Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Warning MoneyPak [Closed]


  • This topic is locked This topic is locked

#1
browneyedleo730

browneyedleo730

    Member

  • Member
  • PipPip
  • 49 posts
I woke up to an FBI Warning stating that I had illegal stuff on my computer and that I had to pay a fine to regain access to my computer. I am able to connect to the internet using Safe Mode with Networking. Below is my OTL log.

Thanks in advance!

Erin

OTL logfile created on: 12/8/2012 12:04:36 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Erin E Reid\Desktop\Malware Removers
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 5.25 Gb Available Physical Memory | 89.44% Memory free
11.73 Gb Paging File | 11.12 Gb Available in Paging File | 94.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.41 Gb Total Space | 817.50 Gb Free Space | 88.91% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 188.86 Gb Free Space | 40.55% Space Free | Partition Type: NTFS

Computer Name: REID-PC | User Name: Erin E Reid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 16:23:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Erin E Reid\Desktop\Malware Removers\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/11/07 02:25:06 | 000,008,704 | ---- | M] (Box, Inc.) [Auto | Stopped] -- C:\Program Files\Box Sync\UpdateService.exe -- (#UpdateService)
SRV:64bit: - [2012/10/10 16:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011/08/31 20:07:00 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2011/02/28 13:19:38 | 000,163,496 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/12/08 08:48:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 20:52:45 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/09 09:25:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 23:09:08 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/31 20:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/08/31 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2011/08/07 06:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/14 16:28:42 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/22 12:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/06/14 22:56:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/22 14:42:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/09/22 14:42:02 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/08/31 20:07:00 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/08/31 20:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 12:32:58 | 000,330,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 00:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/17 23:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...85v135k4841r21q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...85v135k4841r21q


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Erin E Reid\Documents\Documents
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..keyword.URL: "http://websearch.ask...tid=OSJ000&&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: K:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 22:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/10 15:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 08:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 17:25:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 22:32:16 | 000,000,000 | ---D | M]

[2010/07/20 13:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Extensions
[2012/10/22 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions
[2012/07/18 16:28:26 | 000,000,000 | ---D | M] (Youtube Light Switch) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\{2aa024bd-65c3-4256-8343-d32e1047acff}
[2012/04/25 11:36:32 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\[email protected]
[2012/09/01 21:30:12 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\[email protected]
[2012/09/01 21:30:18 | 000,002,299 | ---- | M] () -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\searchplugins\askcom.xml
[2012/10/27 17:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 17:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/06 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/06 17:31:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/06 17:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\{AC61F225-B549-4BED-9CC7-265978D1EB2F}.XPI
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\[email protected]
[2012/12/08 08:48:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/17 18:17:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/05/17 18:17:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/08/30 17:23:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:26:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Picasa (Enabled) = K:\Picasa3\npPicasa3.dll
CHR - plugin: Heroes & Generals live (Enabled) = K:\ext hdd folder\Heroes & Generals\live\npretoxlive.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

O1 HOSTS File: ([2012/10/06 09:06:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [DAEMON Tools Lite] K:\ext hdd folder\daemontools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [GoogleChrome] C:\Users\Erin E Reid\AppData\Local\Temp\hehda.exe ()
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [Steam] K:\ext hdd folder\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Erin E Reid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = K:\ext hdd folder\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001\..Trusted Domains: smartsource.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B74726-5FBD-4E30-A7CA-3C7CC88457FD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45618e38-b003-11e1-bb0e-90fba62b5c57}\Shell - "" = AutoRun
O33 - MountPoints2\{45618e38-b003-11e1-bb0e-90fba62b5c57}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 08:53:47 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/12/08 08:53:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/12/08 08:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/12/08 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\SpeedyPC Software
[2012/12/08 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\DriverCure
[2012/12/08 08:51:59 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/12/08 08:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/12/08 08:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/12/08 08:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/12/08 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{0878B9D5-481E-4484-9CB0-9DA9A38F6C3E}
[2012/12/08 07:38:14 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{F1EA712F-B847-4DDE-B116-62210B65CFE9}
[2012/12/07 11:30:08 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{17B582E6-422C-44A6-8E64-FDA8B8264119}
[2012/12/06 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\hellomoto
[2012/12/04 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{D29A2989-E967-460F-AD6B-47E27184537A}
[2012/12/03 08:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\5AD6B95DFA82CCBE00005AD65E8DD2F5
[2012/12/01 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\The Creative Assembly
[2012/11/25 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{88CDF1F9-8E47-4D78-81F0-94393B51328F}
[2012/11/19 07:39:38 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{2FD87299-6C43-4C9E-A880-0D9302D6C039}
[2012/11/18 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{1BDF3DF1-BDE6-4D55-827B-9B9A7F370538}
[2012/11/17 16:12:37 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{54023153-5A0E-465D-A42B-968769DEC8DC}
[2012/11/17 00:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
[2012/11/17 00:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Box Sync
[2012/11/16 23:59:10 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{77FA8A76-78EC-4E6B-B6A1-42388119D74A}
[2012/11/16 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{6B14C82E-A96F-4BB3-ACF6-32DB3289375A}
[2012/11/12 22:07:54 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\Incomplete
[2012/11/12 22:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2012/11/12 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\MP3Rocket
[2012/11/12 22:05:09 | 000,356,520 | ---- | C] (Ask.com) -- C:\Users\Erin E Reid\Documents\ApnStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/08 11:56:59 | 000,793,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/08 11:56:59 | 000,669,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/08 11:56:59 | 000,125,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/08 11:52:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/08 11:52:38 | 429,203,455 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 11:47:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 11:47:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 11:47:00 | 000,000,833 | ---- | M] () -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2012/12/08 11:44:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 08:53:48 | 000,002,277 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\SpyHunter.lnk
[2012/12/08 08:52:14 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/12/08 08:51:59 | 000,001,212 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\SpeedyPC Pro.lnk
[2012/12/08 08:51:59 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/12/08 08:51:59 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/12/08 08:51:59 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/12/08 08:48:54 | 000,002,055 | ---- | M] () -- C:\Users\Erin E Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/08 08:35:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 08:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/07 14:40:40 | 000,042,440 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/12/07 14:40:38 | 000,028,104 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/12/07 11:12:40 | 000,006,273 | ---- | M] () -- C:\Users\Erin E Reid\AppData\Local\ac61f225-b549-4bed-9cc7-265978d1eb2f.crx
[2012/11/17 00:04:40 | 000,001,580 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\My Box Files.lnk
[2012/11/17 00:04:13 | 000,001,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
[2012/11/12 22:05:10 | 000,356,520 | ---- | M] (Ask.com) -- C:\Users\Erin E Reid\Documents\ApnStub.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/08 08:53:51 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2012/12/08 08:53:48 | 000,002,277 | ---- | C] () -- C:\Users\Erin E Reid\Desktop\SpyHunter.lnk
[2012/12/08 08:52:14 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/12/08 08:51:59 | 000,001,212 | ---- | C] () -- C:\Users\Erin E Reid\Desktop\SpeedyPC Pro.lnk
[2012/12/08 08:51:59 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/12/08 08:51:59 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/12/08 08:51:59 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/12/07 14:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/12/07 14:40:38 | 000,028,104 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/12/03 08:03:39 | 000,006,273 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\ac61f225-b549-4bed-9cc7-265978d1eb2f.crx
[2012/09/22 10:00:18 | 000,000,099 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\fusioncache.dat
[2012/08/12 22:44:47 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/07 06:14:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad
[2012/07/21 23:08:22 | 000,000,249 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/09 10:04:57 | 000,008,192 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 11:30:23 | 000,809,644 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/24 18:36:06 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/24 18:36:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/03 08:58:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/03 08:58:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 01:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 01:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/06/01 08:25:28 | 000,961,536 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2011/04/10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/04/10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/26 15:03:40 | 000,150,912 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/20 22:04:21 | 000,000,254 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/07/20 14:14:31 | 000,001,024 | -H-- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/07/20 14:14:31 | 000,001,024 | -H-- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2010/07/20 14:14:01 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/07/20 14:14:01 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/07/20 13:18:45 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/07/18 12:15:44 | 000,000,538 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/05/13 22:54:06 | 000,000,720 | -H-- | C] () -- C:\Windows\liswin32.ini
[2010/05/13 22:54:06 | 000,000,179 | -H-- | C] () -- C:\Windows\HIGHED32.INI
[2010/04/02 14:09:34 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/02/03 22:32:05 | 000,023,145 | -H-- | C] () -- C:\Windows\hpqins15.dat
[2010/01/23 15:15:25 | 000,000,902 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Roaming\wklnhst.dat
[2010/01/20 21:00:15 | 000,224,438 | -H-- | C] () -- C:\Windows\hpwins19.dat
[2009/10/14 10:45:45 | 000,000,673 | -H-- | C] () -- C:\Windows\hpwmdl19.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/06 16:15:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2005/01/20 08:01:00 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\STADEV32.DLL

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
These may all be run from safe mode, on completion could you reboot to normal mode and let me know how the system is behaving

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

THEN

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O4 - HKU\S-1-5-21-3377203420-1137806389-3542557883-1001..\Run: [GoogleChrome] C:\Users\Erin E Reid\AppData\Local\Temp\hehda.exe ()
[2012/12/03 08:03:39 | 000,006,273 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\ac61f225-b549-4bed-9cc7-265978d1eb2f.crx
[2012/08/12 22:44:47 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/08/07 06:14:46 | 004,503,728 | ---- | C] () -- C:\ProgramData\rat_0ybba.pad

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#3
browneyedleo730

browneyedleo730

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thanks for your speedy reply! I followed your instructions and below are the reports you requested.

Thank you!

Erin

RK Report 1

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Erin E Reid [Admin rights]
Mode : Scan -- Date : 12/08/2012 15:39:12

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] gentray.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe -> KILLED [TermProc]
[SUSP PATH] IeSearchProvider.exe -- C:\Users\Erin E Reid\AppData\Local\Temp\IeSearchProvider.exe -> KILLED [TermProc]
[SUSP PATH] framework_setup.gen -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Data\Updater\genieo_temp\framework_setup.gen -> KILLED [TermProc]

¤¤¤ Registry Entries : 13 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GoogleChrome (C:\Users\Erin E Reid\AppData\Local\Temp\hehda.exe) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoUpdaterService ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5) -> FOUND
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe") -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3377203420-1137806389-3542557883-1001[...]\Run : GoogleChrome (C:\Users\Erin E Reid\AppData\Local\Temp\hehda.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3377203420-1137806389-3542557883-1001[...]\Run : GenieoUpdaterService ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-3377203420-1137806389-3542557883-1001[...]\Run : GenieoSystemTray ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe") -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Erin E Reid\AppData\Local\{ed195368-06b6-a6cb-e1df-405d53511818}\n.) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\U --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3377203420-1137806389-3542557883-1001\$ed19536806b6a6cbe1df405d53511818\U --> FOUND
[ZeroAccess][FOLDER] L : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\L --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3377203420-1137806389-3542557883-1001\$ed19536806b6a6cbe1df405d53511818\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿ₫1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++
--- User ---
[MBR] ed71356a5c1e19ab92d739f5ce197e5e
[BSP] 9dc7627918731b483c3376120f1e5f7d : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 941479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 96a26829659c89cbffa307b9fcb3cabe
[BSP] b03b79ca85c94aa3daefa58cb19c2c01 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_12082012_02d1539.txt >>
RKreport[1]_S_12082012_02d1539.txt


RK report 2

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Erin E Reid [Admin rights]
Mode : Remove -- Date : 12/08/2012 15:40:09

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] gentray.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe -> KILLED [TermProc]
[SUSP PATH] IeSearchProvider.exe -- C:\Users\Erin E Reid\AppData\Local\Temp\IeSearchProvider.exe -> KILLED [TermProc]
[SUSP PATH] framework_setup.gen -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Data\Updater\genieo_temp\framework_setup.gen -> KILLED [TermProc]

¤¤¤ Registry Entries : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : GoogleChrome (C:\Users\Erin E Reid\AppData\Local\Temp\hehda.exe) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoUpdaterService ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe" -wait 5) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : GenieoSystemTray ("C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe") -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\Users\Erin E Reid\AppData\Local\{ed195368-06b6-a6cb-e1df-405d53511818}\n.) -> REPLACED (C:\Windows\system32\shell32.dll)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3377203420-1137806389-3542557883-1001\$ed19536806b6a6cbe1df405d53511818\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Windows\Installer\{ed195368-06b6-a6cb-e1df-405d53511818}\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3377203420-1137806389-3542557883-1001\$ed19536806b6a6cbe1df405d53511818\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿ₫1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++
--- User ---
[MBR] ed71356a5c1e19ab92d739f5ce197e5e
[BSP] 9dc7627918731b483c3376120f1e5f7d : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12288 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 25167872 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25372672 | Size: 941479 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: TOSHIBA External USB 3.0 USB Device +++++
--- User ---
[MBR] 96a26829659c89cbffa307b9fcb3cabe
[BSP] b03b79ca85c94aa3daefa58cb19c2c01 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12082012_02d1540.txt >>
RKreport[1]_S_12082012_02d1539.txt ; RKreport[2]_D_12082012_02d1540.txt


RK report 3

RogueKiller V8.3.2 [Dec 7 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Erin E Reid [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/08/2012 15:52:21

¤¤¤ Bad processes : 5 ¤¤¤
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] genupdater.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe -> KILLED [TermProc]
[SUSP PATH] gentray.exe -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe -> KILLED [TermProc]
[SUSP PATH] IeSearchProvider.exe -- C:\Users\Erin E Reid\AppData\Local\Temp\IeSearchProvider.exe -> KILLED [TermProc]
[SUSP PATH] framework_setup.gen -- C:\Users\Erin E Reid\AppData\Roaming\Genieo\Data\Updater\genieo_temp\framework_setup.gen -> KILLED [TermProc]

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 2 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 141 / Fail 0
My documents: Success 544 / Fail 544
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 124 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 49 / Fail 0
Backup: [FOUND] Success 0 / Fail 0 / Exists 0

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume8 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume9 -- 0x2 --> Restored
[K:] \Device\HarddiskVolume4 -- 0x3 --> Restored
[L:] \Device\CdRom1 -- 0x5 --> Skipped

Finished : << RKreport[3]_SC_12082012_02d1552.txt >>
RKreport[1]_S_12082012_02d1539.txt ; RKreport[2]_D_12082012_02d1540.txt ; RKreport[3]_SC_12082012_02d1552.txt


OTL Quick Scan Report

OTL logfile created on: 12/8/2012 5:01:44 PM - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Erin E Reid\Desktop\Malware Removers
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.87 Gb Total Physical Memory | 4.65 Gb Available Physical Memory | 79.19% Memory free
11.73 Gb Paging File | 10.51 Gb Available in Paging File | 89.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919.41 Gb Total Space | 818.06 Gb Free Space | 88.98% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 188.94 Gb Free Space | 40.57% Space Free | Partition Type: NTFS

Computer Name: REID-PC | User Name: Erin E Reid | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/26 16:23:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Erin E Reid\Desktop\Malware Removers\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/11/07 02:25:06 | 000,008,704 | ---- | M] (Box, Inc.) [Auto | Stopped] -- C:\Program Files\Box Sync\UpdateService.exe -- (#UpdateService)
SRV:64bit: - [2012/10/10 16:23:46 | 001,021,888 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV:64bit: - [2011/08/31 20:07:00 | 000,158,832 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/04/01 20:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV:64bit: - [2011/02/28 13:19:38 | 000,163,496 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/03 20:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2012/12/08 08:48:50 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/04 20:52:45 | 000,541,168 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/09 09:25:12 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/29 18:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 18:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/13 23:09:08 | 000,076,888 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/01/19 05:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/08/31 20:07:00 | 000,181,480 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mcshield.exe -- (McShield)
SRV - [2011/08/31 20:07:00 | 000,066,880 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2011/08/31 20:07:00 | 000,020,792 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\engineserver.exe -- (McAfeeEngineService)
SRV - [2011/08/07 06:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 11:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/14 16:28:42 | 000,222,528 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe -- (McAfee SiteAdvisor Enterprise Service)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/08/28 03:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/25 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/29 18:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/06/22 12:01:30 | 000,022,704 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EsgScanner.sys -- (EsgScanner)
DRV:64bit: - [2012/06/14 22:56:30 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/22 14:42:02 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2011/09/22 14:42:02 | 000,074,376 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011/08/31 20:07:00 | 000,642,824 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,228,752 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,158,584 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/08/31 20:07:00 | 000,100,904 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/08/31 20:07:00 | 000,086,368 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\mfetdik.sys -- (mfetdik)
DRV:64bit: - [2011/08/01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 18:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/07/25 16:44:46 | 000,074,752 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/07/20 13:58:22 | 000,044,032 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 12:32:58 | 000,330,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel®
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/15 00:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/10/13 13:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/17 23:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 18:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009/07/09 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...85v135k4841r21q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gate...85v135k4841r21q

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\Erin E Reid\Documents\Documents
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gate...85v135k4841r21q
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.gmail.com/"
FF - prefs.js..keyword.URL: "http://websearch.ask...tid=OSJ000&&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: K:\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 22:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ [2011/08/10 15:59:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/08 08:48:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/27 17:25:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/03 22:32:16 | 000,000,000 | ---D | M]

[2010/07/20 13:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Extensions
[2012/10/22 20:37:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions
[2012/07/18 16:28:26 | 000,000,000 | ---D | M] (Youtube Light Switch) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\{2aa024bd-65c3-4256-8343-d32e1047acff}
[2012/04/25 11:36:32 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\[email protected]
[2012/09/01 21:30:12 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\extensions\[email protected]
[2012/09/01 21:30:18 | 000,002,299 | ---- | M] () -- C:\Users\Erin E Reid\AppData\Roaming\Mozilla\Firefox\Profiles\lfw8s4ex.default\searchplugins\askcom.xml
[2012/10/27 17:25:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/27 17:25:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/06 17:31:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2012/12/06 17:31:10 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/12/06 17:31:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\{AC61F225-B549-4BED-9CC7-265978D1EB2F}.XPI
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}.XPI
() (No name found) -- C:\USERS\ERIN E REID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\LFW8S4EX.DEFAULT\EXTENSIONS\[email protected]
[2012/12/08 08:48:50 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/08/31 20:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
[2011/05/17 18:17:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/05/17 18:17:27 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol500.dll
[2012/08/30 17:23:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/11 20:26:40 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: BlackBerry AppWorld (Enabled) = C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Picasa (Enabled) = K:\Picasa3\npPicasa3.dll
CHR - plugin: Heroes & Generals live (Enabled) = K:\ext hdd folder\Heroes & Generals\live\npretoxlive.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

O1 HOSTS File: ([2012/12/08 16:58:29 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\scriptsn.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [BoxSyncHelper] C:\Program Files\Box Sync\BoxSyncHelper.exe (Box, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files (x86)\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe (IOI)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] K:\ext hdd folder\daemontools\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler File not found
O4 - HKCU..\Run: [Steam] K:\ext hdd folder\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Erin E Reid\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = K:\ext hdd folder\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: genieo.com ([yahoo] http in Trusted sites)
O15 - HKCU\..Trusted Domains: smartsource.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...tel_4.5.3.0.cab (SysInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.syste...yri_4.5.1.0.cab (SysInfo Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...inAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2B74726-5FBD-4E30-A7CA-3C7CC88457FD}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{45618e38-b003-11e1-bb0e-90fba62b5c57}\Shell - "" = AutoRun
O33 - MountPoints2\{45618e38-b003-11e1-bb0e-90fba62b5c57}\Shell\AutoRun\command - "" = L:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/12/08 15:34:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-zip
[2012/12/08 15:34:53 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\Genieo
[2012/12/08 08:53:47 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
[2012/12/08 08:53:46 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/12/08 08:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/12/08 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\SpeedyPC Software
[2012/12/08 08:52:03 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\DriverCure
[2012/12/08 08:51:59 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedyPC Software
[2012/12/08 08:51:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedyPC Software
[2012/12/08 08:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/12/08 08:51:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedyPC Software
[2012/12/08 08:38:05 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{0878B9D5-481E-4484-9CB0-9DA9A38F6C3E}
[2012/12/08 07:38:14 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{F1EA712F-B847-4DDE-B116-62210B65CFE9}
[2012/12/07 11:30:08 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{17B582E6-422C-44A6-8E64-FDA8B8264119}
[2012/12/06 19:47:13 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\hellomoto
[2012/12/04 20:36:47 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{D29A2989-E967-460F-AD6B-47E27184537A}
[2012/12/03 08:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\5AD6B95DFA82CCBE00005AD65E8DD2F5
[2012/12/01 15:15:23 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\The Creative Assembly
[2012/11/25 13:12:26 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{88CDF1F9-8E47-4D78-81F0-94393B51328F}
[2012/11/19 07:39:38 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{2FD87299-6C43-4C9E-A880-0D9302D6C039}
[2012/11/18 17:30:07 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{1BDF3DF1-BDE6-4D55-827B-9B9A7F370538}
[2012/11/17 16:12:37 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{54023153-5A0E-465D-A42B-968769DEC8DC}
[2012/11/17 00:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
[2012/11/17 00:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Box Sync
[2012/11/16 23:59:10 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{77FA8A76-78EC-4E6B-B6A1-42388119D74A}
[2012/11/16 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Local\{6B14C82E-A96F-4BB3-ACF6-32DB3289375A}
[2012/11/12 22:07:54 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\Incomplete
[2012/11/12 22:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3 Rocket
[2012/11/12 22:05:44 | 000,000,000 | ---D | C] -- C:\Users\Erin E Reid\AppData\Roaming\MP3Rocket
[2012/11/12 22:05:09 | 000,356,520 | ---- | C] (Ask.com) -- C:\Users\Erin E Reid\Documents\ApnStub.exe

========== Files - Modified Within 30 Days ==========

[2012/12/08 17:00:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/08 17:00:09 | 429,203,455 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/08 16:58:29 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/12/08 15:36:08 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/12/08 11:56:59 | 000,793,564 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/08 11:56:59 | 000,669,662 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/08 11:56:59 | 000,125,558 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/08 11:47:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 11:47:36 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/08 11:47:00 | 000,000,833 | ---- | M] () -- C:\Users\Erin E Reid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2012/12/08 11:44:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/08 08:53:48 | 000,002,277 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\SpyHunter.lnk
[2012/12/08 08:52:14 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/12/08 08:51:59 | 000,001,212 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\SpeedyPC Pro.lnk
[2012/12/08 08:51:59 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/12/08 08:51:59 | 000,000,476 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/12/08 08:51:59 | 000,000,432 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/12/08 08:48:54 | 000,002,055 | ---- | M] () -- C:\Users\Erin E Reid\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/12/08 08:35:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/08 08:07:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/07 14:40:40 | 000,042,440 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/12/07 14:40:38 | 000,028,104 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/11/17 00:04:40 | 000,001,580 | ---- | M] () -- C:\Users\Erin E Reid\Desktop\My Box Files.lnk
[2012/11/17 00:04:13 | 000,001,861 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Box Sync.lnk
[2012/11/12 22:05:10 | 000,356,520 | ---- | M] (Ask.com) -- C:\Users\Erin E Reid\Documents\ApnStub.exe

========== Files Created - No Company Name ==========

[2012/12/08 15:34:56 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\7-zip.lnk
[2012/12/08 08:53:51 | 000,022,704 | ---- | C] () -- C:\Windows\SysNative\drivers\EsgScanner.sys
[2012/12/08 08:53:48 | 000,002,277 | ---- | C] () -- C:\Users\Erin E Reid\Desktop\SpyHunter.lnk
[2012/12/08 08:52:14 | 000,000,456 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2012/12/08 08:51:59 | 000,001,212 | ---- | C] () -- C:\Users\Erin E Reid\Desktop\SpeedyPC Pro.lnk
[2012/12/08 08:51:59 | 000,000,528 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2012/12/08 08:51:59 | 000,000,476 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Update Version3.job
[2012/12/08 08:51:59 | 000,000,432 | ---- | C] () -- C:\Windows\tasks\SpeedyPC Pro.job
[2012/12/07 14:40:40 | 000,042,440 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012/12/07 14:40:38 | 000,028,104 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2012/09/22 10:00:18 | 000,000,099 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\fusioncache.dat
[2012/07/21 23:08:22 | 000,000,249 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/07/09 10:04:57 | 000,008,192 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/02 11:30:23 | 000,809,644 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/24 18:36:06 | 000,298,016 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/24 18:36:02 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/01/10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/10/03 08:58:35 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/03 08:58:35 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 01:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011/09/19 01:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011/06/01 08:25:28 | 000,961,536 | ---- | C] () -- C:\Windows\SysWow64\libxml2.dll
[2011/04/10 10:49:10 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/04/10 10:49:10 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/04/10 10:49:10 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/02/26 15:03:40 | 000,150,912 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/20 22:04:21 | 000,000,254 | -H-- | C] () -- C:\Windows\wininit.ini
[2010/07/20 14:14:31 | 000,001,024 | -H-- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2010/07/20 14:14:31 | 000,001,024 | -H-- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\serauth2.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\serauth1.dll
[2010/07/20 14:14:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysWow64\nsprs.dll
[2010/07/20 14:14:01 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2010/07/20 14:14:01 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2010/07/20 13:18:45 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2010/07/18 12:15:44 | 000,000,538 | -H-- | C] () -- C:\Windows\eReg.dat
[2010/05/13 22:54:06 | 000,000,720 | -H-- | C] () -- C:\Windows\liswin32.ini
[2010/05/13 22:54:06 | 000,000,179 | -H-- | C] () -- C:\Windows\HIGHED32.INI
[2010/04/02 14:09:34 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/02/03 22:32:05 | 000,023,145 | -H-- | C] () -- C:\Windows\hpqins15.dat
[2010/01/23 15:15:25 | 000,000,902 | ---- | C] () -- C:\Users\Erin E Reid\AppData\Roaming\wklnhst.dat
[2010/01/20 21:00:15 | 000,224,438 | -H-- | C] () -- C:\Windows\hpwins19.dat
[2009/10/14 10:45:45 | 000,000,673 | -H-- | C] () -- C:\Windows\hpwmdl19.dat
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2005/08/06 16:15:16 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2005/01/20 08:01:00 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\STADEV32.DLL

========== LOP Check ==========

[2012/12/07 11:18:54 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\.minecraft
[2012/09/12 18:49:05 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\.techniclauncher
[2012/09/29 18:50:39 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Awesomium
[2012/07/26 20:31:18 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\BANDISOFT
[2012/06/25 16:55:35 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Blender Foundation
[2012/08/31 16:32:07 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Box Desktop
[2012/12/08 11:47:18 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Box Sync
[2011/05/15 13:22:04 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Catalina Marketing Corp
[2012/06/15 00:32:25 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\DAEMON Tools Lite
[2012/12/08 08:52:03 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\DriverCure
[2012/12/08 08:38:19 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Dropbox
[2011/08/01 10:24:31 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Eclipse
[2012/03/02 18:06:21 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\GameRanger
[2011/06/10 14:43:37 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\GARMIN
[2012/12/08 15:34:54 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Genieo
[2012/03/09 18:46:14 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\gtk-2.0
[2012/12/06 19:47:13 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\hellomoto
[2012/11/12 22:21:41 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\MP3Rocket
[2011/08/24 19:46:50 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\NCSS
[2010/01/20 20:03:57 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Packard Bell
[2011/05/05 22:15:11 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Research In Motion
[2012/06/25 16:28:17 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\ScripterRon
[2011/05/05 23:26:40 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\SPE
[2012/12/08 08:52:03 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\SpeedyPC Software
[2012/06/09 21:39:16 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\SplitMediaLabs
[2012/10/17 21:13:05 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Stardock
[2012/09/17 21:08:52 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\System
[2012/05/17 18:32:35 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\SystemRequirementsLab
[2012/02/18 14:17:50 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\TeamViewer
[2010/09/13 06:32:10 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Template
[2012/12/01 15:15:23 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\The Creative Assembly
[2012/01/29 19:56:37 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\ts3overlay
[2012/06/21 00:33:14 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\uTorrent
[2012/04/06 20:55:35 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\wargaming.net
[2011/09/17 17:08:39 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Windows Live Writer
[2012/02/23 18:19:23 | 000,000,000 | ---D | M] -- C:\Users\Erin E Reid\AppData\Roaming\Wings3D
[2012/09/17 21:10:38 | 000,000,000 | --SD | M] -- C:\Users\Erin E Reid\AppData\Roaming\wyUpdate AU
[2012/08/10 09:29:49 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/12/08 08:51:59 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Pro.job
[2012/12/08 08:52:14 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Registration3.job
[2012/12/08 08:51:59 | 000,000,528 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
[2012/12/08 08:51:59 | 000,000,476 | ---- | M] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job

========== Purity Check ==========



< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One more to run to repair the zero access damage and locate any other bad files

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.


Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
User returned
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP