Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus [Closed]


  • This topic is locked This topic is locked

#1
violetb

violetb

    New Member

  • Member
  • Pip
  • 1 posts
Hello I followed all instructions to remove google redirect virus and I still have the same problem. I also have a malwarebytes subscription which removed about six Trojans, I also had the department of justice virus, Tdss did not find anything when I ran it, I also downloaded a trial free version of hitmanpro which quarantined and remove several Trojans. I attempted to download avg, but I don't think it installed correctly. I'm still getting faulty redirects when I click on links to open webpages, I also mcaffee warnings telling me not to open certain pages.A month or so ago I was also having trouble with pages not loading when I click on links. Please help, nothing has worked so far. Below is my OTL log.

OTL logfile created on: 8/2/2013 11:33:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Yolanda\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.85 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 62.72% Memory free
7.70 Gb Paging File | 5.61 Gb Available in Paging File | 72.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.99 Gb Total Space | 396.13 Gb Free Space | 87.64% Space Free | Partition Type: NTFS

Computer Name: YOLANDA-PC | User Name: Yolanda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/02 23:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yolanda\Desktop\OTL.exe
PRC - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/05/22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/05/10 14:37:32 | 000,010,920 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2011/04/13 03:34:08 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/04/13 03:34:08 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/04/13 03:34:06 | 001,097,296 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/04/13 03:34:06 | 000,353,872 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 16:19:12 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/22 16:19:08 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/11/01 11:45:22 | 000,047,704 | ---- | M] (Alcor) -- C:\Windows\WebCam\S6000\S6000Mnt.exe
PRC - [2010/10/05 17:46:10 | 000,704,104 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
PRC - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/31 19:39:48 | 000,277,504 | ---- | M] () -- C:\Users\Yolanda\AppData\Local\{869C35D8-82BE-4DD0-BAC4-4449FA89CE51}\{C7A9A436-36B6-4863-B102-2923DF8563AC}\kfakfdnh.dll
MOD - [2011/03/11 16:33:50 | 000,238,056 | ---- | M] () -- c:\Program Files\mcafee\msk\mskapbho.dll
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2009/03/12 16:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 14:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/08/02 09:53:46 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/02/19 14:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 14:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 14:51:54 | 000,241,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/01/28 11:44:08 | 000,868,224 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/10/08 05:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/12 14:37:18 | 003,289,472 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/06/11 23:25:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/05/10 14:37:32 | 000,010,920 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2011/04/28 19:55:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/04/13 03:34:06 | 000,353,872 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/22 16:19:12 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/22 16:19:08 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/20 19:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 17:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/19 14:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 14:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 14:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 14:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 14:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 14:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 14:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/26 20:19:48 | 012,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/15 01:11:10 | 000,010,112 | ---- | M] (support.com, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssmirrdr.sys -- (ssmirrdr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/24 12:23:32 | 003,293,400 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010/12/11 23:43:54 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010/12/11 11:12:54 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2010/12/11 11:12:50 | 000,067,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2010/12/10 20:46:56 | 000,035,368 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2010/11/24 02:08:10 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/19 02:29:30 | 001,401,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/06 02:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/01 00:03:30 | 000,410,152 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/08 05:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/07/09 15:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2010/04/20 14:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/12/31 06:04:57 | 000,360,712 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2009/09/22 21:46:18 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2009/09/22 21:32:39 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2009/09/22 21:32:33 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/19 22:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {f2c43291-151e-499c-98a7-923c120b88fa} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {5F25A71F-8BA8-43B8-BA57-741C281B7C8A}
IE - HKCU\..\SearchScopes\{5F25A71F-8BA8-43B8-BA57-741C281B7C8A}: "URL" = http://www.google.co...1I7GGNI_enUS486
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Yolanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Yolanda\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Yolanda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/12 22:30:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/06/04 04:44:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/07/29 17:29:04 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Yolanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Yolanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Yolanda\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Yolanda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Spring Mood = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\facdidjmdhkmihcagdgmhffjnkklblge\1.11_0\
CHR - Extension: SiteAdvisor = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Skype Click to Call = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Gmail = C:\Users\Yolanda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/02 00:12:25 | 000,000,019 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120624232459.dll (McAfee, Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120624232459.dll (McAfee, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] T\EPOWERTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not found
O4:64bit: - HKLM..\Run: [IgfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not found
O4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynTPEnh] H.EXE File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found
O4 - HKCU..\Run: [{C7A9A436-36B6-4863-B102-2923DF8563AC}] C:\Users\Yolanda\AppData\Local\{869C35D8-82BE-4DD0-BAC4-4449FA89CE51}\{C7A9A436-36B6-4863-B102-2923DF8563AC}\kfakfdnh.dll ()
O4 - HKCU..\Run: [Checker] rundll32 "C:\Users\Yolanda\AppData\Local\Temp\\\jbllge.dll",DllRegisterServer File not found
O4 - HKCU..\Run: [EPSON WorkForce 610 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SCC68.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSOND8A4F6] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFJA.EXE /FU "C:\Windows\TEMP\E_SBC0E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [PhotoJoy] C:\Program Files (x86)\PhotoJoy\bin\PhotoJoy.exe /c File not found
O4 - Startup: C:\Users\Yolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C3AFADB-4DF7-4A9E-8195-D2BF84E38720}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{88EB3ADC-6D3F-49B9-AF34-F960C57EE230}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk /r \??\C:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/02 23:32:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Yolanda\Desktop\OTL.exe
[2013/08/02 23:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/02 23:15:39 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/08/02 00:05:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013/08/02 00:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013/08/02 00:04:13 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/08/01 20:59:37 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\Desktop\tdsskiller
[2013/08/01 20:54:05 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\Desktop\GooredFix Backups
[2013/08/01 20:35:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/08/01 20:16:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/08/01 20:14:37 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\Documents\ERUNT
[2013/08/01 20:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/01 20:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/01 05:09:30 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\Desktop\Search Kaspersky Lab US_files
[2013/07/30 01:38:00 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\AppData\Local\{B6524154-74CD-408C-8998-AC3E79B32611}
[2013/07/23 08:22:03 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\AppData\Local\Diagnostics
[2013/07/22 17:38:33 | 000,000,000 | ---D | C] -- C:\Users\Yolanda\AppData\Local\Adobe
[2013/07/18 16:53:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/13 00:06:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuYin
[2013/07/12 22:53:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/18 00:11:56 | 005,944,360 | ---- | C] (Absolute Software Corp. ) -- C:\Users\Yolanda\AppData\Roaming\LoJackSetup.exe

========== Files - Modified Within 30 Days ==========

[2013/08/02 23:36:08 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/02 23:32:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Yolanda\Desktop\OTL.exe
[2013/08/02 23:25:14 | 000,024,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 23:25:14 | 000,024,672 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/02 23:22:49 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013/08/02 23:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/02 23:20:01 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2114457821-856641166-3955415068-1000UA.job
[2013/08/02 23:20:01 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2114457821-856641166-3955415068-1000Core.job
[2013/08/02 23:19:05 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/08/02 23:18:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/02 23:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/02 23:17:42 | 3102,347,264 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 23:15:39 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2013/08/02 23:00:00 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\{F236003E-0A82-4CFC-863D-9AC9E528CCF3}.job
[2013/08/02 18:23:39 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/08/02 18:23:29 | 000,017,920 | ---- | M] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/08/02 18:23:29 | 000,017,920 | ---- | M] () -- C:\Windows\SysNative\rpcnetp.exe
[2013/08/02 00:12:25 | 000,000,019 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/02 00:12:16 | 000,001,432 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013/08/02 00:05:47 | 000,001,897 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/02 00:00:41 | 000,000,246 | ---- | M] () -- C:\Users\Yolanda\Desktop\Remove Department of Justice virus (MoneyPak Scam).url
[2013/08/01 23:33:00 | 000,000,004 | ---- | M] () -- C:\Users\Yolanda\AppData\Roaming\skype.ini
[2013/08/01 23:29:11 | 000,000,860 | ---- | M] () -- C:\Users\Yolanda\Desktop\Internet Security Pro.lnk
[2013/08/01 23:29:09 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\opera172098.exe
[2013/08/01 23:13:24 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\java863586.exe
[2013/08/01 23:05:13 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig680055.exe
[2013/08/01 23:05:13 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\firefox309024.exe
[2013/08/01 22:52:54 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\notepad.exe
[2013/08/01 22:42:03 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer.exe
[2013/08/01 22:42:03 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\acrobatreader.exe
[2013/08/01 22:28:54 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\chrome.exe
[2013/08/01 20:58:34 | 002,218,636 | ---- | M] () -- C:\Users\Yolanda\Desktop\tdsskiller.zip
[2013/08/01 20:35:57 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.hitmanpro
[2013/08/01 20:14:03 | 000,001,108 | ---- | M] () -- C:\Users\Yolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/01 20:13:45 | 000,000,928 | ---- | M] () -- C:\Users\Yolanda\Desktop\NTREGOPT.lnk
[2013/08/01 20:13:45 | 000,000,909 | ---- | M] () -- C:\Users\Yolanda\Desktop\ERUNT.lnk
[2013/08/01 05:25:02 | 000,000,259 | ---- | M] () -- C:\Users\Yolanda\Desktop\Computer Won't Boot - Malware Related - Geeks to Go Forums.url
[2013/08/01 05:13:29 | 000,000,255 | ---- | M] () -- C:\Users\Yolanda\Desktop\How to fix Google Redirects - Geeks to Go Forums (2).url
[2013/08/01 05:10:14 | 000,000,233 | ---- | M] () -- C:\Users\Yolanda\Desktop\TDSSKiller Rootkit Removal Utility Free Download Kaspersky Lab US.url
[2013/08/01 05:09:30 | 000,036,704 | ---- | M] () -- C:\Users\Yolanda\Desktop\Search Kaspersky Lab US.htm
[2013/08/01 04:29:44 | 000,000,255 | ---- | M] () -- C:\Users\Yolanda\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/07/18 18:01:20 | 000,001,137 | ---- | M] () -- C:\Users\Yolanda\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/07/18 16:53:13 | 000,775,776 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/18 16:53:13 | 000,662,158 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/18 16:53:13 | 000,122,044 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/18 16:53:06 | 000,775,776 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/18 16:02:46 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig928022.exe
[2013/07/18 16:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck173346.exe
[2013/07/18 16:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\csrss958544.exe
[2013/07/18 16:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\conhost68164.exe
[2013/07/18 16:02:41 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\firefox520732.exe
[2013/07/18 15:59:51 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck429603.exe
[2013/07/18 15:59:49 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jqs319019.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer938735.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer931615.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\java508518.exe
[2013/07/18 15:59:46 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\conhost886471.exe
[2013/07/18 15:59:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck559367.exe
[2013/07/18 15:59:38 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer971244.exe
[2013/07/18 15:59:29 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\icq.exe
[2013/07/18 15:59:29 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\flashplayer.exe
[2013/07/18 15:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\mstsc.exe
[2013/07/18 15:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig.exe
[2013/07/18 15:59:27 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jqs.exe
[2013/07/15 10:38:43 | 000,002,593 | ---- | M] () -- C:\Users\Yolanda\Desktop\Demitrius - Chrome.lnk
[2013/07/12 22:53:05 | 664,731,528 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/07/11 00:53:23 | 000,432,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/05 17:12:28 | 004,198,911 | ---- | M] () -- C:\Users\Yolanda\Documents\img021.pdf
[2013/07/05 17:04:03 | 008,937,517 | ---- | M] () -- C:\Users\Yolanda\Documents\Dylan Reese- GEEF 2013.pdf
[2013/07/05 16:54:24 | 000,232,857 | ---- | M] () -- C:\Users\Yolanda\Documents\img019.pdf

========== Files Created - No Company Name ==========

[2013/08/02 23:19:05 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/08/02 00:12:16 | 000,001,432 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013/08/02 00:05:47 | 000,001,897 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013/08/02 00:00:41 | 000,000,246 | ---- | C] () -- C:\Users\Yolanda\Desktop\Remove Department of Justice virus (MoneyPak Scam).url
[2013/08/01 23:32:16 | 000,000,004 | ---- | C] () -- C:\Users\Yolanda\AppData\Roaming\skype.ini
[2013/08/01 23:29:09 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\opera172098.exe
[2013/08/01 23:13:24 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\java863586.exe
[2013/08/01 23:05:13 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\msconfig680055.exe
[2013/08/01 23:05:13 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\firefox309024.exe
[2013/08/01 22:52:54 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\notepad.exe
[2013/08/01 22:42:03 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\vlcplayer.exe
[2013/08/01 22:42:03 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\acrobatreader.exe
[2013/08/01 22:28:54 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\chrome.exe
[2013/08/01 20:58:25 | 002,218,636 | ---- | C] () -- C:\Users\Yolanda\Desktop\tdsskiller.zip
[2013/08/01 20:14:03 | 000,001,108 | ---- | C] () -- C:\Users\Yolanda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/01 20:13:45 | 000,000,928 | ---- | C] () -- C:\Users\Yolanda\Desktop\NTREGOPT.lnk
[2013/08/01 20:13:45 | 000,000,909 | ---- | C] () -- C:\Users\Yolanda\Desktop\ERUNT.lnk
[2013/08/01 05:25:02 | 000,000,259 | ---- | C] () -- C:\Users\Yolanda\Desktop\Computer Won't Boot - Malware Related - Geeks to Go Forums.url
[2013/08/01 05:13:29 | 000,000,255 | ---- | C] () -- C:\Users\Yolanda\Desktop\How to fix Google Redirects - Geeks to Go Forums (2).url
[2013/08/01 05:10:14 | 000,000,233 | ---- | C] () -- C:\Users\Yolanda\Desktop\TDSSKiller Rootkit Removal Utility Free Download Kaspersky Lab US.url
[2013/08/01 05:09:29 | 000,036,704 | ---- | C] () -- C:\Users\Yolanda\Desktop\Search Kaspersky Lab US.htm
[2013/08/01 04:29:44 | 000,000,255 | ---- | C] () -- C:\Users\Yolanda\Desktop\How to fix Google Redirects - Geeks to Go Forums.url
[2013/07/18 16:02:46 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\msconfig928022.exe
[2013/07/18 16:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jucheck173346.exe
[2013/07/18 16:02:45 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\csrss958544.exe
[2013/07/18 16:02:43 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\conhost68164.exe
[2013/07/18 16:02:41 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\firefox520732.exe
[2013/07/18 16:01:29 | 000,000,338 | -H-- | C] () -- C:\Windows\tasks\{F236003E-0A82-4CFC-863D-9AC9E528CCF3}.job
[2013/07/18 15:59:51 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jucheck429603.exe
[2013/07/18 15:59:49 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jqs319019.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\vlcplayer938735.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\vlcplayer931615.exe
[2013/07/18 15:59:48 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\java508518.exe
[2013/07/18 15:59:46 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\conhost886471.exe
[2013/07/18 15:59:45 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jucheck559367.exe
[2013/07/18 15:59:38 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\vlcplayer971244.exe
[2013/07/18 15:59:29 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\flashplayer.exe
[2013/07/18 15:59:28 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\mstsc.exe
[2013/07/18 15:59:28 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\msconfig.exe
[2013/07/18 15:59:27 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jqs.exe
[2013/07/18 15:59:27 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\icq.exe
[2013/07/12 22:53:03 | 664,731,528 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/07/05 17:12:05 | 004,198,911 | ---- | C] () -- C:\Users\Yolanda\Documents\img021.pdf
[2013/07/05 17:03:13 | 008,937,517 | ---- | C] () -- C:\Users\Yolanda\Documents\Dylan Reese- GEEF 2013.pdf
[2013/07/05 16:54:24 | 000,232,857 | ---- | C] () -- C:\Users\Yolanda\Documents\img019.pdf
[2013/07/02 10:43:25 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\jucheck.exe
[2013/07/02 10:43:22 | 000,000,000 | ---- | C] () -- C:\Users\Yolanda\googleupdate.exe
[2013/05/01 12:41:21 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.dll
[2013/05/01 08:09:35 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\rpcnetp.exe
[2013/04/22 22:06:16 | 000,061,304 | ---- | C] () -- C:\Users\Yolanda\g2mdlhlpx.exe
[2013/01/12 13:58:07 | 000,775,776 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/01/03 14:18:01 | 000,005,003 | ---- | C] () -- C:\Users\Yolanda\receipt 1-3-13.htm
[2012/11/15 15:04:13 | 000,005,057 | ---- | C] () -- C:\Users\Yolanda\Print receipt car 11-15-2012.htm
[2012/06/02 02:53:40 | 000,069,076 | ---- | C] () -- C:\Users\Yolanda\TP030000507.dotx
[2012/06/02 02:52:24 | 000,028,161 | ---- | C] () -- C:\Users\Yolanda\Budget Template.xltx
[2012/06/02 02:48:59 | 000,025,088 | ---- | C] () -- C:\Users\Yolanda\Expense budget.XLT
[2012/06/02 02:47:41 | 000,066,048 | ---- | C] () -- C:\Users\Yolanda\Targeted budgeting tool.xlt
[2012/04/16 00:42:04 | 000,007,287 | ---- | C] () -- C:\Users\Yolanda\KinderCare Learning Centers 4-16-12.htm
[2012/04/08 22:12:25 | 001,983,932 | ---- | C] () -- C:\Users\Yolanda\Columbia bunkbed assembly instructions.pdf
[2011/12/14 20:18:03 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/12/14 16:24:04 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/12/14 16:24:04 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/12/14 16:24:04 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/12/14 16:24:04 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/12/14 16:24:04 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/12/14 16:24:04 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/12/14 16:24:04 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/12/14 16:24:04 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/12/14 16:24:04 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/12/14 16:24:04 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/12/14 16:24:04 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/12/14 16:24:04 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/12/14 16:24:04 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/12/14 16:24:04 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/12/14 16:24:04 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/12/14 16:24:04 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/11/18 01:46:21 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini
[2011/11/08 01:30:02 | 000,000,552 | ---- | C] () -- C:\Users\Yolanda\AppData\Roaming\AbsoluteReminder.xml

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/11/18 00:18:59 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\Absolute
[2011/11/18 00:19:41 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\Absolute Software
[2012/07/02 14:02:59 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\bppenu11
[2012/02/08 00:06:10 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\com.amazon.music.uploader
[2012/02/06 19:40:46 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\Epson
[2013/08/02 00:12:16 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\libAgenspl90
[2012/02/20 00:29:15 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\supportdotcom
[2012/02/24 14:34:00 | 000,000,000 | ---D | M] -- C:\Users\Yolanda\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/07/30 03:55:12 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\Ä
[2013/07/30 03:55:12 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\Ä
[2012/10/07 21:14:44 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?q) -- C:\Windows\SysNative\q
[2012/10/07 21:14:44 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?q) -- C:\Windows\SysNative\q
[2012/06/12 01:09:03 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?U) -- C:\Windows\SysNative\U
[2012/06/12 01:09:03 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?U) -- C:\Windows\SysNative\U
[2012/06/10 00:46:38 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\½
[2012/06/10 00:46:38 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\½
[2012/06/03 13:23:49 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?M) -- C:\Windows\SysNative\M
[2012/06/03 13:23:49 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?M) -- C:\Windows\SysNative\M

< End of report >
  • 0

Advertisements


#2
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hello violetb and :welcome:

My name is Tom and I am going to be helping you with your malware removal. Please note that, as I am currently in training, all of my posts have to be approved by my instructor prior to me posting them.

Before we continue, I would like you to read the following text:

  • Some of my instructions may be carried out in safe mode, where you will not have access to GeeksToGo, I suggest you save or print my instructions for later reference
  • Please do not attach your logs to your post, instead I would like you to copy and paste the contents into your post
  • Please do NOT use any other tools, fixes or scripts unless instructed to do so by myself. Not only could this damage your system, but it will make it harder for me to fix your problem
  • If you do not understand any of my instructions, then feel free to ask me and I will explain in further detail
  • Please be patient. Malware removal is a long process and requires many steps, if you stick with me, I'll help you get through this
  • Stay with me until I deem your computer clean. A lack of symptoms does not always mean that the system is clean
  • Please make sure you have read and understood my instructions before continuing with them, spelling errors in the scripts etc. could cause adverse effects to your system
  • If you do not hear a reply from me in 36 hours, then simply post "bump" on the thread
  • Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed

I have submitted my fix and await my instructor's reply. Will get back to you as soon as possible!

Tom
  • 0

#3
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi violetb,

I know from past experience how frustrating it can be when you're infected with malware but it is very dangerous to throw multiple tools at an infection without supervision from a trained analyst. Should you get infected again in the future, I would recommend you come straight here before trying to remove it yourself. Modern day infections can be very complicated and take a while to remove completely :)

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CreateRestorePoint]
    
    :OTL
    MOD - [2013/07/31 19:39:48 | 000,277,504 | ---- | M] () -- C:\Users\Yolanda\AppData\Local\{869C35D8-82BE-4DD0-BAC4-4449FA89CE51}\{C7A9A436-36B6-4863-B102-2923DF8563AC}\kfakfdnh.dll
    IE - HKLM\..\SearchScopes\{acbd5593-e5ee-4c15-b48f-1823ce819dec}: "URL" = http://search.mywebs...r={searchTerms}
    O4 - HKCU..\Run: [{C7A9A436-36B6-4863-B102-2923DF8563AC}] C:\Users\Yolanda\AppData\Local\{869C35D8-82BE-4DD0-BAC4-4449FA89CE51}\{C7A9A436-36B6-4863-B102-2923DF8563AC}\kfakfdnh.dll ()
    O4 - HKCU..\Run: [Checker] rundll32 "C:\Users\Yolanda\AppData\Local\Temp\\\jbllge.dll",DllRegisterServer File not found
    [2013/08/01 23:29:09 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\opera172098.exe
    [2013/08/01 23:13:24 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\java863586.exe
    [2013/08/01 23:05:13 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig680055.exe
    [2013/08/01 23:05:13 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\firefox309024.exe
    [2013/08/01 22:52:54 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\notepad.exe
    [2013/08/01 22:42:03 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer.exe
    [2013/08/01 22:42:03 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\acrobatreader.exe
    [2013/08/01 22:28:54 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\chrome.exe
    [2013/07/18 16:02:46 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig928022.exe
    [2013/07/18 16:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck173346.exe
    [2013/07/18 16:02:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\csrss958544.exe
    [2013/07/18 16:02:43 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\conhost68164.exe
    [2013/07/18 16:02:41 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\firefox520732.exe
    [2013/07/18 15:59:51 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck429603.exe
    [2013/07/18 15:59:49 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jqs319019.exe
    [2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer938735.exe
    [2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer931615.exe
    [2013/07/18 15:59:48 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\java508518.exe
    [2013/07/18 15:59:46 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\conhost886471.exe
    [2013/07/18 15:59:45 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jucheck559367.exe
    [2013/07/18 15:59:38 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\vlcplayer971244.exe
    [2013/07/18 15:59:29 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\icq.exe
    [2013/07/18 15:59:29 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\flashplayer.exe
    [2013/07/18 15:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\mstsc.exe
    [2013/07/18 15:59:28 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\msconfig.exe
    [2013/07/18 15:59:27 | 000,000,000 | ---- | M] () -- C:\Users\Yolanda\jqs.exe
    [2013/07/18 16:01:29 | 000,000,338 | -H-- | C] () -- C:\Windows\tasks\{F236003E-0A82-4CFC-863D-9AC9E528CCF3}.job
    [2013/07/30 03:55:12 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\Ä
    [2013/07/30 03:55:12 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?Ä) -- C:\Windows\SysNative\Ä
    [2012/10/07 21:14:44 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?q) -- C:\Windows\SysNative\q
    [2012/10/07 21:14:44 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?q) -- C:\Windows\SysNative\q
    [2012/06/12 01:09:03 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?U) -- C:\Windows\SysNative\U
    [2012/06/12 01:09:03 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?U) -- C:\Windows\SysNative\U
    [2012/06/10 00:46:38 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\½
    [2012/06/10 00:46:38 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?½) -- C:\Windows\SysNative\½
    [2012/06/03 13:23:49 | 000,000,040 | ---- | M] ()(C:\Windows\SysNative\?M) -- C:\Windows\SysNative\M
    [2012/06/03 13:23:49 | 000,000,040 | ---- | C] ()(C:\Windows\SysNative\?M) -- C:\Windows\SysNative\M
    
    :Commands
    [EMPTYTEMP]
    [PURITY]
  • Click the Run Fix button.
  • After your computer has rebooted, run OTL by double-clicking on it.
  • Change the following options:

    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, two logs, OTL.txt and Extras.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

Tom
  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP