 06:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/30 01:50:18 | 000,000,135 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2014/11/28 19:06:52 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/11/27 22:42:01 | 000,003,534 | ---- | M] () -- C:\Users\Owner\Desktop\attach.zip
[2014/11/27 22:33:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
[2014/11/27 22:26:01 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/11/27 22:26:01 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/11/27 22:23:20 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/11/27 22:23:20 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/11/27 22:23:20 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/11/27 22:22:03 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/27 22:21:37 | 005,162,080 | ---- | M] (Piriform Ltd) -- C:\Users\Owner\Desktop\ccsetup500.exe
[2014/11/27 22:16:47 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
[2014/11/16 13:20:47 | 000,141,372 | ---- | M] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014/11/28 19:06:52 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
[2014/11/28 19:06:52 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014/11/27 22:42:00 | 000,003,534 | ---- | C] () -- C:\Users\Owner\Desktop\attach.zip
[2014/11/27 22:22:03 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/11/16 13:19:53 | 000,141,372 | ---- | C] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
[2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
[2013/12/19 09:37:24 | 000,000,135 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
[2013/08/11 22:32:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2013/08/11 22:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2013/03/26 21:44:55 | 000,893,239 | ---- | C] () -- C:\Users\Owner\AppData\Local\a.zip
[2013/03/18 20:00:20 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
[2013/03/18 19:59:50 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
[2013/03/16 20:55:48 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014/11/23 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVAST Software
[2013/08/08 17:43:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Canon
[2013/03/26 21:44:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Catalina – Print Savings
[2013/07/13 12:30:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Dealply
[2013/03/18 20:00:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Final Draft
[2012/03/24 18:10:14 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Foxit Software
[2014/09/15 20:55:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Oracle
[2014/11/28 01:15:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2013/07/13 12:35:41 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Strongvault
[2012/02/24 20:33:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TP
[2014/11/28 19:05:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >



 

Extras.Txt

OTL Extras logfile created on: 11/30/2014 6:44:38 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17126)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 1.75 Gb Available Physical Memory | 44.25% Memory free
7.93 Gb Paging File | 4.78 Gb Available in Paging File | 60.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.90 Gb Total Space | 173.59 Gb Free Space | 60.50% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A90DBCC-179C-4F19-96CC-F8F1DF86E0CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D1DAFCF-AEE7-48F8-89D7-FAE56FB21D62}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1DADFCBA-D1CC-4284-A756-F052B3891F3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2D7D328F-3662-4756-9ACF-F0DD19EE239B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{4A7C6B29-0149-4937-B9D9-0F654EE5657A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{76B297B2-ABB8-4BD7-8F86-1921EE72CE46}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{8D8A19BB-0233-4C79-926E-6401B73A6BD3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A3231013-9817-4E73-812B-66F9DE7BE6D9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AF55AD47-49EC-44EE-BCE0-B29D1CDFA7BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B88D0ED0-1BFF-48DB-9E28-F64F60AD27AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0A07616-DB84-4933-8737-0B3D1A9F789C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{CC11AD40-AC1D-48BB-BCE3-DE3253120FF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{DA3C4321-206C-40E1-9D39-19FF6C1F28CB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E42D1FFB-3433-4F9E-AB15-DE69ECD01859}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E93BF121-A7F7-49AE-B362-12D3CD936BF3}" = rport=139 | protocol=6 | dir=out | app=system | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1202C6A7-0FBA-4319-AD23-7486D4BAAD2B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{1EFA4420-B210-4C0D-B8BC-1E0E2EE16092}" = protocol=58 | dir=out | [email protected],-28546 | 
"{21CAC943-00C8-49E6-84A3-7EC5BC7F48E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{2373D9A0-D849-4FDF-AE24-803B9BB275DC}" = protocol=58 | dir=in | [email protected],-28545 | 
"{40AE59B7-121A-4A18-A222-CC862063F017}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe | 
"{47164D0C-9577-4546-AE29-FF2181806E19}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{47EA3998-462A-4E4F-A55D-75082AB4E462}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe | 
"{4990AA5D-878D-4B5A-8800-53E519294A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{5C2BB5E2-8F4F-4CB4-8C16-170E2AADB935}" = dir=in | app=%programfiles% (x86)\final draft 8\final draft.exe | 
"{7C976A5D-63C7-4132-8FD9-5A2B6830BBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{7CD6A349-4C56-40B2-B1C6-73D98A4CFA67}" = protocol=1 | dir=in | [email protected],-28543 | 
"{DF75B4C2-4041-4B71-914A-0C8F6F00D827}" = protocol=1 | dir=out | [email protected],-28544 | 
"{F27F32B2-7336-412E-B298-22916A6B3ED1}" = dir=out | app=%programfiles% (x86)\final draft 8\final draft.exe | 
"TCP Query User{F3212AED-5065-47F4-AE7A-CDC3EA533281}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
"UDP Query User{7999FEAE-2231-4BAA-822B-BE2B0CC3E7CC}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
"CCleaner" = CCleaner
"WinRAR archiver" = WinRAR 5.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
"{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
"{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}" = [email protected]
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
"Google Chrome" = Google Chrome
"mIRC" = mIRC
"Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"N360" = Norton 360
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"TeamViewer 9" = TeamViewer 9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.6
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 7/25/2014 1:13:25 AM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/25/2014 8:15:40 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/26/2014 7:08:27 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: There are currently no active network connections. Background
 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 
Error - 7/26/2014 3:23:38 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/27/2014 12:48:02 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/28/2014 11:21:41 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: There are currently no active network connections. Background
 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 
Error - 7/28/2014 12:10:31 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/28/2014 8:12:09 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/29/2014 8:22:19 AM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 7/29/2014 9:19:14 PM | Computer Name = Owner-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ Media Center Events ]
Error - 10/26/2012 10:17:52 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:17:52 AM - Error connecting to the internet.  10:17:52 AM -     Unable
 to contact server..  
 
Error - 10/26/2012 10:18:23 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 10:18:21 AM - Error connecting to the internet.  10:18:21 AM -     Unable
 to contact server..  
 
Error - 10/26/2012 11:19:15 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:19:15 AM - Error connecting to the internet.  11:19:15 AM -     Unable
 to contact server..  
 
Error - 10/26/2012 11:19:45 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 11:19:44 AM - Error connecting to the internet.  11:19:44 AM -     Unable
 to contact server..  
 
Error - 10/26/2012 12:20:37 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:20:37 PM - Error connecting to the internet.  12:20:37 PM -     Unable
 to contact server..  
 
Error - 10/26/2012 12:21:07 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 12:21:06 PM - Error connecting to the internet.  12:21:06 PM -     Unable
 to contact server..  
 
Error - 10/26/2012 1:21:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:21:59 PM - Error connecting to the internet.  1:21:59 PM -     Unable
 to contact server..  
 
Error - 10/26/2012 1:22:29 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = 1:22:28 PM - Error connecting to the internet.  1:22:28 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 11/30/2014 6:18:47 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 6:23:42 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 6:35:30 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 6:38:47 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 6:43:42 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 7:33:47 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 7:34:12 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 7:41:33 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 7:47:13 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
Error - 11/30/2014 7:53:23 PM | Computer Name = Owner-PC | Source = Microsoft-Windows-Bits-Client | ID = 16398
Description = A new BITS job could not be created. The current job count for the
 user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified
 through group policy.  To correct the problem, complete or cancel the BITS jobs
 that haven't made progress by looking at the error, and restart the BITS service.
 If this error recurs, contact your system administrator and increate the per-user
 and per-computer Group Policy job limits.
 
 
< End of report >

Attached Thumbnails

  • java.jpg

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

Looks like Norton let you down.

 

O4 - HKCU..\Run: [ymrotvk] C:\Users\Owner\AppData\Local\Google\ymrotvk.dll (Borland Software Corporation)

 

is an obvious infection (Random name and software supposedly from Borland using a Google folder) which creates these:

 

PRC - [2014/09/14 12:04:34 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\oidimkiswsgx.exe

MOD - [2014/09/14 12:04:34 | 014,669,128 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD
- [2014/09/14 12:04:34 | 008,537,928 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\pdf.dll
MOD
- [2014/09/14 12:04:34 | 001,732,936 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\ffmpegsumo.dll
MOD
- [2014/09/14 12:04:34 | 000,718,152 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\libglesv2.dll
MOD
- [2014/09/14 12:04:34 | 000,353,096 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\ppgooglenaclpluginchrome.dll
MOD
- [2014/09/14 12:04:34 | 000,126,280 | ---- | M] () -- C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\libegl.dll
 

 

 
Copy the text in the code box by highlighting and Ctrl + c
 
:OTL
O4 - HKCU..\Run: [ymrotvk] C:\Users\Owner\AppData\Local\Google\ymrotvk.dll (Borland Software Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_170_ActiveX.exe -update activex File not found
 
:files
C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz
 
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
 
 
then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply. 
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\01162013-some number.log so look there if you don't see it.
 
 
Download : ADWCleaner to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer
 
NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.
 
Close  all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).
 
scan-results.jpg
 
Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.
 
The report will be saved in the C:\AdwCleaner folder.
 
 
 
Junkware-Removal-Tool
 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
     
    Please download Farbar Recovery Scan Tool and save it to your Desktop. 
     
    Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. 
     
    •  
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 
  •  
     
    Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.
     
    Reboot. 
     
    Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator.  Then type (with an Enter after each line).
    sfc  /scannow
     
    (This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
     
    Copy the next two lines:
     
    findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
    notepad \windows\logs\cbs\junk.txt 
     
    Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
    Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.
     
    Ron
     

    • 0

    #3
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts


    I was able to follow your steps with a couple of exceptions.. The first was with ADW. After running the program and clicking "scan", about a minute or so later, the program said "Pending. Please uncheck elements you don't want to remove." I attached a screenshot of it here:

    qgfT6s8.png

    Also, when I tried running the sfc /scannow from the command prompt, it stopped at 11%, then said "Windows Resource Protection could not perform the required operation. Screenshot here:

    OuwLtvr.png

     

    I went ahead and uploaded the junk.txt log as well as all of the other logs that I was able to post



    OTL

    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ymrotvk deleted successfully.
    C:\Users\Owner\AppData\Local\Google\ymrotvk.dll moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate deleted successfully.
    ========== FILES ==========
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\Dictionaries folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\VisualElements folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\PepperFlash folder moved successfully.
    Folder move failed. C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\Locales scheduled to be moved on reboot.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\Extensions folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\default_apps folder moved successfully.
    Folder move failed. C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143 scheduled to be moved on reboot.
    Folder move failed. C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv scheduled to be moved on reboot.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\syfzqkksapf folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\nglpqgcn folder moved successfully.
    Folder move failed. C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz scheduled to be moved on reboot.
    ========== COMMANDS ==========
     
    [EMPTYFLASH]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: LogMeInRemoteUser
     
    User: Owner
    ->Flash cache emptied: 1693 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: LogMeInRemoteUser
     
    User: Owner
    ->Java cache emptied: 497023 bytes
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 12012014_190851
    
    Files\Folders moved on Reboot...
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143\Locales folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv\36.0.1985.143 folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\Xrqomqwv folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\syfzqkksapf folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz\nglpqgcn folder moved successfully.
    C:\Users\Owner\AppData\LocalLow\Temp\nrijddbcyz folder moved successfully.
    
    PendingFileRenameOperations files...
    
    Registry entries deleted on Reboot...
    
    
    

    Junkware Removal Tool (JRT)

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.0 (11.29.2014:1)
    OS: Windows 7 Home Premium x64
    Ran by Owner on Mon 12/01/2014 at 19:25:34.00
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    
    
    ~~~ Services
    
    
    
    ~~~ Registry Values
    
    
    
    ~~~ Registry Keys
    
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ApnStub_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS
    
    
    
    ~~~ Files
    
    Successfully deleted: [File] C:\Windows\Tasks\Dealply.job
    Successfully deleted: [File] "C:\Windows\couponprinter.ocx"
    Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe
    
    
    
    ~~~ Folders
    
    Successfully deleted: [Folder] C:\Users\Owner\AppData\Roaming\Dealply
    Successfully deleted: [Folder] "C:\Users\Owner\AppData\Roaming\strongvault"
    Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    
    
    
    ~~~ FireFox
    
    Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\j7fyufn3.default\user.js
    Successfully deleted: [File] C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\j7fyufn3.default\searchplugins\bingp.xml
    Emptied folder: C:\Users\Owner\AppData\Roaming\mozilla\firefox\profiles\j7fyufn3.default\minidumps [76 files]
    
    
    
    ~~~ Event Viewer Logs were cleared
    
    
    
    
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 12/01/2014 at 19:28:26.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    
    
    

    FRST.txt

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
    Ran by Owner (administrator) on OWNER-PC on 01-12-2014 19:32:27
    Running from C:\Users\Owner\Desktop
    Loaded Profile: Owner (Available profiles: Owner)
    Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
    
    ==================== Processes (Whitelisted) =================
    
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
    
    (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccsvchst.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    
    
    ==================== Registry (Whitelisted) ==================
    
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
    
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-11] (Realtek Semiconductor)
    HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\...\Run: [Medialink Utilty] => C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe [2281488 2009-08-21] ()
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\...\MountPoints2: {cbf6d6b9-b528-11e1-b8b1-f04da2f82063} - E:\LaunchU3.exe -a
    ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\6.4.0.9\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\6.4.0.9\buShell.dll (Symantec Corporation)
    ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\6.4.0.9\buShell.dll (Symantec Corporation)
    
    ==================== Internet (Whitelisted) ====================
    
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
    
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    HKU\S-1-5-21-118977947-1655544507-2490138364-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
    SearchScopes: HKU\S-1-5-21-118977947-1655544507-2490138364-1000 -> DefaultScope {C97AE766-4933-4AA7-AE3D-1E4200DF20C6} URL = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
    SearchScopes: HKU\S-1-5-21-118977947-1655544507-2490138364-1000 -> {C97AE766-4933-4AA7-AE3D-1E4200DF20C6} URL = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
    BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\IPS\IPSBHO.DLL (Symantec Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\coIEPlg.dll (Symantec Corporation)
    Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKU\S-1-5-21-118977947-1655544507-2490138364-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
    
    FireFox:
    ========
    FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default
    FF SearchEngineOrder.3: Bing
    FF Homepage: yahoo.com/
    FF Keyword.URL: hxxp://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-118977947-1655544507-2490138364-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Extension: QuickDrag - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\Extensions\[email protected] [2012-04-24]
    FF Extension: عارض PDF - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\Extensions\[email protected] [2013-09-25]
    FF Extension: CookieCuller - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-07-17]
    FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-02-17]
    FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn
    FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\IPSFFPlgn [2012-02-17]
    FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn
    FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\coFFPlgn [2012-12-03]
    
    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com/
    CHR StartupUrls: Default -> "hxxp://www.google.com/"
    CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17]
    CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-17]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-02]
    CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-17]
    CHR Extension: (Google Cast) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-03-01]
    CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-17]
    CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-02-23]
    CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
    CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-17]
    CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\Exts\Chrome.crx []
    
    ==================== Services (Whitelisted) =================
    
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    
    S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
    R2 DcomLaunch; C:\Windows\system32\rpcss.dll [532480 2010-11-20] (Microsoft Corporation) [File not signed]
    R2 N360; C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
    R2 RpcSs; C:\Windows\system32\rpcss.dll [532480 2010-11-20] (Microsoft Corporation) [File not signed]
    
    ==================== Drivers (Whitelisted) ====================
    
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
    
    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20121130.005\BHDrvx64.sys [1384608 2012-10-23] (Symantec Corporation)
    S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\0604000.009\ccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
    R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-09] (Symantec Corporation)
    R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20121204.001\IDSvia64.sys [513184 2012-09-06] (Symantec Corporation)
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121205.021\ENG64.SYS [126112 2012-12-06] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\VirusDefs\20121205.021\EX64.SYS [2084000 2012-12-06] (Symantec Corporation)
    S3 SRTSP; C:\Windows\System32\Drivers\N360x64\0604000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
    R1 SRTSPX; C:\Windows\system32\drivers\N360x64\0604000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
    R0 SymDS; C:\Windows\System32\drivers\N360x64\0604000.009\SYMDS64.SYS [451192 2011-08-16] (Symantec Corporation)
    R0 SymEFA; C:\Windows\System32\drivers\N360x64\0604000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
    R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-03-23] (Symantec Corporation)
    S1 SymIRON; C:\Windows\system32\drivers\N360x64\0604000.009\Ironx64.SYS [190072 2011-11-16] (Symantec Corporation)
    R1 SymNetS; C:\Windows\System32\Drivers\N360x64\0604000.009\SYMNETS.SYS [405624 2011-11-16] (Symantec Corporation)
    S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
    
    ==================== NetSvcs (Whitelisted) ===================
    
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
    
    
    ==================== One Month Created Files and Folders ========
    
    (If an entry is included in the fixlist, the file\folder will be moved.)
    
    2014-12-01 19:32 - 2014-12-01 19:33 - 00015236 _____ () C:\Users\Owner\Desktop\FRST.txt
    2014-12-01 19:32 - 2014-12-01 19:32 - 00000000 ____D () C:\FRST
    2014-12-01 19:31 - 2014-12-01 19:31 - 02117120 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
    2014-12-01 19:28 - 2014-12-01 19:28 - 00001984 _____ () C:\Users\Owner\Desktop\JRT.txt
    2014-12-01 19:25 - 2014-12-01 19:25 - 00000000 ____D () C:\Windows\ERUNT
    2014-12-01 19:24 - 2014-12-01 19:24 - 00000311 _____ () C:\Users\Owner\Desktop\temp.txt
    2014-12-01 19:20 - 2014-12-01 19:20 - 01707646 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
    2014-12-01 19:15 - 2014-12-01 19:19 - 00000000 ____D () C:\AdwCleaner
    2014-12-01 19:14 - 2014-12-01 19:14 - 00005486 _____ () C:\Users\Owner\Desktop\12012014_190851.log
    2014-12-01 19:13 - 2014-12-01 19:13 - 02154496 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
    2014-12-01 19:08 - 2014-12-01 19:08 - 00000000 ____D () C:\_OTL
    2014-11-30 18:54 - 2014-11-30 18:54 - 00047134 _____ () C:\Users\Owner\Desktop\Extras.Txt
    2014-11-30 18:52 - 2014-11-30 18:52 - 00077844 _____ () C:\Users\Owner\Desktop\OTL.Txt
    2014-11-30 18:44 - 2014-11-30 18:44 - 00602112 _____ (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
    2014-11-30 01:00 - 2014-12-01 19:10 - 00000056 _____ () C:\Windows\setupact.log
    2014-11-30 01:00 - 2014-11-30 01:00 - 00000000 _____ () C:\Windows\setuperr.log
    2014-11-28 19:06 - 2014-11-28 19:06 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    2014-11-28 19:06 - 2014-11-28 19:06 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
    2014-11-28 19:06 - 2014-11-28 19:06 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2014-11-27 23:02 - 2014-11-27 23:02 - 07822880 _____ (TeamViewer GmbH) C:\Users\Owner\Downloads\TeamViewer_Setup.exe
    2014-11-27 22:42 - 2014-11-27 22:42 - 00003534 _____ () C:\Users\Owner\Desktop\attach.zip
    2014-11-27 22:40 - 2014-11-27 22:41 - 00012840 _____ () C:\Users\Owner\Desktop\dds.txt
    2014-11-27 22:34 - 2014-11-27 22:33 - 00688992 ____R (Swearware) C:\Users\Owner\Desktop\dds.com
    2014-11-27 22:33 - 2014-11-27 22:33 - 00688992 _____ (Swearware) C:\Users\Owner\Downloads\dds.com
    2014-11-27 22:22 - 2014-11-27 22:22 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
    2014-11-27 22:22 - 2014-11-27 22:22 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
    2014-11-27 22:22 - 2014-11-27 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2014-11-27 22:22 - 2014-11-27 22:22 - 00000000 ____D () C:\Program Files\CCleaner
    2014-11-27 22:21 - 2014-11-27 22:21 - 05162080 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup500.exe
    2014-11-27 22:21 - 2014-11-27 22:21 - 05162080 _____ (Piriform Ltd) C:\Users\Owner\Desktop\ccsetup500.exe
    2014-11-27 14:21 - 2014-11-27 14:21 - 00000000 ____D () C:\Users\Owner\Desktop\pics
    2014-11-27 14:20 - 2014-11-27 14:23 - 00000000 ____D () C:\Users\Owner\Desktop\docs
    2014-11-27 14:03 - 2014-11-27 14:21 - 00000000 ____D () C:\Users\Owner\Desktop\owner folder
    2014-11-23 21:32 - 2014-11-23 21:32 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\AVAST Software
    2014-11-23 17:28 - 2014-11-23 17:28 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-11-23 17:27 - 2014-11-23 17:28 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-11-22 17:05 - 2014-11-23 23:40 - 00000000 ____D () C:\ProgramData\VibiKavi
    2014-11-22 17:05 - 2014-11-23 23:33 - 00000000 ____D () C:\ProgramData\VodelOzbuf
    2014-11-20 19:20 - 2014-11-27 21:57 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    2014-11-20 19:20 - 2014-11-22 17:05 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage
    2014-11-15 02:06 - 2014-11-28 01:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-11-14 22:00 - 2014-11-15 11:02 - 00012620 _____ () C:\Users\Owner\Desktop\Dads Index.xlsx
    
    ==================== One Month Modified Files and Folders =======
    
    (If an entry is included in the fixlist, the file\folder will be moved.)
    
    2014-12-01 19:31 - 2012-02-16 18:33 - 00058640 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-12-01 19:21 - 2014-07-09 21:48 - 00000075 _____ () C:\Windows\system32\leiu.hss
    2014-12-01 19:18 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-12-01 19:18 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-12-01 19:15 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-12-01 19:14 - 2012-02-15 21:28 - 02001697 _____ () C:\Windows\WindowsUpdate.log
    2014-12-01 19:10 - 2013-12-17 22:29 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-12-01 19:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-12-01 19:10 - 2009-07-13 23:45 - 00270952 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-12-01 19:09 - 2012-02-24 20:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SoftGrid Client
    2014-12-01 19:08 - 2013-07-13 12:30 - 00000000 ____D () C:\Users\Owner\AppData\Local\Google
    2014-12-01 18:51 - 2013-12-17 22:29 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-12-01 18:50 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-12-01 02:01 - 2013-12-19 09:37 - 00000136 _____ () C:\Users\Owner\AppData\Roaming\WB.CFG
    2014-11-30 19:25 - 2012-11-26 17:23 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Skype
    2014-11-30 19:25 - 2012-11-26 17:23 - 00000000 ____D () C:\ProgramData\Skype
    2014-11-30 16:59 - 2012-03-30 15:53 - 00000000 ____D () C:\Users\Owner\AppData\Local\CrashDumps
    2014-11-28 19:05 - 2013-05-10 21:19 - 00000000 ____D () C:\ProgramData\LogMeIn
    2014-11-28 19:05 - 2013-03-16 20:49 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\uTorrent
    2014-11-28 01:16 - 2014-06-29 11:27 - 00000000 ____D () C:\Users\Owner\Downloads\VA-The_Hunger_Games_Catching_Fire-OST-(Bonus_Tracks)-2013-C4
    2014-11-28 01:16 - 2014-06-24 11:44 - 00000000 ____D () C:\Users\Owner\Downloads\testdisk-7.0-WIP.win
    2014-11-28 01:15 - 2014-06-06 09:40 - 00000000 ____D () C:\Program Files (x86)\Valassis
    2014-11-28 01:15 - 2013-12-17 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2014-11-28 01:15 - 2012-05-12 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-11-28 01:15 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
    2014-11-27 23:15 - 2012-06-25 20:28 - 00000000 ____D () C:\Windows\Minidump
    2014-11-27 23:15 - 2012-02-15 23:08 - 00000000 ____D () C:\Windows\Panther
    2014-11-27 22:16 - 2012-02-15 21:28 - 00000000 ____D () C:\Users\Owner
    2014-11-16 15:54 - 2014-10-05 13:46 - 00000000 ____D () C:\Users\Owner\Desktop\Save a Lot Note Cards
    2014-11-13 06:46 - 2013-12-17 22:29 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-11-13 06:46 - 2013-12-17 22:29 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    
    ==================== Bamital & volsnap Check =================
    
    (There is no automatic fix for files that do not pass verification.)
    
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll
    [2010-11-20 22:24] - [2010-11-20 22:24] - 0532480 ____A (Microsoft Corporation) 253BD9E1405D244D3483A6B4A6D2B696
    
     ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
    
    
    LastRegBack: 2014-11-27 15:56
    
    ==================== End Of Log ============================
    

    Addition.txt

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2014
    Ran by Owner at 2014-12-01 19:33:15
    Running from C:\Users\Owner\Desktop
    Boot Mode: Normal
    ==========================================================
    
    
    ==================== Security Center ========================
    
    (If an entry is included in the fixlist, it will be removed.)
    
    AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    
    ==================== Installed Programs ======================
    
    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
    
    µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29342 - BitTorrent Inc.)
    Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.03) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
    Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
    Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
    Canon MP460 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460) (Version:  - )
    Catalina Savings Printer (HKLM-x32\...\{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}) (Version: 1.0.0 - Catalina Marketing Corp) <==== ATTENTION
    CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
    Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.4) (Version: 5.0.0.4 - Coupons.com Incorporated)
    Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.3.120 - Final Draft, Inc.)
    Final Draft 7 (HKLM-x32\...\{78D62D17-D970-42DA-B8CF-5E5576293B33}) (Version: 7.1.3.42 - Final Draft, Inc.)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
    Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    HL-2270DW (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
    Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
    Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
    Medialink MWN-USB150N (HKLM-x32\...\{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}) (Version: 1.00.0000 - Medialink)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    mIRC (HKLM-x32\...\mIRC) (Version: 7.15 - mIRC Co. Ltd.)
    Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Norton 360 (HKLM-x32\...\N360) (Version: 6.4.0.9 - Symantec Corporation)
    [email protected] (HKLM-x32\...\{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}) (Version: 3.0.7.0 - Valassis)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5936 - Realtek Semiconductor Corp.)
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
    VLC media player 2.0.6 (HKLM-x32\...\VLC media player) (Version: 2.0.6 - VideoLAN)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    
    ==================== Custom CLSID (selected items): ==========================
    
    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
    
    
    ==================== Restore Points  =========================
    
    20-11-2014 05:02:57 Windows Update
    20-11-2014 08:00:36 Windows Update
    20-11-2014 10:03:35 Windows Update
    20-11-2014 21:02:52 Windows Update
    21-11-2014 00:51:58 Windows Update
    21-11-2014 02:57:33 Windows Update
    21-11-2014 08:00:07 Windows Update
    21-11-2014 08:00:23 Windows Update
    21-11-2014 13:01:39 Windows Update
    21-11-2014 18:04:38 Windows Update
    21-11-2014 23:06:53 Windows Update
    22-11-2014 03:49:17 Windows Update
    22-11-2014 13:43:47 Windows Update
    22-11-2014 18:50:33 Windows Update
    22-11-2014 23:51:48 Windows Update
    23-11-2014 04:55:38 Windows Update
    23-11-2014 08:00:56 Windows Update
    23-11-2014 09:57:48 Windows Update
    23-11-2014 14:59:51 Windows Update
    23-11-2014 20:03:03 Windows Update
    23-11-2014 22:28:04 avast! antivirus system restore point
    24-11-2014 01:04:55 Windows Update
    24-11-2014 13:44:15 Windows Update
    25-11-2014 04:12:21 Windows Update
    25-11-2014 08:00:51 Windows Update
    25-11-2014 13:36:10 Windows Update
    25-11-2014 21:45:56 Windows Update
    26-11-2014 03:48:42 Windows Update
    26-11-2014 08:00:50 Windows Update
    27-11-2014 08:00:52 Windows Update
    27-11-2014 19:20:57 Windows Update
    28-11-2014 00:24:08 Windows Update
    28-11-2014 03:23:11 Windows Update
    28-11-2014 03:23:16 Windows Update
    28-11-2014 08:00:31 Windows Update
    28-11-2014 08:27:49 Windows Update
    28-11-2014 13:28:20 Windows Update
    28-11-2014 18:28:55 Windows Update
    28-11-2014 23:29:27 Windows Update
    29-11-2014 04:29:52 Windows Update
    29-11-2014 08:00:18 Windows Update
    29-11-2014 09:30:23 Windows Update
    29-11-2014 14:31:03 Windows Update
    29-11-2014 19:31:56 Windows Update
    30-11-2014 00:32:36 Windows Update
    30-11-2014 05:33:35 Windows Update
    30-11-2014 08:00:14 Windows Update
    30-11-2014 10:34:06 Windows Update
    30-11-2014 15:34:32 Windows Update
    30-11-2014 20:34:53 Windows Update
    01-12-2014 00:22:57 Removed Skype Click to Call
    01-12-2014 00:24:40 Removed Skype™ 6.11
    01-12-2014 03:40:18 Windows Update
    01-12-2014 08:00:16 Windows Update
    01-12-2014 08:40:49 Windows Update
    01-12-2014 13:41:45 Windows Update
    01-12-2014 18:42:17 Windows Update
    01-12-2014 23:57:31 Windows Update
    
    ==================== Hosts content: ==========================
    
    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
    
    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
    
    ==================== Scheduled Tasks (whitelisted) =============
    
    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
    
    Task: {1501EC84-6AE8-4999-8439-5DEB014B1BD2} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\WSCStub.exe [2012-09-26] (Symantec Corporation)
    Task: {56A6574B-5D95-473B-A612-D95DA38306C4} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\SymErr.exe [2012-02-03] (Symantec Corporation)
    Task: {63E5F97C-9952-4E82-84FF-D57AD758C45D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
    Task: {83DF054C-2ECC-4844-B13E-802B93C1EAE4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
    Task: {8ABEEF7A-77B7-46A4-89FD-0CB6BDB0FA18} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
    Task: {A99DBFCB-8483-4FEA-BFBD-C9797B3A0712} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
    Task: {AB6FAFCA-D811-4399-BC0A-3B42372F61B2} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\6.4.0.9\SymErr.exe [2012-02-03] (Symantec Corporation)
    Task: {BE8D4C38-832C-4250-B6C9-356B1CC5B442} - System32\Tasks\4704 => Wscript.exe C:\Users\Owner\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
    Task: {C3665390-B35A-42E8-A531-158877243103} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    
    ==================== Loaded Modules (whitelisted) =============
    
    2014-03-01 20:39 - 2009-08-21 15:44 - 02281488 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    2014-03-01 20:39 - 2007-12-06 10:24 - 01167360 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
    2014-03-01 20:39 - 2009-04-06 15:27 - 00098304 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    2014-03-01 20:39 - 2009-01-05 20:12 - 00159744 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    2014-03-01 20:39 - 2009-04-06 15:27 - 00032768 _____ () C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    
    ==================== Alternate Data Streams (whitelisted) =========
    
    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
    
    
    ==================== Safe Mode (whitelisted) ===================
    
    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
    
    
    ==================== EXE Association (whitelisted) =============
    
    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
    
    
    ==================== MSCONFIG/TASK MANAGER disabled items =========
    
    (Currently there is no automatic fix for this section.)
    
    
    ========================= Accounts: ==========================
    
    Administrator (S-1-5-21-118977947-1655544507-2490138364-500 - Administrator - Disabled)
    Guest (S-1-5-21-118977947-1655544507-2490138364-501 - Limited - Enabled)
    Owner (S-1-5-21-118977947-1655544507-2490138364-1000 - Administrator - Enabled) => C:\Users\Owner
    
    ==================== Faulty Device Manager Devices =============
    
    Name: Norton 360 Settings Manager
    Description: Norton 360 Settings Manager
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: ccSet_N360
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    Name: Symantec Iron Driver
    Description: Symantec Iron Driver
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: SymIRON
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    Name: BHDrvx64
    Description: BHDrvx64
    Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Manufacturer:
    Service: BHDrvx64
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.
    
    
    ==================== Event log errors: =========================
    
    Application errors:
    ==================
    
    System errors:
    =============
    
    Microsoft Office Sessions:
    =========================
    
    CodeIntegrity Errors:
    ===================================
      Date: 2012-12-13 00:30:15.015
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
    
      Date: 2012-12-13 00:30:15.015
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
    
      Date: 2012-12-13 00:30:15.000
      Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.
    
    
    ==================== Memory info ===========================
    
    Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz
    Percentage of memory in use: 26%
    Total physical RAM: 4060.8 MB
    Available physical RAM: 2969.58 MB
    Total Pagefile: 8119.79 MB
    Available Pagefile: 7033.54 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB
    
    ==================== Drives ================================
    
    Drive c: () (Fixed) (Total:286.9 GB) (Free:159.9 GB) NTFS
    
    ==================== MBR & Partition Table ==================
    
    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F7F6D5A3)
    Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
    Partition 2: (Active) - (Size=11.2 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=286.9 GB) - (Type=07 NTFS)
    
    ==================== End Of Log ============================
    

    junk.txt

    2014-12-01 19:40:50, Info                  CSI    00000009 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:40:50, Info                  CSI    0000000a [SR] Beginning Verify and Repair transaction
    2014-12-01 19:40:52, Info                  CSI    0000000c [SR] Verify complete
    2014-12-01 19:40:53, Info                  CSI    0000000d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:40:53, Info                  CSI    0000000e [SR] Beginning Verify and Repair transaction
    2014-12-01 19:40:55, Info                  CSI    00000010 [SR] Verify complete
    2014-12-01 19:40:55, Info                  CSI    00000011 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:40:55, Info                  CSI    00000012 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:40:57, Info                  CSI    00000014 [SR] Verify complete
    2014-12-01 19:40:57, Info                  CSI    00000015 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:40:57, Info                  CSI    00000016 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:40:59, Info                  CSI    00000018 [SR] Verify complete
    2014-12-01 19:40:59, Info                  CSI    00000019 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:40:59, Info                  CSI    0000001a [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:01, Info                  CSI    0000001c [SR] Verify complete
    2014-12-01 19:41:01, Info                  CSI    0000001d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:01, Info                  CSI    0000001e [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:03, Info                  CSI    00000020 [SR] Verify complete
    2014-12-01 19:41:03, Info                  CSI    00000021 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:03, Info                  CSI    00000022 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:05, Info                  CSI    00000024 [SR] Verify complete
    2014-12-01 19:41:05, Info                  CSI    00000025 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:05, Info                  CSI    00000026 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:07, Info                  CSI    00000028 [SR] Verify complete
    2014-12-01 19:41:08, Info                  CSI    00000029 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:08, Info                  CSI    0000002a [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:10, Info                  CSI    0000002c [SR] Verify complete
    2014-12-01 19:41:10, Info                  CSI    0000002d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:10, Info                  CSI    0000002e [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:12, Info                  CSI    00000030 [SR] Verify complete
    2014-12-01 19:41:12, Info                  CSI    00000031 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:12, Info                  CSI    00000032 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:14, Info                  CSI    00000034 [SR] Verify complete
    2014-12-01 19:41:14, Info                  CSI    00000035 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:14, Info                  CSI    00000036 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:16, Info                  CSI    00000038 [SR] Verify complete
    2014-12-01 19:41:16, Info                  CSI    00000039 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:16, Info                  CSI    0000003a [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:18, Info                  CSI    0000003c [SR] Verify complete
    2014-12-01 19:41:18, Info                  CSI    0000003d [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:18, Info                  CSI    0000003e [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:20, Info                  CSI    00000040 [SR] Verify complete
    2014-12-01 19:41:20, Info                  CSI    00000041 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:20, Info                  CSI    00000042 [SR] Beginning Verify and Repair transaction
    2014-12-01 19:41:21, Info                  CSI    00000044 [SR] Verify complete
    2014-12-01 19:41:21, Info                  CSI    00000045 [SR] Verifying 100 (0x0000000000000064) components
    2014-12-01 19:41:21, Info                  CSI    00000046 [SR] Beginning Verify and Repair transaction
    
    
    

    VEW (System)

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 01/12/2014 7:48:58 PM
    
    Note: All dates below are in the format dd/mm/yyyy
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 02/12/2014 12:36:27 AM
    Type: Error Category: 0
    Event: 7026 Source: Service Control Manager
    The following boot-start or system-start driver(s) failed to load:  BHDrvx64 ccSet_N360 SymIRON
    
    Log: 'System' Date/Time: 02/12/2014 12:36:19 AM
    Type: Error Category: 0
    Event: 7023 Source: Service Control Manager
    The Power service terminated with the following error:  The WMI request could not be completed and should be retried.
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'System' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'System' Date/Time: 02/12/2014 12:36:00 AM
    Type: Warning Category: 0
    Event: 4 Source: k57nd60a
    Broadcom NetLink (TM) Gigabit Ethernet: The network link is down.  Check to make sure the network cable is properly connected.
    
    Log: 'System' Date/Time: 02/12/2014 12:35:28 AM
    Type: Warning Category: 0
    Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
    WLAN AutoConfig service has successfully stopped.
    
    
    

    VEW (Application)

    Vino's Event Viewer v01c run on Windows 2008 in English
    Report run at 01/12/2014 7:51:18 PM
    
    Note: All dates below are in the format dd/mm/yyyy
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Critical Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Error Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 02/12/2014 12:36:28 AM
    Type: Error Category: 0
    Event: 10 Source: Microsoft-Windows-WMI
    Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    'Application' Log - Warning Type
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Log: 'Application' Date/Time: 02/12/2014 12:46:30 AM
    Type: Warning Category: 1
    Event: 100 Source: CVHSVC
    Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...
    
    Log: 'Application' Date/Time: 02/12/2014 12:46:30 AM
    Type: Warning Category: 1
    Event: 100 Source: CVHSVC
    Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.
    
    Log: 'Application' Date/Time: 02/12/2014 12:36:27 AM
    Type: Warning Category: 6
    Event: 3057 Source: Application Virtualization Client
    {tid=7EC}
    The Application Virtualization Client Core initialized correctly.  Installed Product:  Version: 4.6.2.22610 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: OWNER-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:
    
    Log: 'Application' Date/Time: 02/12/2014 12:36:23 AM
    Type: Warning Category: 3
    Event: 3191 Source: Application Virtualization Client
    {tid=7EC}
    -------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
    
    
    

    • 0

    #4
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    ADW just wants you to click on the CLEAN button.  There is an option to uncheck stuff you might want to keep but we don't need to do that since we don't want to keep anythign it finds.

     

    FRST says you have a Microsoft file (rpcss.dll) that has been replaced with a bogus file.  Probably the source of your audio ads and why SFC failed.  

     

    Let's try Combofix.  It's pretty good about automatically fixing that sort of thing.

     

    ComboFix
     
    :!: It must be saved to your desktop, do not run it from your browser:!:
     
    :!: Disable your Antivirus software when downloading or running Combofix. 
     
    :!: Turn off your screen saver so you can see what is going on
     
    Download and Save this file --  to your Desktop -- from either of these two sources:
     
    Rightclick on ComboFix and select Run As Administrator to start the program.  
     
     
     
        * :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
        
        
        * A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.  
     
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
    You should get a log when it finishes.  If not this may mean you have the new version of Zero Access malware so run Combofix a second time.
    If you still don't get a log search for Combofix.txt.  It is usually at => C:\Combofix\Combofix.txt. I'll need to see that in your reply.
    If you get an error about a registry value when you try to run a program, then just reboot to clear it.
     
    Then we can have OTL check to make sure the files were fixed:
     
     
    Copy the text in the code box:
     
     
     
    /md5start
    rpcss.dll
    /md5stop
    
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
    You should get two logs.  Please copy and paste both of them.

    • 0

    #5
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts

    I tried to uninstall Norton so that Combofix would run properly, but it didn't respond when I clicked it from the uninstall list from the control panels. I downloaded a Norton uninstaller from their website, and it claims it was uninstalled successful, but Combofix still advised that it was running in the background. Anyways, moving on. Here are the logs

     

    Comobofix

    ComboFix 14-12-02.01 - Owner 12/02/2014  19:43:12.1.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2970 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-11-03 to 2014-12-03  )))))))))))))))))))))))))))))))
    .
    .
    2014-12-03 00:47 . 2014-12-03 00:47	--------	d-----w-	c:\users\LogMeInRemoteUser\AppData\Local\temp
    2014-12-03 00:47 . 2014-12-03 00:47	--------	d-----w-	c:\users\Default\AppData\Local\temp
    2014-12-02 00:32 . 2014-12-02 00:33	--------	d-----w-	C:\FRST
    2014-12-02 00:25 . 2014-12-02 00:25	--------	d-----w-	c:\windows\ERUNT
    2014-12-02 00:15 . 2014-12-02 00:19	--------	d-----w-	C:\AdwCleaner
    2014-12-02 00:08 . 2014-12-02 00:08	--------	d-----w-	C:\_OTL
    2014-11-29 00:06 . 2014-11-29 00:06	--------	d-----w-	c:\program files (x86)\TeamViewer
    2014-11-28 03:22 . 2014-11-28 03:22	--------	d-----w-	c:\program files\CCleaner
    2014-11-24 02:32 . 2014-11-24 02:32	--------	d-----w-	c:\users\Owner\AppData\Roaming\AVAST Software
    2014-11-23 22:28 . 2014-11-23 22:28	--------	d-----w-	c:\program files\AVAST Software
    2014-11-23 22:27 . 2014-11-23 22:28	--------	d-----w-	c:\programdata\AVAST Software
    2014-11-22 22:05 . 2014-11-24 04:40	--------	d-----w-	c:\programdata\VibiKavi
    2014-11-22 22:05 . 2014-11-24 04:33	--------	d-----w-	c:\programdata\VodelOzbuf
    2014-11-21 00:20 . 2014-11-28 02:57	--------	d--h--w-	c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-03 00:28 . 2014-06-06 14:50	163504	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    [-] 2010-11-21 . 253BD9E1405D244D3483A6B4A6D2B696 . 532480 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-28 08:52	1087304	----a-w-	c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 03:29]
    .
    2014-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 03:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files (x86)\Coupons\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-12-02  19:49:01
    ComboFix-quarantined-files.txt  2014-12-03 00:49
    .
    Pre-Run: 162,823,991,296 bytes free
    Post-Run: 162,681,102,336 bytes free
    .
    - - End Of File - - 7C5B590D12593A06131C194F9A120429
    A36C5E4F47E84449FF07ED3517B43A31
    
    

    OTL

    OTL logfile created on: 12/2/2014 11:20:59 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 78.99% Memory free
    7.93 Gb Paging File | 6.59 Gb Available in Paging File | 83.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.90 Gb Total Space | 151.58 Gb Free Space | 52.83% Space Free | Partition Type: NTFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2014/11/15 02:06:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
     
     
    [color=#E56717]========== Modules (No Company Name) ==========[/color]
     
    MOD - [2014/11/15 02:06:38 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
     
     
    [color=#E56717]========== Services (SafeList) ==========[/color]
     
    SRV:[b]64bit:[/b] - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2014/11/15 02:06:38 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:[b]64bit:[/b] - [2009/11/06 15:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:[b]64bit:[/b] - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {C97AE766-4933-4AA7-AE3D-1E4200DF20C6}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{C97AE766-4933-4AA7-AE3D-1E4200DF20C6}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{DFC25293-F318-46A2-92BE-3FC664D84FE3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    [color=#E56717]========== FireFox ==========[/color]
     
    FF - prefs.js..browser.search.order.3: "Bing "
    FF - prefs.js..browser.startup.homepage: "yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
    FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
    FF - user.js - File not found
     
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
     
    [2012/02/17 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2014/11/23 23:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions
    [2012/04/24 18:00:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/06/13 20:02:59 | 001,999,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/07/17 18:00:13 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
    [2014/11/14 09:45:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/11/30 19:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/11/19 23:24:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    [color=#E56717]========== Chrome  ==========[/color]
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url = 
    CHR - default_search_provider: suggest_url = 
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Catalina Savings Printer (Enabled) = C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B15C00-BCB8-4AAD-AF7E-C50C43273F51}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FF79A6-ABEA-48E0-B5E6-B9F27F7BDF11}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
    O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
     
    [2014/12/02 19:49:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/12/02 19:49:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/12/02 19:41:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/12/02 19:41:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/12/02 19:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/12/02 19:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/12/02 19:14:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/12/02 19:13:09 | 005,600,127 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:32:01 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/12/01 19:31:24 | 002,117,120 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:25:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/12/01 19:20:36 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:15:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/12/01 19:08:51 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/11/30 18:44:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2014/11/27 22:34:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/27 22:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/11/27 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/11/27 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics
    [2014/11/27 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\docs
    [2014/11/27 14:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\downloads
    [2014/11/27 14:03:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\owner folder
    [2014/11/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
    [2014/11/23 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/11/23 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/11/22 17:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VibiKavi
    [2014/11/22 17:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VodelOzbuf
    [2014/11/20 19:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2014/11/20 19:20:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    [2014/11/15 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/03/26 21:45:33 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
     
    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
     
    [2014/12/02 23:19:19 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/02 23:19:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/12/02 21:38:40 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\leiu.hss
    [2014/12/02 21:38:26 | 000,121,745 | ---- | M] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:45:50 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/12/02 19:45:50 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/12/02 19:45:47 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/12/02 19:45:47 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/12/02 19:45:47 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/12/02 19:38:39 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/02 19:38:29 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/02 19:22:06 | 000,896,048 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/02 19:13:09 | 005,600,127 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:47:55 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:31:26 | 002,117,120 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:20:41 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:13:15 | 002,154,496 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/12/01 19:10:32 | 000,270,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/12/01 02:01:54 | 000,000,136 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2014/11/30 19:12:22 | 000,065,156 | ---- | M] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:52 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:01 | 000,003,534 | ---- | M] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/27 22:33:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/16 13:20:47 | 000,141,372 | ---- | M] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
     
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2014/12/02 21:38:25 | 000,121,745 | ---- | C] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:41:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/12/02 19:41:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/12/02 19:41:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/12/02 19:41:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/12/02 19:41:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/12/02 19:22:05 | 000,896,048 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/01 19:47:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:13:13 | 002,154,496 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/11/30 19:12:21 | 000,065,156 | ---- | C] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/28 19:06:52 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    [2014/11/28 19:06:52 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:00 | 000,003,534 | ---- | C] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/16 13:19:53 | 000,141,372 | ---- | C] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
    [2013/12/19 09:37:24 | 000,000,136 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2013/08/11 22:32:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/08/11 22:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/03/26 21:44:55 | 000,893,239 | ---- | C] () -- C:\Users\Owner\AppData\Local\a.zip
    [2013/03/18 20:00:20 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2013/03/18 19:59:50 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    [2013/03/16 20:55:48 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
     
    [color=#E56717]========== ZeroAccess Check ==========[/color]
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    [color=#E56717]========== Custom Scans ==========[/color]
     
    [color=#A23BEC]< MD5 for: RPCSS.DLL  >[/color]
    [2010/11/20 22:24:01 | 000,532,480 | ---- | M] (Microsoft Corporation) MD5=253BD9E1405D244D3483A6B4A6D2B696 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
    
    < End of report >
    
    

    Extras

    OTL Extras logfile created on: 12/2/2014 11:20:59 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 3.13 Gb Available Physical Memory | 78.99% Memory free
    7.93 Gb Paging File | 6.59 Gb Available in Paging File | 83.11% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.90 Gb Total Space | 151.58 Gb Free Space | 52.83% Space Free | Partition Type: NTFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Extra Registry (All) ==========[/color]
     
     
    [color=#E56717]========== File Associations ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    [color=#E56717]========== Shell Spawning ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    [color=#E56717]========== Security Center Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    [color=#E56717]========== System Restore Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [color=#E56717]========== Firewall Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [color=#E56717]========== Authorized Applications List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1A90DBCC-179C-4F19-96CC-F8F1DF86E0CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{1D1DAFCF-AEE7-48F8-89D7-FAE56FB21D62}" = rport=138 | protocol=17 | dir=out | app=system | 
    "{1DADFCBA-D1CC-4284-A756-F052B3891F3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{2D7D328F-3662-4756-9ACF-F0DD19EE239B}" = lport=138 | protocol=17 | dir=in | app=system | 
    "{4A7C6B29-0149-4937-B9D9-0F654EE5657A}" = rport=137 | protocol=17 | dir=out | app=system | 
    "{76B297B2-ABB8-4BD7-8F86-1921EE72CE46}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
    "{8D8A19BB-0233-4C79-926E-6401B73A6BD3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
    "{A3231013-9817-4E73-812B-66F9DE7BE6D9}" = rport=445 | protocol=6 | dir=out | app=system | 
    "{AF55AD47-49EC-44EE-BCE0-B29D1CDFA7BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{B88D0ED0-1BFF-48DB-9E28-F64F60AD27AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
    "{C0A07616-DB84-4933-8737-0B3D1A9F789C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
    "{CC11AD40-AC1D-48BB-BCE3-DE3253120FF7}" = lport=139 | protocol=6 | dir=in | app=system | 
    "{DA3C4321-206C-40E1-9D39-19FF6C1F28CB}" = lport=137 | protocol=17 | dir=in | app=system | 
    "{E42D1FFB-3433-4F9E-AB15-DE69ECD01859}" = lport=445 | protocol=6 | dir=in | app=system | 
    "{E93BF121-A7F7-49AE-B362-12D3CD936BF3}" = rport=139 | protocol=6 | dir=out | app=system | 
     
    [color=#E56717]========== Vista Active Application Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1202C6A7-0FBA-4319-AD23-7486D4BAAD2B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
    "{1EFA4420-B210-4C0D-B8BC-1E0E2EE16092}" = protocol=58 | dir=out | [email protected],-28546 | 
    "{2373D9A0-D849-4FDF-AE24-803B9BB275DC}" = protocol=58 | dir=in | [email protected],-28545 | 
    "{40AE59B7-121A-4A18-A222-CC862063F017}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe | 
    "{47164D0C-9577-4546-AE29-FF2181806E19}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
    "{47EA3998-462A-4E4F-A55D-75082AB4E462}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe | 
    "{4990AA5D-878D-4B5A-8800-53E519294A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
    "{5C2BB5E2-8F4F-4CB4-8C16-170E2AADB935}" = dir=in | app=%programfiles% (x86)\final draft 8\final draft.exe | 
    "{5CEA00FD-6A55-4360-A674-61115E2DB703}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse614.tmp\symnrt.exe | 
    "{7C976A5D-63C7-4132-8FD9-5A2B6830BBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
    "{7CD6A349-4C56-40B2-B1C6-73D98A4CFA67}" = protocol=1 | dir=in | [email protected],-28543 | 
    "{9E18D99B-D3E4-41A4-8405-11F6E8C56245}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse614.tmp\symnrt.exe | 
    "{DF75B4C2-4041-4B71-914A-0C8F6F00D827}" = protocol=1 | dir=out | [email protected],-28544 | 
    "{F27F32B2-7336-412E-B298-22916A6B3ED1}" = dir=out | app=%programfiles% (x86)\final draft 8\final draft.exe | 
    "TCP Query User{F3212AED-5065-47F4-AE7A-CDC3EA533281}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
    "UDP Query User{7999FEAE-2231-4BAA-822B-BE2B0CC3E7CC}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe | 
     
    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
    "CCleaner" = CCleaner
    "WinRAR archiver" = WinRAR 5.00 (64-bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
    "{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
    "{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
    "{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}" = [email protected]
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
    "Google Chrome" = Google Chrome
    "mIRC" = mIRC
    "Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "TeamViewer 9" = TeamViewer 9
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.6
     
    [color=#E56717]========== Last 20 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error - 12/1/2014 8:36:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description = 
     
    Error - 12/2/2014 8:38:51 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description = 
     
    [ System Events ]
    Error - 12/2/2014 4:02:13 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
     with error 0x80070216: Security Update for Microsoft .NET Framework 3.5.1 on Windows
     7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2943357).
     
    Error - 12/2/2014 4:05:22 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
     with error 0x80070216: Security Update for Microsoft .NET Framework 3.5.1 on Windows
     7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2937610).
     
    Error - 12/2/2014 10:47:33 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the ShellHWDetection service.
     
    Error - 12/2/2014 1:12:59 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the N360 service.
     
    Error - 12/2/2014 8:27:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7031
    Description = The Norton 360 service terminated unexpectedly.  It has done this 
    1 time(s).  The following corrective action will be taken in 120000 milliseconds:
     Restart the service.
     
    Error - 12/2/2014 8:38:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error:   %%4203
     
    Error - 12/2/2014 8:46:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service.  However,
     the system is configured to not allow interactive services.  This service may not
     function properly.
     
    Error - 12/2/2014 8:47:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service.  However,
     the system is configured to not allow interactive services.  This service may not
     function properly.
     
    Error - 12/2/2014 10:32:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the ShellHWDetection service.
     
    Error - 12/2/2014 10:32:22 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description = 
     
     
    < End of report >
    
    

    • 0

    #6
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP
    Both OTL and Combofix agree that the file is bad but both say there is a spare we can use:
     
    Copy the text in the code box by highlighting and Ctrl + c 
     
     
     
    :files
    c:\windows\system32\rpcss.dll|C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll /replace
     
    :Commands
    [EMPTYFLASH]
    [EMPTYJAVA]
    [purity]
    [Reboot]
     
    
     
    then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
    Let the program run unhindered, OTL will reboot the PC when it is done.  Then rerun the OTL scan we did before == the one with:
     
    Copy the text in the code box:
     
     
     

    /md5start
    rpcss
    .dll
    /md5stop
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     
     

    • 0

    #7
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts

    Alright, here are both logs that generated:

     

    OTL Run Fix

    ========== FILES ==========
    Unable to replace file: c:\windows\system32\rpcss.dll with C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll without a reboot.
    ========== COMMANDS ==========
     
    [EMPTYFLASH]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: LogMeInRemoteUser
     
    User: Owner
    ->Flash cache emptied: 2317 bytes
     
    User: Public
     
    Total Flash Files Cleaned = 0.00 mb
     
     
    [EMPTYJAVA]
     
    User: All Users
     
    User: Default
     
    User: Default User
     
    User: LogMeInRemoteUser
     
    User: Owner
    ->Java cache emptied: 0 bytes
     
    User: Public
     
    Total Java Files Cleaned = 0.00 mb
     
     
    OTL by OldTimer - Version 3.2.69.0 log created on 12032014_112738
    
    Files\Folders moved on Reboot...
    
    PendingFileRenameOperations files...
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) c:\windows\system32\rpcss.dll : MD5=5C627D1B1138676C0A7AB2C2C190D123
    
    Registry entries deleted on Reboot...
    
    
    

    OTL Run Scan

    OTL logfile created on: 12/3/2014 11:33:59 AM - Run 3
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.65% Memory free
    7.93 Gb Paging File | 6.73 Gb Available in Paging File | 84.87% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.90 Gb Total Space | 143.13 Gb Free Space | 49.89% Space Free | Partition Type: NTFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2014/11/15 02:06:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/09/23 19:43:40 | 000,040,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
    PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
     
     
    [color=#E56717]========== Modules (No Company Name) ==========[/color]
     
    MOD - [2014/11/15 02:06:38 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
     
     
    [color=#E56717]========== Services (SafeList) ==========[/color]
     
    SRV:[b]64bit:[/b] - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2014/11/15 02:06:38 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:[b]64bit:[/b] - [2009/11/06 15:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:[b]64bit:[/b] - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {C97AE766-4933-4AA7-AE3D-1E4200DF20C6}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{C97AE766-4933-4AA7-AE3D-1E4200DF20C6}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{DFC25293-F318-46A2-92BE-3FC664D84FE3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    [color=#E56717]========== FireFox ==========[/color]
     
    FF - prefs.js..browser.search.order.3: "Bing "
    FF - prefs.js..browser.startup.homepage: "yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
    FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
    FF - user.js - File not found
     
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
     
    [2012/02/17 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2014/11/23 23:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions
    [2012/04/24 18:00:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/06/13 20:02:59 | 001,999,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/07/17 18:00:13 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
    [2014/11/14 09:45:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/11/30 19:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/11/19 23:24:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    [color=#E56717]========== Chrome  ==========[/color]
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Catalina Savings Printer (Enabled) = C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B15C00-BCB8-4AAD-AF7E-C50C43273F51}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FF79A6-ABEA-48E0-B5E6-B9F27F7BDF11}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
    O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
     
    [2014/12/02 19:49:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/12/02 19:49:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/12/02 19:41:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/12/02 19:41:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/12/02 19:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/12/02 19:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/12/02 19:14:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/12/02 19:13:09 | 005,600,127 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:32:01 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/12/01 19:31:24 | 002,117,120 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:25:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/12/01 19:20:36 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:15:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/12/01 19:08:51 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/11/30 18:44:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2014/11/27 22:34:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/27 22:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/11/27 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/11/27 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics
    [2014/11/27 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\docs
    [2014/11/27 14:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\downloads
    [2014/11/27 14:03:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\owner folder
    [2014/11/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
    [2014/11/23 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/11/23 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/11/22 17:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VibiKavi
    [2014/11/22 17:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VodelOzbuf
    [2014/11/20 19:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2014/11/20 19:20:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    [2014/11/15 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/03/26 21:45:33 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
     
    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
     
    [2014/12/03 11:33:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/03 11:32:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/12/03 11:32:44 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/03 11:26:21 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/03 10:15:34 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\leiu.hss
    [2014/12/02 21:38:26 | 000,121,745 | ---- | M] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:45:50 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/12/02 19:45:50 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/12/02 19:45:47 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/12/02 19:45:47 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/12/02 19:45:47 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/12/02 19:22:06 | 000,896,048 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/02 19:13:09 | 005,600,127 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:47:55 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:31:26 | 002,117,120 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:20:41 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:13:15 | 002,154,496 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/12/01 19:10:32 | 000,270,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/12/01 02:01:54 | 000,000,136 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2014/11/30 19:12:22 | 000,065,156 | ---- | M] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:52 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:01 | 000,003,534 | ---- | M] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/27 22:33:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/16 13:20:47 | 000,141,372 | ---- | M] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
     
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2014/12/02 21:38:25 | 000,121,745 | ---- | C] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:41:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/12/02 19:41:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/12/02 19:41:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/12/02 19:41:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/12/02 19:41:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/12/02 19:22:05 | 000,896,048 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/01 19:47:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:13:13 | 002,154,496 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/11/30 19:12:21 | 000,065,156 | ---- | C] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/28 19:06:52 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    [2014/11/28 19:06:52 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:00 | 000,003,534 | ---- | C] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/16 13:19:53 | 000,141,372 | ---- | C] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
    [2013/12/19 09:37:24 | 000,000,136 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2013/08/11 22:32:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/08/11 22:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/03/26 21:44:55 | 000,893,239 | ---- | C] () -- C:\Users\Owner\AppData\Local\a.zip
    [2013/03/18 20:00:20 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2013/03/18 19:59:50 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    [2013/03/16 20:55:48 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
     
    [color=#E56717]========== ZeroAccess Check ==========[/color]
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    [color=#E56717]========== Custom Scans ==========[/color]
     
    [color=#A23BEC]< MD5 for: RPCSS.DLL  >[/color]
    [2010/11/20 22:24:01 | 000,532,480 | ---- | M] (Microsoft Corporation) MD5=253BD9E1405D244D3483A6B4A6D2B696 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysWOW64\rpcss.dll
    
    < End of report >
    
    
    

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    OK that didn't work.  Windows assumed we wanted a 32bit version of System32 instead of the real system32 so it went to syswow64.   I'm going to upload a fresh copy from my PC.  Download it and right click and Extract All and save it to C:\  Then copy the following:

     

     
     

    :files
    C:\Windows\SysNative\rpcss.dll c:\rpcss.dll /replace
     
    :Commands
    [EMPTYFLASH]
    [EMPTYJAVA]
    [purity]
    [Reboot]
     
     
    then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text.  Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
    Let the program run unhindered, OTL will reboot the PC when it is done.    Then  rerun the OTL scan we did before == the one with:
     
    Copy the text in the code box:
     
     
     
    /md5start
    rpcss.dll
    /md5stop
     
    Run OTL (Vista or Win 7 => right click and Run As Administrator)
     
    Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
     
    Select the All option in the Extra Registry group then Run Scan.
     

     


    • 0

    #9
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts

    Thanks for all your help with this. Here are the scans

     

    OTL

    OTL logfile created on: 12/3/2014 6:34:01 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.60% Memory free
    7.93 Gb Paging File | 6.73 Gb Available in Paging File | 84.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.90 Gb Total Space | 141.35 Gb Free Space | 49.27% Space Free | Partition Type: NTFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Processes (SafeList) ==========[/color]
     
    PRC - [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    PRC - [2014/11/15 02:06:38 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2014/09/12 13:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    PRC - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    PRC - [2014/09/12 13:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
    PRC - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    PRC - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
     
     
    [color=#E56717]========== Modules (No Company Name) ==========[/color]
     
    MOD - [2014/11/15 02:06:38 | 003,649,648 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2009/08/21 15:44:52 | 002,281,488 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe
    MOD - [2009/04/06 15:27:32 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllMultiLanguage.dll
    MOD - [2009/04/06 15:27:26 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllPublicFunc.dll
    MOD - [2009/01/05 20:12:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\dllCommonCtrl.dll
    MOD - [2007/12/06 10:24:26 | 001,167,360 | ---- | M] () -- C:\Program Files (x86)\Medialink\MWN-USB150N\acAuth.dll
     
     
    [color=#E56717]========== Services (SafeList) ==========[/color]
     
    SRV:[b]64bit:[/b] - [2014/05/30 04:21:05 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
    SRV:[b]64bit:[/b] - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:[b]64bit:[/b] - [2009/03/31 14:01:34 | 000,092,160 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2014/11/15 02:06:38 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2014/09/12 13:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
    SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2013/06/26 18:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2013/06/26 18:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2013/05/11 05:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/01/25 07:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
     
     
    [color=#E56717]========== Driver Services (SafeList) ==========[/color]
     
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:[b]64bit:[/b] - [2013/06/26 18:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:[b]64bit:[/b] - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:[b]64bit:[/b] - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:[b]64bit:[/b] - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:[b]64bit:[/b] - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:[b]64bit:[/b] - [2010/09/30 14:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:[b]64bit:[/b] - [2009/11/06 15:52:52 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:[b]64bit:[/b] - [2009/09/15 04:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:[b]64bit:[/b] - [2009/08/06 04:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:[b]64bit:[/b] - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:[b]64bit:[/b] - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:[b]64bit:[/b] - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:[b]64bit:[/b] - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:[b]64bit:[/b] - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
     
     
    [color=#E56717]========== Standard Registry (SafeList) ==========[/color]
     
     
    [color=#E56717]========== Internet Explorer ==========[/color]
     
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
     
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {C97AE766-4933-4AA7-AE3D-1E4200DF20C6}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
    IE - HKCU\..\SearchScopes\{C97AE766-4933-4AA7-AE3D-1E4200DF20C6}: "URL" = http://www.bing.com/search?FORM=UP22DF&PC=UP22&dt=112612&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{DFC25293-F318-46A2-92BE-3FC664D84FE3}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
    [color=#E56717]========== FireFox ==========[/color]
     
    FF - prefs.js..browser.search.order.3: "Bing "
    FF - prefs.js..browser.startup.homepage: "yahoo.com/"
    FF - prefs.js..extensions.enabledAddons: quickdrag%40mozilla.ktechcomputing.com:2.1.3.23
    FF - prefs.js..extensions.enabledAddons: %7B99B98C2C-7274-45a3-A640-D9DF1A1C8460%7D:1.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:33.1.1
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q="
    FF - user.js - File not found
     
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\CouponNetwork.com/CMDUniversalCouponPrintActivator: C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL (Catalina Marketing Corporation)
     
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014/11/19 23:23:56 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 33.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/11/28 01:15:59 | 000,000,000 | ---D | M]
     
    [2012/02/17 18:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
    [2014/11/23 23:35:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions
    [2012/04/24 18:00:54 | 000,032,381 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/06/13 20:02:59 | 001,999,100 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\[email protected]
    [2014/07/17 18:00:13 | 000,030,926 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi
    [2014/11/14 09:45:14 | 000,979,699 | ---- | M] () (No name found) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    [2014/11/30 19:24:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2014/11/19 23:24:03 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
     
    [color=#E56717]========== Chrome  ==========[/color]
     
    CHR - default_search_provider:  (Enabled)
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Catalina Savings Printer (Enabled) = C:\Users\Owner\AppData\Roaming\CATALI~1\NPBCSK~1.DLL
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd\14.1113.0.4_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
    CHR - Extension: No name found = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
     
    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:[b]64bit:[/b] - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
    O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
    O4 - HKCU..\Run: [Medialink Utilty] C:\Program Files (x86)\Medialink\MWN-USB150N\UI.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{22B15C00-BCB8-4AAD-AF7E-C50C43273F51}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64FF79A6-ABEA-48E0-B5E6-B9F27F7BDF11}: DhcpNameServer = 75.75.76.76 75.75.75.75
    O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
    O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
    [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
     
    [2014/12/03 18:27:35 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\rpcss.dll
    [2014/12/03 18:27:35 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\rpcss
    [2014/12/02 19:49:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2014/12/02 19:49:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2014/12/02 19:41:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2014/12/02 19:41:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2014/12/02 19:41:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2014/12/02 19:14:27 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2014/12/02 19:14:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2014/12/02 19:13:09 | 005,600,127 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:32:01 | 000,000,000 | ---D | C] -- C:\FRST
    [2014/12/01 19:31:24 | 002,117,120 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:25:32 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2014/12/01 19:20:36 | 001,707,646 | ---- | C] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:15:32 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2014/12/01 19:08:51 | 000,000,000 | ---D | C] -- C:\_OTL
    [2014/11/30 18:44:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2014/11/27 22:34:27 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/27 22:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2014/11/27 22:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2014/11/27 14:21:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\pics
    [2014/11/27 14:20:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\docs
    [2014/11/27 14:04:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\downloads
    [2014/11/27 14:03:52 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\owner folder
    [2014/11/23 21:32:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\AVAST Software
    [2014/11/23 17:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2014/11/23 17:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2014/11/22 17:05:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VibiKavi
    [2014/11/22 17:05:50 | 000,000,000 | ---D | C] -- C:\ProgramData\VodelOzbuf
    [2014/11/20 19:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2014/11/20 19:20:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    [2014/11/15 02:06:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/03/26 21:45:33 | 002,162,416 | ---- | C] (Catalina Marketing Corp) -- C:\Users\Owner\AppData\Local\BcsKtYcHW.dll
     
    [color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
     
    [2014/12/03 18:31:41 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2014/12/03 18:31:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2014/12/03 18:31:17 | 3193,544,704 | -HS- | M] () -- C:\hiberfil.sys
    [2014/12/03 17:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2014/12/03 17:37:59 | 000,000,075 | ---- | M] () -- C:\Windows\SysNative\leiu.hss
    [2014/12/03 11:40:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2014/12/03 11:40:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2014/12/03 11:39:03 | 000,783,400 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2014/12/03 11:39:03 | 000,662,852 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2014/12/03 11:39:03 | 000,122,462 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2014/12/02 21:38:26 | 000,121,745 | ---- | M] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:22:06 | 000,896,048 | ---- | M] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/02 19:13:09 | 005,600,127 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\ComboFix.exe
    [2014/12/01 19:47:55 | 000,061,440 | ---- | M] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:31:26 | 002,117,120 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FRST64.exe
    [2014/12/01 19:20:41 | 001,707,646 | ---- | M] (Thisisu) -- C:\Users\Owner\Desktop\JRT.exe
    [2014/12/01 19:13:15 | 002,154,496 | ---- | M] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/12/01 19:10:32 | 000,270,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2014/12/01 02:01:54 | 000,000,136 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2014/11/30 19:12:22 | 000,065,156 | ---- | M] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/30 18:44:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe
    [2014/11/28 19:06:52 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:01 | 000,003,534 | ---- | M] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/27 22:33:36 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Owner\Desktop\dds.com
    [2014/11/16 13:20:47 | 000,141,372 | ---- | M] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
     
    [color=#E56717]========== Files Created - No Company Name ==========[/color]
     
    [2014/12/02 21:38:25 | 000,121,745 | ---- | C] () -- C:\Users\Owner\Desktop\Baptism Cross.jpg
    [2014/12/02 19:41:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2014/12/02 19:41:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2014/12/02 19:41:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2014/12/02 19:41:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2014/12/02 19:41:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2014/12/02 19:22:05 | 000,896,048 | ---- | C] () -- C:\Users\Owner\Desktop\Norton_Removal_Tool.exe
    [2014/12/01 19:47:54 | 000,061,440 | ---- | C] ( ) -- C:\Users\Owner\Desktop\VEW.exe
    [2014/12/01 19:13:13 | 002,154,496 | ---- | C] () -- C:\Users\Owner\Desktop\AdwCleaner.exe
    [2014/11/30 19:12:21 | 000,065,156 | ---- | C] () -- C:\Users\Owner\Desktop\java.jpg
    [2014/11/28 19:06:52 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
    [2014/11/28 19:06:52 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
    [2014/11/27 22:42:00 | 000,003,534 | ---- | C] () -- C:\Users\Owner\Desktop\attach.zip
    [2014/11/16 13:19:53 | 000,141,372 | ---- | C] () -- C:\Users\Owner\Desktop\1743479_10152814327647310_4119134588709417621_n.jpg
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
    [2014/03/01 20:39:28 | 000,013,931 | ---- | C] () -- C:\Windows\SysWow64\drivers\RaCoInst.dat
    [2013/12/19 09:37:24 | 000,000,136 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\WB.CFG
    [2013/08/11 22:32:56 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
    [2013/08/11 22:32:53 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
    [2013/03/26 21:44:55 | 000,893,239 | ---- | C] () -- C:\Users\Owner\AppData\Local\a.zip
    [2013/03/18 20:00:20 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.119889580931711767808769176
    [2013/03/18 19:59:50 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.24554863501262644635642126105
    [2013/03/16 20:55:48 | 000,000,026 | -H-- | C] () -- C:\ProgramData\.811261211181235583101118113995
     
    [color=#E56717]========== ZeroAccess Check ==========[/color]
     
    [2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
     
    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
     
    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 21:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free
     
    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both
     
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
     
    [color=#E56717]========== Custom Scans ==========[/color]
     
    [color=#A23BEC]< MD5 for: RPCSS.DLL  >[/color]
    [2010/11/20 22:24:01 | 000,532,480 | ---- | M] (Microsoft Corporation) MD5=253BD9E1405D244D3483A6B4A6D2B696 -- C:\Windows\SysNative\rpcss.dll
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\rpcss.dll
    [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysWOW64\rpcss.dll
    
    < End of report >
    
    
    

    OTL Extras

    OTL Extras logfile created on: 12/3/2014 6:34:01 PM - Run 4
    OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Owner\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.11.9600.17126)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
     
    3.97 Gb Total Physical Memory | 2.84 Gb Available Physical Memory | 71.60% Memory free
    7.93 Gb Paging File | 6.73 Gb Available in Paging File | 84.86% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]
     
    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 286.90 Gb Total Space | 141.35 Gb Free Space | 49.27% Space Free | Partition Type: NTFS
     
    Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
     
    [color=#E56717]========== Extra Registry (All) ==========[/color]
     
     
    [color=#E56717]========== File Associations ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
     
    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found
     
    [color=#E56717]========== Shell Spawning ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
     
    [color=#E56717]========== Security Center Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
     
    [color=#E56717]========== System Restore Settings ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0
     
    [color=#E56717]========== Firewall Settings ==========[/color]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
     
    [color=#E56717]========== Authorized Applications List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
     
     
    [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1A90DBCC-179C-4F19-96CC-F8F1DF86E0CD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{1D1DAFCF-AEE7-48F8-89D7-FAE56FB21D62}" = rport=138 | protocol=17 | dir=out | app=system |
    "{1DADFCBA-D1CC-4284-A756-F052B3891F3D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2D7D328F-3662-4756-9ACF-F0DD19EE239B}" = lport=138 | protocol=17 | dir=in | app=system |
    "{4A7C6B29-0149-4937-B9D9-0F654EE5657A}" = rport=137 | protocol=17 | dir=out | app=system |
    "{76B297B2-ABB8-4BD7-8F86-1921EE72CE46}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
    "{8D8A19BB-0233-4C79-926E-6401B73A6BD3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{A3231013-9817-4E73-812B-66F9DE7BE6D9}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AF55AD47-49EC-44EE-BCE0-B29D1CDFA7BD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B88D0ED0-1BFF-48DB-9E28-F64F60AD27AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C0A07616-DB84-4933-8737-0B3D1A9F789C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
    "{CC11AD40-AC1D-48BB-BCE3-DE3253120FF7}" = lport=139 | protocol=6 | dir=in | app=system |
    "{DA3C4321-206C-40E1-9D39-19FF6C1F28CB}" = lport=137 | protocol=17 | dir=in | app=system |
    "{E42D1FFB-3433-4F9E-AB15-DE69ECD01859}" = lport=445 | protocol=6 | dir=in | app=system |
    "{E93BF121-A7F7-49AE-B362-12D3CD936BF3}" = rport=139 | protocol=6 | dir=out | app=system |
     
    [color=#E56717]========== Vista Active Application Exception List ==========[/color]
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1202C6A7-0FBA-4319-AD23-7486D4BAAD2B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
    "{19042F76-04B2-4A65-A29B-4819A139F3AC}" = protocol=58 | dir=in | app=system |
    "{1EFA4420-B210-4C0D-B8BC-1E0E2EE16092}" = protocol=58 | dir=out | [email protected],-28546 |
    "{2373D9A0-D849-4FDF-AE24-803B9BB275DC}" = protocol=58 | dir=in | [email protected],-28545 |
    "{2E19F665-43D9-4871-B964-C1217B3427BB}" = protocol=58 | dir=out | [email protected],-503 |
    "{40AE59B7-121A-4A18-A222-CC862063F017}" = protocol=17 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
    "{47164D0C-9577-4546-AE29-FF2181806E19}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
    "{47EA3998-462A-4E4F-A55D-75082AB4E462}" = protocol=6 | dir=in | app=c:\users\owner\appdata\roaming\utorrent\utorrent.exe |
    "{4990AA5D-878D-4B5A-8800-53E519294A9E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
    "{5C2BB5E2-8F4F-4CB4-8C16-170E2AADB935}" = dir=in | app=%programfiles% (x86)\final draft 8\final draft.exe |
    "{5CEA00FD-6A55-4360-A674-61115E2DB703}" = protocol=6 | dir=in | app=c:\users\owner\appdata\local\temp\7zse614.tmp\symnrt.exe |
    "{7C976A5D-63C7-4132-8FD9-5A2B6830BBE0}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
    "{7CD6A349-4C56-40B2-B1C6-73D98A4CFA67}" = protocol=1 | dir=in | [email protected],-28543 |
    "{9E18D99B-D3E4-41A4-8405-11F6E8C56245}" = protocol=17 | dir=in | app=c:\users\owner\appdata\local\temp\7zse614.tmp\symnrt.exe |
    "{DF75B4C2-4041-4B71-914A-0C8F6F00D827}" = protocol=1 | dir=out | [email protected],-28544 |
    "{F27F32B2-7336-412E-B298-22916A6B3ED1}" = dir=out | app=%programfiles% (x86)\final draft 8\final draft.exe |
    "TCP Query User{F3212AED-5065-47F4-AE7A-CDC3EA533281}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
    "UDP Query User{7999FEAE-2231-4BAA-822B-BE2B0CC3E7CC}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
     
    [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
     
    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
    "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
    "{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
    "{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}" = Broadcom Gigabit NetLink Controller
    "CCleaner" = CCleaner
    "WinRAR archiver" = WinRAR 5.00 (64-bit)
     
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
    "{34E93A7F-599F-4BBB-B2A1-4FCE77971AB9}" = Medialink MWN-USB150N
    "{37331C16-3E97-4A20-80D8-BFB43AB0E2FB}" = Catalina Savings Printer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{78D62D17-D970-42DA-B8CF-5E5576293B33}" = Final Draft 7
    "{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}" = Final Draft
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{CF594DB8-CFB0-45B4-86DA-8BB4AC0941F8}" = [email protected]
    "{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2270DW
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Coupon Printer for Windows5.0.0.4" = Coupon Printer for Windows
    "Google Chrome" = Google Chrome
    "mIRC" = mIRC
    "Mozilla Firefox 33.1 (x86 en-US)" = Mozilla Firefox 33.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator 3.0" = Canon MP Navigator 3.0
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "TeamViewer 9" = TeamViewer 9
    "uTorrent" = µTorrent
    "VLC media player" = VLC media player 2.0.6
     
    [color=#E56717]========== Last 20 Event Log Errors ==========[/color]
     
    [ Application Events ]
    Error - 12/1/2014 8:36:28 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =
     
    Error - 12/2/2014 8:38:51 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =
     
    Error - 12/3/2014 12:31:42 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =
     
    Error - 12/3/2014 12:33:06 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =
     
    Error - 12/3/2014 7:32:07 PM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
    Description =
     
    [ System Events ]
    Error - 12/2/2014 8:46:10 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service.  However,
     the system is configured to not allow interactive services.  This service may not
     function properly.
     
    Error - 12/2/2014 8:47:37 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service.  However,
     the system is configured to not allow interactive services.  This service may not
     function properly.
     
    Error - 12/2/2014 10:32:22 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the ShellHWDetection service.
     
    Error - 12/2/2014 10:32:22 PM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
    Description =
     
    Error - 12/3/2014 1:31:50 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the ShellHWDetection service.
     
    Error - 12/3/2014 4:01:51 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
     with error 0x80070216: Security Update for Microsoft .NET Framework 3.5.1 on Windows
     7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2943357).
     
    Error - 12/3/2014 4:04:43 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
     with error 0x80070216: Security Update for Microsoft .NET Framework 3.5.1 on Windows
     7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2937610).
     
    Error - 12/3/2014 10:42:08 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the ShellHWDetection service.
     
    Error - 12/3/2014 7:26:21 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
     response from the Netman service.
     
    Error - 12/3/2014 7:31:59 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7023
    Description = The Power service terminated with the following error:   %%4203
     
     
    < End of report >
    
    
    

    • 0

    #10
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    It didn't work.  Wonder if Combofix can do a better job?  

     

     
    Copy the text between the lines of stars by highlighting and Ctrl + c.
     
    ******************************************
     
    Killall::
     
    FCopy::
    c:\rpcss.dll | c:\windows\system32\rpcss.dll
     
     
     
    ******************************************
     
    Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.
     
    Pause your anti-virus.
     
    Drag CFScript.txt over to Combofix and let go Combofix should start on its own.
     
    Post the new log.
     
    Ron

    • 0

    Advertisements


    #11
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts
    ComboFix 14-12-02.01 - Owner 12/03/2014  22:24:34.2.2 - x64
    Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.3222 [GMT -5:00]
    Running from: c:\users\Owner\Desktop\ComboFix.exe
    Command switches used :: c:\users\Owner\Desktop\CFScript.txt
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    --------------- FCopy ---------------
    .
    c:\rpcss.dll --> c:\windows\system32\rpcss.dll
    .
    (((((((((((((((((((((((((   Files Created from 2014-11-04 to 2014-12-04  )))))))))))))))))))))))))))))))
    .
    .
    2014-12-04 03:27 . 2014-12-04 03:27    --------    d-----w-    c:\users\LogMeInRemoteUser\AppData\Local\temp
    2014-12-04 03:27 . 2014-12-04 03:27    --------    d-----w-    c:\users\Default\AppData\Local\temp
    2014-12-03 23:27 . 2010-11-21 03:24    512000    ------w-    C:\rpcss.dll
    2014-12-02 00:32 . 2014-12-02 00:33    --------    d-----w-    C:\FRST
    2014-12-02 00:25 . 2014-12-02 00:25    --------    d-----w-    c:\windows\ERUNT
    2014-12-02 00:15 . 2014-12-02 00:19    --------    d-----w-    C:\AdwCleaner
    2014-12-02 00:08 . 2014-12-02 00:08    --------    d-----w-    C:\_OTL
    2014-11-29 00:06 . 2014-11-29 00:06    --------    d-----w-    c:\program files (x86)\TeamViewer
    2014-11-28 03:22 . 2014-11-28 03:22    --------    d-----w-    c:\program files\CCleaner
    2014-11-24 02:32 . 2014-11-24 02:32    --------    d-----w-    c:\users\Owner\AppData\Roaming\AVAST Software
    2014-11-23 22:28 . 2014-11-23 22:28    --------    d-----w-    c:\program files\AVAST Software
    2014-11-23 22:27 . 2014-11-23 22:28    --------    d-----w-    c:\programdata\AVAST Software
    2014-11-22 22:05 . 2014-11-24 04:40    --------    d-----w-    c:\programdata\VibiKavi
    2014-11-22 22:05 . 2014-11-24 04:33    --------    d-----w-    c:\programdata\VodelOzbuf
    2014-11-21 00:20 . 2014-11-28 02:57    --------    d--h--w-    c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-03 15:19 . 2014-06-06 14:50    163504    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Medialink Utilty"="c:\program files (x86)\Medialink\MWN-USB150N\UI.exe" [2009-08-21 2281488]
    "CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-11-28 08:52    1087304    ----a-w-    c:\program files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 03:29]
    .
    2014-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-18 03:29]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-12 8114720]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://yahoo.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
    FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\j7fyufn3.default\
    FF - prefs.js: browser.startup.homepage - yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=U039DF&PC=U039&dt=071313&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Coupon Printer for Windows5.0.0.4 - c:\program files (x86)\Coupons\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
    c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
    .
    **************************************************************************
    .
    Completion time: 2014-12-03  22:31:25 - machine was rebooted
    ComboFix-quarantined-files.txt  2014-12-04 03:31
    ComboFix2.txt  2014-12-03 00:49
    .
    Pre-Run: 151,710,388,224 bytes free
    Post-Run: 151,635,582,976 bytes free
    .
    - - End Of File - - 0224AA29C99228DD8C2105680638863A
    A36C5E4F47E84449FF07ED3517B43A31
    
    

    Edited by chaldo, 03 December 2014 - 11:56 PM.

    • 0

    #12
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    I think it worked.  Combofix is not complaining about the file any more.  Will sfc run now?  

     

    Got to go to bed now.  It's after 1 AM


    • 0

    #13
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts

    Alright. I was able to run the scan successful. Here is a screenshot of the results:

     

    7Q9BVXd.png

     

     

     

    The CBS directory looks like this:

     

     

     

    y6EOAbh.png

     

     

     

    When I try to open the file, I get this:

     

     

     

    zOaEAAI.png


    • 0

    #14
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 20,031 posts
    • MVP

    Since SFC claims it was able to fix everything we don't need to look at the log.  

     

    Let's see if it is still running slow:

     

    Get Process Explorer
     
    Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
     
    View, Select Column, check Verified Signer, OK
    Options, Verify Image Signatures
     
     
    Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
     
    Wait a full minute then:
     
    File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
     
     
     
     
     
    What happens when you right click now?

    • 0

    #15
    chaldo

    chaldo

      Member

    • Topic Starter
    • Member
    • PipPip
    • 31 posts

    Still no option to create a new folder for some odd reason.

     

    cFsGFqx.png

     

     

    The text file saved as System Idle "Process.txt" I attached a log and took a screenshot since the log is kind of hard to read.

     

    surDUNL.png

     

     

     

     

     

    System Idle Process.txt

    Process	CPU	Private Bytes	Working Set	PID	Description	Company Name	Verified Signer
    System Idle Process	95.04	0 K	24 K	0			
    procexp64.exe	3.10	23,268 K	43,608 K	4380	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Sysinternals
    Interrupts	0.62	0 K	0 K	n/a	Hardware Interrupts and DPCs		
    csrss.exe	0.51	19,492 K	11,844 K	456	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows
    explorer.exe	0.30	32,500 K	36,932 K	1264	Windows Explorer	Microsoft Corporation	(Verified) Microsoft Windows
    System	0.18	420 K	496 K	4			
    firefox.exe	0.11	469,004 K	389,768 K	668	Firefox	Mozilla Corporation	(Verified) Mozilla Corporation
    svchost.exe	0.04	44,216 K	31,816 K	960	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    TeamViewer.exe	0.02	17,308 K	14,268 K	2416	TeamViewer 9	TeamViewer GmbH	(Verified) TeamViewer
    TeamViewer_Service.exe	0.01	6,960 K	7,600 K	1692	TeamViewer 9	TeamViewer GmbH	(Verified) TeamViewer
    audiodg.exe	0.01	32,220 K	32,528 K	4448	Windows Audio Device Graph Isolation 	Microsoft Corporation	(Verified) Microsoft Windows
    svchost.exe	0.01	16,660 K	10,348 K	312	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    CCleaner64.exe	0.01	9,036 K	1,456 K	2660	CCleaner	Piriform Ltd	(Verified) Piriform Ltd
    svchost.exe	0.01	143,116 K	133,196 K	896	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    taskhost.exe	< 0.01	12,588 K	7,832 K	1764	Host Process for Windows Tasks	Microsoft Corporation	(Verified) Microsoft Windows
    FlashPlayerPlugin_11_8_800_94.exe	< 0.01	4,816 K	10,672 K	4476	Adobe Flash Player 11.8 r800	Adobe Systems, Inc.	(Verified) Adobe Systems Incorporated
    svchost.exe	< 0.01	10,476 K	11,412 K	936	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    tv_w32.exe	< 0.01	1,448 K	776 K	2644	TeamViewer 9	TeamViewer GmbH	(Verified) TeamViewer
    svchost.exe	< 0.01	5,872 K	5,808 K	3668	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    tv_x64.exe	< 0.01	1,724 K	708 K	2624	TeamViewer 9	TeamViewer GmbH	(Verified) TeamViewer
    wuauclt.exe		2,004 K	1,456 K	2764	Windows Update	Microsoft Corporation	(Verified) Microsoft Windows
    wmpnetwk.exe		7,020 K	7,356 K	3576	Windows Media Player Network Sharing Service	Microsoft Corporation	(Verified) Microsoft Windows
    WmiPrvSE.exe		2,652 K	3,964 K	3320	WMI Provider Host	Microsoft Corporation	(Verified) Microsoft Windows
    winlogon.exe		2,856 K	1,452 K	504	Windows Logon Application	Microsoft Corporation	(Verified) Microsoft Windows
    wininit.exe		1,616 K	220 K	440	Windows Start-Up Application	Microsoft Corporation	(Verified) Microsoft Windows
    UI.exe		8,024 K	4,200 K	2368	Wireless net configuration UI		(No signature was present in the subject)
    svchost.exe		4,156 K	3,564 K	684	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    svchost.exe		5,444 K	5,320 K	752	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    svchost.exe		12,656 K	9,440 K	1156	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    svchost.exe		20,172 K	11,736 K	828	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    svchost.exe		1,964 K	2,296 K	1644	Host Process for Windows Services	Microsoft Corporation	(Verified) Microsoft Windows
    spoolsv.exe		6,796 K	4,312 K	1128	Spooler SubSystem App	Microsoft Corporation	(Verified) Microsoft Windows
    smss.exe		440 K	284 K	272	Windows Session Manager	Microsoft Corporation	(Verified) Microsoft Windows
    sftvsa.exe		1,376 K	328 K	1596	Microsoft Application Virtualization Virtual Service Agent	Microsoft Corporation	(Verified) Microsoft Corporation
    sftlist.exe		5,640 K	2,468 K	1784	Microsoft Application Virtualization Client Service	Microsoft Corporation	(Verified) Microsoft Corporation
    services.exe		6,284 K	4,756 K	548	Services and Controller app	Microsoft Corporation	(Verified) Microsoft Windows
    SearchIndexer.exe		46,464 K	12,908 K	2028	Microsoft Windows Search Indexer	Microsoft Corporation	(Verified) Microsoft Windows
    RAVCpl64.exe		8,180 K	3,056 K	712	Realtek HD Audio Manager	Realtek Semiconductor	(Verified) Microsoft Windows Hardware Compatibility Publisher
    procexp.exe		2,212 K	7,300 K	4364	Sysinternals Process Explorer	Sysinternals - www.sysinternals.com	(Verified) Microsoft Corporation
    PresentationFontCache.exe		25,932 K	596 K	3112	PresentationFontCache.exe	Microsoft Corporation	(Verified) Microsoft Windows
    plugin-container.exe		13,728 K	17,364 K	4292	Plugin Container for Firefox	Mozilla Corporation	(Verified) Mozilla Corporation
    lsm.exe		2,496 K	1,768 K	572	Local Session Manager Service	Microsoft Corporation	(Verified) Microsoft Windows
    lsass.exe		4,776 K	5,992 K	564	Local Security Authority Process	Microsoft Corporation	(Verified) Microsoft Windows
    jusched.exe		1,996 K	2,568 K	3136	Java(TM) Update Scheduler	Oracle Corporation	(Verified) Oracle America
    igfxsrvc.exe		2,276 K	2,792 K	2756	igfxsrvc Module	Intel Corporation	(Verified) Microsoft Windows Hardware Compatibility Publisher
    igfxpers.exe		2,888 K	3,840 K	3060	persistence Module	Intel Corporation	(Verified) Microsoft Windows Hardware Compatibility Publisher
    hkcmd.exe		3,200 K	3,200 K	3024	hkcmd Module	Intel Corporation	(Verified) Microsoft Windows Hardware Compatibility Publisher
    FlashPlayerPlugin_11_8_800_94.exe		12,252 K	16,864 K	4352	Adobe Flash Player 11.8 r800	Adobe Systems, Inc.	(Verified) Adobe Systems Incorporated
    dwm.exe		1,836 K	2,564 K	2360	Desktop Window Manager	Microsoft Corporation	(Verified) Microsoft Windows
    CVHSVC.EXE		7,116 K	1,984 K	1736	Microsoft Office Client Virtualization Service 	Microsoft Corporation	(Verified) Microsoft Corporation
    csrss.exe		2,716 K	1,996 K	400	Client Server Runtime Process	Microsoft Corporation	(Verified) Microsoft Windows
    armsvc.exe		1,148 K	292 K	1228	Adobe Acrobat Update Service	Adobe Systems Incorporated	(Verified) Adobe Systems
    AERTSr64.exe		968 K	296 K	1300	Andrea filters APO access service (64-bit)	Andrea Electronics Corporation	(Verified) Microsoft Windows Hardware Compatibility Publisher
    
    
    

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP