Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

LAN Settings, and can't DL into Quicken


  • Please log in to reply

#1
mom2dacl

mom2dacl

    Member

  • Member
  • PipPip
  • 19 posts
Been having ongoing problems with Google Chrome having an error that it cannot connect to Proxy server, and now Quicken cannot connect to internet to download transactions. I have no problem with firefox. When I tried to check my LAN settings, everything is grayed out. Not sure if this is a virus or not, but I am not sure where else to go!

OTL LOG:
OTL logfile created on: 10/22/2013 12:28:09 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 65.83% Memory free
5.75 Gb Paging File | 4.15 Gb Available in Paging File | 72.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 167.76 Gb Free Space | 58.51% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/09 09:57:12 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/10/05 21:11:22 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/05/23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/05/22 11:35:32 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/04/18 18:09:12 | 000,083,032 | ---- | M] (Intuit Inc.) -- C:\Program Files\Quicken\qw.exe
PRC - [2011/11/02 10:52:04 | 001,078,592 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160\AirNCFG.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 03:18:12 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\27a6e73c0755624c26d44b8b6668e31b\DeviceStoryAlbum.ni.dll
MOD - [2013/10/11 03:18:11 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\c93b714b4a4b55eb0d55562b81dac32b\DevicePodcast.ni.dll
MOD - [2013/10/11 03:18:09 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\6b2aab25fbef068ef5c624b49695ce8a\DeviceVideo.ni.dll
MOD - [2013/10/11 03:18:08 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\297ebfc1d2b70ad8d0bdb1fa292dc1b8\DevicePhoto.ni.dll
MOD - [2013/10/11 03:18:07 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\e2403a0d9cc222c77e84844355297f01\DeviceMusic.ni.dll
MOD - [2013/10/11 03:18:06 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\bc089ab19fde510e81307effaaea26c4\VideoManager.ni.dll
MOD - [2013/10/11 03:18:05 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\0a2726b312d1cef1a533add9591affb9\PhotoManager.ni.dll
MOD - [2013/10/11 03:18:04 | 001,989,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\59699c857c4e36453cded690f721def3\Phonebook.ni.dll
MOD - [2013/10/11 03:18:02 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\4d06a8ba70962227d57d8514e08378a8\StoryAlbumManager.ni.dll
MOD - [2013/10/11 03:18:00 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\d6ee7fb3180cfe544d68addac532d2f6\MusicManager.ni.dll
MOD - [2013/10/11 03:17:59 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\7acf811c070a14a4c44bf7eec0ffd8e6\BATPlugin.ni.dll
MOD - [2013/10/11 03:17:55 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f80ff300d4c2bd370f9d2df51e299f22\Kies.Common.MediaDB.ni.dll
MOD - [2013/10/11 03:17:53 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\fb52b0ad8114db00e5e6e90b075092c6\Kies.Common.DBManager.ni.dll
MOD - [2013/10/11 03:17:53 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6d35f68f510faa5857e50b47ac878141\Kies.Common.AllShare.ni.dll
MOD - [2013/10/11 03:17:52 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\2d70f4dbfe65050267c6e0d3bc3cedff\Podcaster.ni.dll
MOD - [2013/10/11 03:17:51 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b2c348463a17bcf2cf99440b3f48d0d7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/10/11 03:17:50 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a957773a626df77db2a35aec407c2b21\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/10/11 03:17:49 | 001,209,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\58c3f3ee053c80369d4f1a9ee5c6c451\Kies.Common.DeviceService.ni.dll
MOD - [2013/10/11 03:17:47 | 000,991,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\72a6b1517a710e0bdb47b6650451221a\DeviceCommonLib.ni.dll
MOD - [2013/10/11 03:17:45 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\a4b3a8d441bbacbc8e700f72c3eaee8f\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/10/11 03:17:43 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\311fa6637f04caa22eba4d556d330a6f\Kies.Common.MainUI.ni.dll
MOD - [2013/10/11 03:17:36 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\599f1505d4219ce57d7a64aece0a2822\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/10/11 03:17:33 | 002,213,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\e09380b9ec20c056eb0ee92218b5553a\Kies.Common.Multimedia.ni.dll
MOD - [2013/10/11 03:17:30 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e56fd66e01a04d9cb0a9a06b5e8a6fc8\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/10/11 03:17:24 | 007,111,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c3b2b55c49fdffcb1781fc3a36cff341\DeviceHost.ni.dll
MOD - [2013/10/11 03:17:15 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\0ff57576277322fcdf032eec3f0a2077\Kies.Common.Util.ni.dll
MOD - [2013/10/11 03:17:13 | 001,902,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\b9cc48f0e46320cf24bb93339e182551\Kies.UI.ni.dll
MOD - [2013/10/11 03:17:10 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\6cfb6056dfe610b88af47c21a80026b7\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/10/11 03:17:07 | 001,274,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\3a5a77c2b9b2461294ee77a924538113\Kies.Interface.ni.dll
MOD - [2013/10/11 03:16:38 | 002,177,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\9ca8022bbfc8eba7322f9d4890dceec8\Kies.ni.exe
MOD - [2013/10/11 03:09:05 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/11 03:08:49 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/11 03:08:41 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/11 03:08:37 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/10/11 03:08:31 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/09 09:57:11 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/10/05 21:11:19 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/15 03:15:19 | 017,221,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\b593e9ee0c411ab4c480cfc7b881f782\Kies.Theme.ni.dll
MOD - [2013/08/15 03:15:18 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\30347cf99dcac9f06c7060e3053f1e3e\DummyStorePlugin.ni.dll
MOD - [2013/08/15 03:14:55 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\0d402c4e5cfd2c857c9523c3483a0653\Kies.Common.StoreManager.ni.dll
MOD - [2013/08/15 03:14:54 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
MOD - [2013/08/15 03:14:49 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\13e3ee57f10e5285cc1f98e3a9c26e13\Kies.Common.CRMManager.ni.dll
MOD - [2013/08/15 03:14:46 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\11e54216f2aee21fbcbd3a751098cb7c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/08/15 03:14:22 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\1dd23f0d663e85fd7471859147b682e7\ZipStore.ni.dll
MOD - [2013/08/15 03:14:14 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2cf3987fcddce6b17d2b03aaa1c4b11b\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/08/15 03:14:00 | 001,646,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a8641a548883ae709df563915312e03\Kies.Locale.ni.dll
MOD - [2013/08/15 03:13:59 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\75c5aed1bb8bdca76b525643fbb233f1\Kies.MVVM.ni.dll
MOD - [2013/08/15 03:13:40 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 03:13:27 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f17c7bc239be0eb7661cbcd3cff1ea16\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 03:13:11 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 03:09:06 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/15 03:08:50 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/10 03:21:58 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\9f9f207dfba1cd5a166a9d504d527611\Interop.FUSCryptLib.ni.dll
MOD - [2013/07/10 03:21:57 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\89df88e12edd4cbc6f629a8e8c3f4e91\Interop.DevFileServiceLib.ni.dll
MOD - [2013/07/10 03:21:33 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5e5190fb957915307e495bd499202388\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/07/10 03:21:26 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\be9d4a331a41a83465c56b735845c86b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0cd09e4839a2bfe65311191d2e61c698\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\666b10af8e7a3ce91019a4f9688f318d\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/07/10 03:21:25 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\a474771ad225ef2b83d38a86a160ed53\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/07/10 03:21:21 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\e7571e6816ce81874b68fd4ae6f9d40d\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/07/10 03:21:09 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\abebd90a3673cde0cd3a1b81a9f18f86\CabLib.ni.dll
MOD - [2013/07/10 03:21:08 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4ae14b63968b4bfde39959e0e0728f95\Interop.DeviceSearchLib.ni.dll
MOD - [2013/07/10 03:17:46 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/06/22 14:55:10 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANPDApi.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/01/10 04:32:49 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011/09/14 13:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\wlanapp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/10/09 09:57:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 21:11:21 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe -- (D-Link Wireless N Dual Band DWA-160 _WPS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/06/27 15:15:01 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:15:01 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:15:01 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/02 00:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/09 14:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 21:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 21:11:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 21:11:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 21:11:10 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/09/28 09:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/04/19 19:14:30 | 001,107,661 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/10/05 21:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/05 21:11:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/10/05 21:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/05 21:11:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/09/26 11:08:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Privoxy] C:\Program Files\privoxy\starthelp.exe ()
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355BF47-CF84-48BF-AD2B-A72F6B586315}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/18 10:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/18 10:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/10/15 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86
[2013/10/15 19:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dolphin x86 4.0
[2013/10/15 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6
[2013/10/05 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/03 19:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/09/30 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/09/30 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/09/26 11:13:52 | 000,000,000 | ---D | C] -- C:\Users\Computer\AppData\Local\adawarebp

========== Files - Modified Within 30 Days ==========

[2013/10/22 12:31:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/22 12:24:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/22 12:23:40 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/22 12:23:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/21 10:45:34 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 10:45:34 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/21 10:37:36 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/19 15:22:48 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/19 15:22:48 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/15 19:05:54 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Dolphin x86.lnk
[2013/10/14 16:15:02 | 000,000,258 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/09/29 15:00:25 | 016,339,507 | ---- | M] () -- C:\Users\Public\Documents\Revised Marching Drill 2013.pdf
[2013/09/26 11:08:50 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts

========== Files Created - No Company Name ==========

[2013/10/15 19:05:54 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Dolphin x86.lnk
[2013/10/03 19:42:15 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/09/29 15:00:09 | 016,339,507 | ---- | C] () -- C:\Users\Public\Documents\Revised Marching Drill 2013.pdf
[2013/06/27 15:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/22 14:57:52 | 000,000,258 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/06/22 14:51:59 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/06/22 14:51:59 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/11/17 19:39:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Goodsol
[2013/07/07 20:30:35 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\Samsung
[2011/11/17 16:03:36 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinAVI
[2011/10/15 17:30:18 | 000,000,000 | ---D | M] -- C:\Users\Computer\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >


I appreciate your time!
Karen
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
O4 - HKLM..\Run: [Privoxy] C:\Program Files\privoxy\starthelp.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.25.2)

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10222013-some number.log so look there if you don't see it.

Is Chrome working now?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


Go on to the next step in either case:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#3
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Sorry, I have been sick and at work the last couple of days. I hope I attached all that you recommended I do. Chrome is working. Restarting to see if Quicken will connect in order to DL new transactions. Thanks for your help!

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Don't worry about delays. I don't keep track. Hope you are feeling better now.

Do you have the FRST.txt log?

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java 7 Update 25 (Version: 7.0.250)
Java™ 6 Update 37 (Version: 6.0.370)

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)

Also uninstall:
Yahoo! BrowserPlus 2.9.8
Web Protect for Windows

Looks like we have a problem with netbt.sys


Download ESET's Service Repair http://kb.eset.com/l...vicesRepair.exe and Save it then right click on it and Run As Admin.


Let's see if there is another copy:


Copy the text in the code box:

/md5start
netbt.sys
/md5stop


Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#5
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
here is the log you asked for.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2013 01
Ran by Computer (administrator) on COMPUTER-PC on 24-10-2013 20:03:56
Running from C:\Users\Computer\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
() C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(D-Link Corp.) C:\Program Files\D-Link\DWA-160\AirNCFG.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Samsung Electronics) C:\Program Files\Samsung\Kies\KiesAirMessage.exe
(Samsung) C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Google) C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intuit Inc.) C:\Program Files\Quicken\qw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3830224 2013-05-16] (Safer-Networking Ltd.)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554408 2013-05-15] (Lavasoft)
HKLM\...\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] - C:\Program Files\D-Link\DWA-160\AirNCFG.exe [1078592 2011-11-02] (D-Link Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [KiesTrayAgent] - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [KiesPreload] - C:\Program Files\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKCU\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {2070bdbf-f5b4-11e1-9748-00248c9d2640} - F:\LaunchU3.exe -a
HKU\Chris\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [ 2013-05-23] (Samsung)
HKU\Chris\...\Run: [SearchProtect] - C:\Users\Chris\AppData\Roaming\SearchProtect\bin\cltmng.exe
HKU\Chris\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [ 2013-10-08] (Valve Corporation)
HKU\Chris\...\Policies\system: [LogonHoursAction] 2
HKU\Chris\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\Dean\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-10-02] (Skype Technologies S.A.)
HKU\Dean\...\Policies\system: [LogonHoursAction] 2
HKU\Dean\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Computer\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 - C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: Yahoo! Toolbar - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: autofillForms - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\Extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll ()
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR HKLM\...\Chrome\Extension: [phegaokedjdajgnfphbnpkcfdgjbidko] - C:\ProgramData\adawaretb\toolbar\chrome\toolbar.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 D-Link Wireless N Dual Band DWA-160 _WPS; C:\Program Files\D-Link\DWA-160\ANIWConnService.exe [53248 2010-07-12] ()
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2010-05-29] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [61680 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [770344 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [369584 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [175176 2013-06-27] ()
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-31] (GFI Software)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [1265216 2011-09-09] (Ralink Technology Corp.)
S0 is3srv; system32\drivers\is3srv.sys [x]
S1 NetBT; System32\DRIVERS\netbt.sys [x]
S0 szkg5; system32\DRIVERS\szkg.sys [x]
S0 szkgfs; system32\drivers\szkgfs.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-24 20:03 - 2013-10-24 20:03 - 01088113 _____ (Farbar) C:\Users\Computer\Downloads\FRST.exe
2013-10-24 20:03 - 2013-10-24 20:03 - 00000000 ____D C:\FRST
2013-10-24 20:02 - 2013-10-24 20:02 - 01955412 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2013-10-24 19:33 - 2013-10-24 19:33 - 00000056 _____ C:\Windows\setupact.log
2013-10-24 19:33 - 2013-10-24 19:33 - 00000000 _____ C:\Windows\setuperr.log
2013-10-18 23:20 - 2013-10-18 23:20 - 00819136 _____ (Google Inc.) C:\Users\Chris\Downloads\googledrivesync.exe
2013-10-18 14:23 - 2013-10-18 14:23 - 13831464 _____ C:\Users\Chris\Downloads\This-is-my-Biome-Map.zip
2013-10-18 14:11 - 2013-10-18 14:14 - 19188669 _____ C:\Users\Chris\Downloads\EmpirePolis-March 2013.zip
2013-10-18 13:40 - 2013-10-18 13:41 - 00001324 _____ C:\Users\Chris\Desktop\desmume.ini
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\States
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Roms
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Cheats
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Battery
2013-10-18 10:35 - 2013-10-19 12:02 - 00000000 ____D C:\Program Files\Steam
2013-10-18 10:35 - 2013-10-18 10:35 - 00000000 _____ C:\Users\Chris\Documents\.crash
2013-10-18 10:34 - 2013-10-18 10:34 - 01669632 _____ C:\Users\Chris\Downloads\SteamInstall.msi
2013-10-18 00:15 - 2013-10-18 00:15 - 00000000 ____D C:\Users\Chris\Documents\Minecraft Parodies
2013-10-17 18:02 - 2013-10-17 18:04 - 96615938 _____ C:\Users\Guest\Downloads\Knights in the Nightmare.zip
2013-10-16 20:52 - 2013-10-16 20:52 - 00009671 _____ C:\Users\Guest\AppData\Local\recently-used.xbel
2013-10-16 18:49 - 2013-10-16 18:49 - 00291854 _____ C:\Users\Chris\Downloads\1.6.4 DamageIndicators v2.9.0.9.zip
2013-10-16 18:49 - 2013-10-16 18:49 - 00110893 _____ C:\Users\Chris\Downloads\TooManyItems2013_09_20_1.6.4.zip
2013-10-16 18:47 - 2013-10-16 18:47 - 00396089 _____ C:\Users\Chris\Downloads\zanMap164g3.zip
2013-10-15 19:41 - 2013-10-15 19:41 - 00000000 ____D C:\Users\Chris\Documents\Dolphin Emulator
2013-10-15 19:05 - 2013-10-15 19:06 - 00000000 ____D C:\Program Files\Dolphin x86 4.0
2013-10-15 19:05 - 2013-10-15 19:05 - 00001013 _____ C:\Users\Public\Desktop\Dolphin x86.lnk
2013-10-15 15:57 - 2013-10-15 15:57 - 00000000 ____D C:\Users\Dean\Documents\My Cheat Tables
2013-10-15 15:56 - 2013-10-15 15:56 - 00000000 ____D C:\Program Files\Cheat Engine 6
2013-10-15 15:55 - 2013-10-15 15:55 - 05184389 _____ (Dark Byte ) C:\Users\Guest\Downloads\CheatEngine60.exe
2013-10-14 20:26 - 2013-10-14 20:26 - 00747941 _____ C:\Users\Chris\Downloads\Contra III - The Alien Wars.zip
2013-10-14 20:24 - 2013-10-14 20:24 - 04924158 _____ C:\Users\Chris\Downloads\dolphin-4.0-x86.exe
2013-10-14 19:05 - 2013-10-19 09:40 - 00020911 _____ C:\Users\Chris\Desktop\zsnesw.cfg
2013-10-14 19:05 - 2013-10-19 09:40 - 00003818 _____ C:\Users\Chris\Desktop\zinput.cfg
2013-10-14 19:05 - 2013-10-19 09:36 - 00000252 _____ C:\Users\Chris\Desktop\rominfo.txt
2013-10-14 19:05 - 2013-10-19 09:35 - 00002480 _____ C:\Users\Chris\Desktop\zmovie.cfg
2013-10-14 19:05 - 2013-10-14 19:05 - 00008952 _____ C:\Users\Chris\Desktop\zfont.txt
2013-10-13 19:34 - 2013-10-13 19:34 - 00846864 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\IE10-Windows6.1-en-us.exe
2013-10-13 19:02 - 2013-10-19 09:27 - 00000000 ____D C:\Users\Chris\Desktop\Mine-imator v0.6.2 - Copy
2013-10-05 21:11 - 2013-10-05 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-04 23:59 - 2013-10-04 23:59 - 04924158 _____ C:\Users\Guest\Downloads\dolphin-4.0-x86.exe
2013-10-04 23:13 - 2013-10-15 16:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft
2013-10-04 23:13 - 2013-10-04 23:13 - 00675988 _____ C:\Users\Guest\Documents\Minecraft.exe
2013-10-04 20:55 - 2013-10-04 20:55 - 00675988 _____ C:\Users\Chris\Downloads\Minecraft(1).exe
2013-10-04 20:24 - 2013-10-04 20:27 - 00000000 ____D C:\Users\Chris\.gimp-2.8
2013-10-04 20:24 - 2013-10-04 20:24 - 00000000 ____D C:\Users\Chris\AppData\Local\gegl-0.2
2013-10-04 18:10 - 2013-10-05 09:56 - 00000000 ____D C:\Users\Chris\Desktop\Mine-imator v0.6.2
2013-10-04 18:09 - 2013-01-20 23:06 - 04961937 _____ (David "Davve" Norgren) C:\Users\Chris\Desktop\Mine-imator.exe
2013-10-03 20:20 - 2013-10-16 20:52 - 00000000 ____D C:\Users\Guest\AppData\Local\gtk-2.0
2013-10-03 20:20 - 2013-10-03 20:20 - 00000000 ____D C:\Users\Guest\.thumbnails
2013-10-03 19:42 - 2013-10-16 20:52 - 00000000 ____D C:\Users\Guest\.gimp-2.8
2013-10-03 19:42 - 2013-10-03 19:42 - 00000000 ____D C:\Users\Guest\AppData\Local\gegl-0.2
2013-10-03 19:38 - 2013-10-03 19:41 - 00000000 ____D C:\Program Files\GIMP 2
2013-09-30 18:04 - 2013-10-03 20:41 - 00077900 _____ C:\Users\Guest\Documents\Chapter III.III.pptx
2013-09-30 17:45 - 2013-09-30 17:45 - 00109280 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 17:38 - 2013-10-18 12:53 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2013-09-30 17:04 - 2013-10-19 15:24 - 00000000 ____D C:\Users\Guest\Documents\DeSmuME
2013-09-30 16:24 - 2013-09-30 16:24 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-09-30 16:24 - 2013-09-30 16:24 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-29 20:09 - 2013-09-29 20:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WinRAR
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Macromedia
2013-09-29 16:31 - 2013-09-29 16:31 - 00547530 _____ C:\Users\Chris\Downloads\FlansMod-3.1.1.jar
2013-09-29 16:29 - 2013-09-29 16:29 - 00236216 _____ (Tuguu S.L.U) C:\Users\Chris\Downloads\Player_Setup.exe
2013-09-26 11:13 - 2013-09-26 11:13 - 00000000 ____D C:\Users\Computer\AppData\Local\adawarebp

==================== One Month Modified Files and Folders =======

2013-10-24 20:03 - 2013-10-24 20:03 - 01088113 _____ (Farbar) C:\Users\Computer\Downloads\FRST.exe
2013-10-24 20:03 - 2013-10-24 20:03 - 00000000 ____D C:\FRST
2013-10-24 20:03 - 2011-10-18 15:20 - 00000000 ____D C:\Users\Dean
2013-10-24 20:02 - 2013-10-24 20:02 - 01955412 _____ (Farbar) C:\Users\Computer\Downloads\FRST64.exe
2013-10-24 20:02 - 2013-09-20 16:44 - 00000000 ____D C:\Users\Computer\Desktop\New computer fix
2013-10-24 19:58 - 2013-05-29 15:33 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-24 19:58 - 2011-10-15 17:21 - 01243400 _____ C:\Windows\WindowsUpdate.log
2013-10-24 19:57 - 2012-04-29 14:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 19:49 - 2013-05-29 15:33 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 19:41 - 2009-07-14 00:34 - 00018816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 19:41 - 2009-07-14 00:34 - 00018816 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 19:33 - 2013-10-24 19:33 - 00000056 _____ C:\Windows\setupact.log
2013-10-24 19:33 - 2013-10-24 19:33 - 00000000 _____ C:\Windows\setuperr.log
2013-10-24 19:33 - 2009-07-14 00:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-24 19:31 - 2013-09-06 23:38 - 00000000 ____D C:\Program Files\privoxy
2013-10-24 19:30 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\tracing
2013-10-22 12:42 - 2013-06-02 10:35 - 00080642 _____ C:\Users\Computer\Downloads\OTL.Txt
2013-10-21 10:55 - 2012-08-09 21:53 - 00000000 ____D C:\Users\Computer\Desktop\Word
2013-10-21 10:50 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\system32\NDF
2013-10-19 15:24 - 2013-09-30 17:04 - 00000000 ____D C:\Users\Guest\Documents\DeSmuME
2013-10-19 15:22 - 2011-10-15 17:32 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 13:15 - 2013-05-04 07:12 - 00000000 ____D C:\Users\Chris\AppData\Roaming\.minecraft
2013-10-19 12:19 - 2013-09-06 22:30 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Spotify
2013-10-19 12:02 - 2013-10-18 10:35 - 00000000 ____D C:\Program Files\Steam
2013-10-19 09:40 - 2013-10-14 19:05 - 00020911 _____ C:\Users\Chris\Desktop\zsnesw.cfg
2013-10-19 09:40 - 2013-10-14 19:05 - 00003818 _____ C:\Users\Chris\Desktop\zinput.cfg
2013-10-19 09:36 - 2013-10-14 19:05 - 00000252 _____ C:\Users\Chris\Desktop\rominfo.txt
2013-10-19 09:35 - 2013-10-14 19:05 - 00002480 _____ C:\Users\Chris\Desktop\zmovie.cfg
2013-10-19 09:27 - 2013-10-13 19:02 - 00000000 ____D C:\Users\Chris\Desktop\Mine-imator v0.6.2 - Copy
2013-10-18 23:20 - 2013-10-18 23:20 - 00819136 _____ (Google Inc.) C:\Users\Chris\Downloads\googledrivesync.exe
2013-10-18 14:23 - 2013-10-18 14:23 - 13831464 _____ C:\Users\Chris\Downloads\This-is-my-Biome-Map.zip
2013-10-18 14:14 - 2013-10-18 14:11 - 19188669 _____ C:\Users\Chris\Downloads\EmpirePolis-March 2013.zip
2013-10-18 13:41 - 2013-10-18 13:40 - 00001324 _____ C:\Users\Chris\Desktop\desmume.ini
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\States
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Roms
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Cheats
2013-10-18 13:40 - 2013-10-18 13:40 - 00000000 ____D C:\Users\Chris\Desktop\Battery
2013-10-18 12:59 - 2013-05-13 15:42 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Skype
2013-10-18 12:59 - 2013-02-20 19:05 - 00000000 ___RD C:\Users\Dean\Dropbox
2013-10-18 12:59 - 2013-02-20 19:02 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Dropbox
2013-10-18 12:53 - 2013-09-30 17:38 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Skype
2013-10-18 10:54 - 2013-05-13 15:42 - 00000000 ___RD C:\Program Files\Skype
2013-10-18 10:54 - 2013-05-13 15:42 - 00000000 ____D C:\ProgramData\Skype
2013-10-18 10:36 - 2013-08-08 10:38 - 03814961 _____ C:\Users\Chris\Documents\ClientRegistry.blob
2013-10-18 10:35 - 2013-10-18 10:35 - 00000000 _____ C:\Users\Chris\Documents\.crash
2013-10-18 10:35 - 2013-08-08 10:38 - 00012610 _____ C:\Users\Chris\Documents\debug.log
2013-10-18 10:35 - 2013-08-08 10:38 - 00004246 _____ C:\Users\Chris\Documents\steam.log
2013-10-18 10:35 - 2011-10-18 17:50 - 00000000 ____D C:\Users\Chris
2013-10-18 10:34 - 2013-10-18 10:34 - 01669632 _____ C:\Users\Chris\Downloads\SteamInstall.msi
2013-10-18 00:15 - 2013-10-18 00:15 - 00000000 ____D C:\Users\Chris\Documents\Minecraft Parodies
2013-10-17 19:30 - 2013-09-06 22:30 - 00000000 ____D C:\Users\Chris\AppData\Local\Spotify
2013-10-17 19:27 - 2013-06-14 17:16 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-17 19:27 - 2012-05-08 12:46 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-17 18:04 - 2013-10-17 18:02 - 96615938 _____ C:\Users\Guest\Downloads\Knights in the Nightmare.zip
2013-10-16 20:52 - 2013-10-16 20:52 - 00009671 _____ C:\Users\Guest\AppData\Local\recently-used.xbel
2013-10-16 20:52 - 2013-10-03 20:20 - 00000000 ____D C:\Users\Guest\AppData\Local\gtk-2.0
2013-10-16 20:52 - 2013-10-03 19:42 - 00000000 ____D C:\Users\Guest\.gimp-2.8
2013-10-16 18:49 - 2013-10-16 18:49 - 00291854 _____ C:\Users\Chris\Downloads\1.6.4 DamageIndicators v2.9.0.9.zip
2013-10-16 18:49 - 2013-10-16 18:49 - 00110893 _____ C:\Users\Chris\Downloads\TooManyItems2013_09_20_1.6.4.zip
2013-10-16 18:47 - 2013-10-16 18:47 - 00396089 _____ C:\Users\Chris\Downloads\zanMap164g3.zip
2013-10-15 19:41 - 2013-10-15 19:41 - 00000000 ____D C:\Users\Chris\Documents\Dolphin Emulator
2013-10-15 19:06 - 2013-10-15 19:05 - 00000000 ____D C:\Program Files\Dolphin x86 4.0
2013-10-15 19:05 - 2013-10-15 19:05 - 00001013 _____ C:\Users\Public\Desktop\Dolphin x86.lnk
2013-10-15 16:37 - 2013-10-04 23:13 - 00000000 ____D C:\Users\Guest\AppData\Roaming\.minecraft
2013-10-15 15:57 - 2013-10-15 15:57 - 00000000 ____D C:\Users\Dean\Documents\My Cheat Tables
2013-10-15 15:56 - 2013-10-15 15:56 - 00000000 ____D C:\Program Files\Cheat Engine 6
2013-10-15 15:55 - 2013-10-15 15:55 - 05184389 _____ (Dark Byte ) C:\Users\Guest\Downloads\CheatEngine60.exe
2013-10-15 14:23 - 2011-10-18 15:20 - 00000000 ____D C:\Users\Dean\AppData\Local\Mozilla
2013-10-14 20:26 - 2013-10-14 20:26 - 00747941 _____ C:\Users\Chris\Downloads\Contra III - The Alien Wars.zip
2013-10-14 20:24 - 2013-10-14 20:24 - 04924158 _____ C:\Users\Chris\Downloads\dolphin-4.0-x86.exe
2013-10-14 19:05 - 2013-10-14 19:05 - 00008952 _____ C:\Users\Chris\Desktop\zfont.txt
2013-10-14 16:15 - 2013-06-22 14:57 - 00000258 _____ C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
2013-10-13 19:40 - 2013-07-21 14:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Skype
2013-10-13 19:34 - 2013-10-13 19:34 - 00846864 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\IE10-Windows6.1-en-us.exe
2013-10-13 19:30 - 2013-08-08 10:39 - 00000000 ____D C:\Users\Chris\Documents\userdata
2013-10-13 19:30 - 2013-08-08 10:38 - 00000000 ____D C:\Users\Chris\Documents\dumps
2013-10-13 19:17 - 2011-10-18 17:55 - 00000000 ____D C:\Users\Chris\AppData\Local\Mozilla
2013-10-11 03:22 - 2011-11-03 08:21 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 03:20 - 2013-08-15 03:13 - 00000000 ____D C:\Windows\system32\MRT
2013-10-11 03:20 - 2009-07-13 22:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 03:17 - 2011-11-03 10:09 - 78106760 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-10-09 09:57 - 2012-04-29 14:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-10-09 09:57 - 2011-10-18 14:20 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-10-06 05:42 - 2011-10-18 13:34 - 00000000 ____D C:\Users\Computer\AppData\Local\Mozilla
2013-10-05 21:11 - 2013-10-05 21:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-05 09:56 - 2013-10-04 18:10 - 00000000 ____D C:\Users\Chris\Desktop\Mine-imator v0.6.2
2013-10-04 23:59 - 2013-10-04 23:59 - 04924158 _____ C:\Users\Guest\Downloads\dolphin-4.0-x86.exe
2013-10-04 23:13 - 2013-10-04 23:13 - 00675988 _____ C:\Users\Guest\Documents\Minecraft.exe
2013-10-04 20:55 - 2013-10-04 20:55 - 00675988 _____ C:\Users\Chris\Downloads\Minecraft(1).exe
2013-10-04 20:27 - 2013-10-04 20:24 - 00000000 ____D C:\Users\Chris\.gimp-2.8
2013-10-04 20:24 - 2013-10-04 20:24 - 00000000 ____D C:\Users\Chris\AppData\Local\gegl-0.2
2013-10-04 16:36 - 2013-06-26 11:43 - 00000000 ____D C:\Users\Chris\AppData\Local\Screencast-O-Matic
2013-10-03 20:56 - 2013-08-25 10:50 - 00000000 ____D C:\Users\Chris\Desktop\Desktop junk
2013-10-03 20:41 - 2013-09-30 18:04 - 00077900 _____ C:\Users\Guest\Documents\Chapter III.III.pptx
2013-10-03 20:20 - 2013-10-03 20:20 - 00000000 ____D C:\Users\Guest\.thumbnails
2013-10-03 20:20 - 2013-05-27 11:03 - 00000000 ____D C:\Users\Guest
2013-10-03 19:42 - 2013-10-03 19:42 - 00000000 ____D C:\Users\Guest\AppData\Local\gegl-0.2
2013-10-03 19:41 - 2013-10-03 19:38 - 00000000 ____D C:\Program Files\GIMP 2
2013-10-01 06:21 - 2013-05-13 18:53 - 00000000 ____D C:\Users\Chris\Documents\School
2013-09-30 17:45 - 2013-09-30 17:45 - 00109280 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-30 16:24 - 2013-09-30 16:24 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2013-09-30 16:24 - 2013-09-30 16:24 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-09-29 20:09 - 2013-09-29 20:09 - 00000000 ____D C:\Users\Guest\AppData\Roaming\WinRAR
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Mozilla
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Mozilla
2013-09-29 19:58 - 2013-09-29 19:58 - 00000000 ____D C:\Users\Guest\AppData\Local\Macromedia
2013-09-29 16:31 - 2013-09-29 16:31 - 00547530 _____ C:\Users\Chris\Downloads\FlansMod-3.1.1.jar
2013-09-29 16:29 - 2013-09-29 16:29 - 00236216 _____ (Tuguu S.L.U) C:\Users\Chris\Downloads\Player_Setup.exe
2013-09-26 11:13 - 2013-09-26 11:13 - 00000000 ____D C:\Users\Computer\AppData\Local\adawarebp
2013-09-26 11:12 - 2011-10-15 17:21 - 00000000 ____D C:\Users\Computer

Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Chris\jagex_cl_runescape_LIVE.dat
C:\Users\Chris\random.dat
C:\Users\Dean\jagex_cl_runescape_LIVE.dat
C:\Users\Dean\random.dat


Some content of TEMP:
====================
C:\Users\Guest\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-21 12:27

==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   29.03KB   136 downloads

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then run FRST again and hit the SCAN button and post the new log.
  • 0

#7
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2013 01
Ran by Computer at 2013-10-29 15:54:04 Run:1
Running from C:\Users\Computer\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\Chris\...\Run: [SearchProtect] - C:\Users\Chris\AppData\Roaming\SearchProtect\bin\cltmng.exe
Startup: C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Computer\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
SearchScopes: HKLM - DefaultScope value is missing.
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Extension: Yahoo! Toolbar - C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S0 is3srv; system32\drivers\is3srv.sys [x]
S0 szkg5; system32\DRIVERS\szkg.sys [x]
S0 szkgfs; system32\drivers\szkgfs.sys [x]
C:\ProgramData\hash.dat
C:\Users\Chris\jagex_cl_runescape_LIVE.dat
C:\Users\Chris\random.dat
C:\Users\Dean\jagex_cl_runescape_LIVE.dat
C:\Users\Dean\random.dat
Task: {0AEC2768-B478-49EA-B3A2-4C907A7FB6E1} - System32\Tasks\VisualBee-enabler => C:\Program Files\VisualBee\VisualBee-enabler.exe
Task: {34B71402-FCB0-4972-9B2F-37EA87D6CD5D} - System32\Tasks\VisualBee-firefoxinstaller => C:\Program Files\VisualBee\VisualBee-firefoxinstaller.exe
Task: {54362C1F-E11A-441B-9E89-FC9A5BFAD750} - System32\Tasks\VisualBee-updater => C:\Program Files\VisualBee\VisualBee-updater.exe
Task: {9F6C232A-B8E1-4F02-98F7-9C5DB5E3473E} - System32\Tasks\VisualBee-codedownloader => C:\Program Files\VisualBee\VisualBee-codedownloader.exe
Task: {D7CFBFE8-5534-4F20-9A22-72FEEBCA0319} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe
Task: {E231B026-D545-4751-8ADA-DF66FC6ABBA7} - System32\Tasks\VisualBee-chromeinstaller => C:\Program Files\VisualBee\VisualBee-chromeinstaller.exe
C:\Program Files\VisualBee
C:\Program Files\GoforFiles
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
cmd: netsh winsock reset catalog

*****************

HKU\Chris\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value deleted successfully.
C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk => Moved successfully.
C:\Users\Computer\AppData\Roaming\Dropbox\bin\Dropbox.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
C:\Users\Computer\AppData\Roaming\Mozilla\Firefox\Profiles\wevy5ckh.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} => Moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} => not found.
"C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
is3srv => Service deleted successfully.
szkg5 => Service deleted successfully.
szkgfs => Service deleted successfully.
C:\ProgramData\hash.dat => Moved successfully.
C:\Users\Chris\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Chris\random.dat => Moved successfully.
C:\Users\Dean\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Users\Dean\random.dat => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0AEC2768-B478-49EA-B3A2-4C907A7FB6E1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AEC2768-B478-49EA-B3A2-4C907A7FB6E1} => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-enabler => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-enabler => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{34B71402-FCB0-4972-9B2F-37EA87D6CD5D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34B71402-FCB0-4972-9B2F-37EA87D6CD5D} => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-firefoxinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-firefoxinstaller => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54362C1F-E11A-441B-9E89-FC9A5BFAD750} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54362C1F-E11A-441B-9E89-FC9A5BFAD750} => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9F6C232A-B8E1-4F02-98F7-9C5DB5E3473E} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9F6C232A-B8E1-4F02-98F7-9C5DB5E3473E} => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-codedownloader => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-codedownloader => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7CFBFE8-5534-4F20-9A22-72FEEBCA0319} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7CFBFE8-5534-4F20-9A22-72FEEBCA0319} => Key deleted successfully.
C:\Windows\System32\Tasks\GoforFilesUpdate => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoforFilesUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E231B026-D545-4751-8ADA-DF66FC6ABBA7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E231B026-D545-4751-8ADA-DF66FC6ABBA7} => Key deleted successfully.
C:\Windows\System32\Tasks\VisualBee-chromeinstaller => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\VisualBee-chromeinstaller => Key deleted successfully.
"C:\Program Files\VisualBee" => File/Directory not found.
"C:\Program Files\GoforFiles" => File/Directory not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath was set successfully to %SystemRoot%\System32\mswsock.dll

========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


==== End of Fixlog ====

OTL logfile created on: 10/29/2013 12:15:44 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Computer\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 1.72 Gb Available Physical Memory | 59.69% Memory free
5.75 Gb Paging File | 4.53 Gb Available in Paging File | 78.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286.73 Gb Total Space | 167.25 Gb Free Space | 58.33% Space Free | Partition Type: NTFS
Drive D: | 11.26 Gb Total Space | 1.55 Gb Free Space | 13.74% Space Free | Partition Type: NTFS

Computer Name: COMPUTER-PC | User Name: Computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/05 21:11:22 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/06/02 10:23:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Computer\Downloads\OTL.exe
PRC - [2013/05/23 15:17:00 | 001,106,288 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2013/05/23 15:16:56 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/05/23 15:16:52 | 001,561,968 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2013/05/22 11:35:32 | 000,578,560 | ---- | M] (Samsung Electronics) -- C:\Program Files\Samsung\Kies\KiesAirMessage.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/15 11:17:34 | 000,554,408 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012/11/22 22:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011/11/02 10:52:04 | 001,078,592 | ---- | M] (D-Link Corp.) -- C:\Program Files\D-Link\DWA-160\AirNCFG.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe
PRC - [2009/07/13 21:14:24 | 000,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/11 03:18:12 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceStoryAlbum\27a6e73c0755624c26d44b8b6668e31b\DeviceStoryAlbum.ni.dll
MOD - [2013/10/11 03:18:11 | 000,614,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\c93b714b4a4b55eb0d55562b81dac32b\DevicePodcast.ni.dll
MOD - [2013/10/11 03:18:09 | 000,300,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\6b2aab25fbef068ef5c624b49695ce8a\DeviceVideo.ni.dll
MOD - [2013/10/11 03:18:08 | 000,355,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\297ebfc1d2b70ad8d0bdb1fa292dc1b8\DevicePhoto.ni.dll
MOD - [2013/10/11 03:18:07 | 000,307,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceMusic\e2403a0d9cc222c77e84844355297f01\DeviceMusic.ni.dll
MOD - [2013/10/11 03:18:06 | 000,474,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\VideoManager\bc089ab19fde510e81307effaaea26c4\VideoManager.ni.dll
MOD - [2013/10/11 03:18:05 | 000,782,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PhotoManager\0a2726b312d1cef1a533add9591affb9\PhotoManager.ni.dll
MOD - [2013/10/11 03:18:04 | 001,989,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Phonebook\59699c857c4e36453cded690f721def3\Phonebook.ni.dll
MOD - [2013/10/11 03:18:02 | 000,207,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\StoryAlbumManager\4d06a8ba70962227d57d8514e08378a8\StoryAlbumManager.ni.dll
MOD - [2013/10/11 03:18:00 | 000,945,152 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\MusicManager\d6ee7fb3180cfe544d68addac532d2f6\MusicManager.ni.dll
MOD - [2013/10/11 03:17:59 | 000,404,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\BATPlugin\7acf811c070a14a4c44bf7eec0ffd8e6\BATPlugin.ni.dll
MOD - [2013/10/11 03:17:55 | 000,534,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\f80ff300d4c2bd370f9d2df51e299f22\Kies.Common.MediaDB.ni.dll
MOD - [2013/10/11 03:17:53 | 000,066,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\fb52b0ad8114db00e5e6e90b075092c6\Kies.Common.DBManager.ni.dll
MOD - [2013/10/11 03:17:53 | 000,063,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\6d35f68f510faa5857e50b47ac878141\Kies.Common.AllShare.ni.dll
MOD - [2013/10/11 03:17:52 | 001,146,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Podcaster\2d70f4dbfe65050267c6e0d3bc3cedff\Podcaster.ni.dll
MOD - [2013/10/11 03:17:51 | 000,283,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\b2c348463a17bcf2cf99440b3f48d0d7\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2013/10/11 03:17:50 | 000,580,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\a957773a626df77db2a35aec407c2b21\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2013/10/11 03:17:49 | 001,209,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\58c3f3ee053c80369d4f1a9ee5c6c451\Kies.Common.DeviceService.ni.dll
MOD - [2013/10/11 03:17:47 | 000,991,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\72a6b1517a710e0bdb47b6650451221a\DeviceCommonLib.ni.dll
MOD - [2013/10/11 03:17:45 | 000,743,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Plugin.Content#\a4b3a8d441bbacbc8e700f72c3eaee8f\Kies.Plugin.ContentsManagerLib.ni.dll
MOD - [2013/10/11 03:17:43 | 000,205,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\311fa6637f04caa22eba4d556d330a6f\Kies.Common.MainUI.ni.dll
MOD - [2013/10/11 03:17:36 | 000,928,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\599f1505d4219ce57d7a64aece0a2822\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2013/10/11 03:17:33 | 002,213,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\e09380b9ec20c056eb0ee92218b5553a\Kies.Common.Multimedia.ni.dll
MOD - [2013/10/11 03:17:30 | 000,638,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e56fd66e01a04d9cb0a9a06b5e8a6fc8\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2013/10/11 03:17:24 | 007,111,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DeviceHost\c3b2b55c49fdffcb1781fc3a36cff341\DeviceHost.ni.dll
MOD - [2013/10/11 03:17:15 | 000,282,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\0ff57576277322fcdf032eec3f0a2077\Kies.Common.Util.ni.dll
MOD - [2013/10/11 03:17:13 | 001,902,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\b9cc48f0e46320cf24bb93339e182551\Kies.UI.ni.dll
MOD - [2013/10/11 03:17:10 | 000,160,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\6cfb6056dfe610b88af47c21a80026b7\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2013/10/11 03:17:07 | 001,274,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\3a5a77c2b9b2461294ee77a924538113\Kies.Interface.ni.dll
MOD - [2013/10/11 03:16:38 | 002,177,536 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\9ca8022bbfc8eba7322f9d4890dceec8\Kies.ni.exe
MOD - [2013/10/11 03:09:05 | 018,022,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll
MOD - [2013/10/11 03:08:49 | 011,527,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll
MOD - [2013/10/11 03:08:41 | 001,014,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll
MOD - [2013/10/11 03:08:37 | 003,883,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll
MOD - [2013/10/11 03:08:31 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll
MOD - [2013/10/05 21:11:19 | 003,279,768 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/08/15 03:15:19 | 017,221,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\b593e9ee0c411ab4c480cfc7b881f782\Kies.Theme.ni.dll
MOD - [2013/08/15 03:15:18 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\30347cf99dcac9f06c7060e3053f1e3e\DummyStorePlugin.ni.dll
MOD - [2013/08/15 03:14:55 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\0d402c4e5cfd2c857c9523c3483a0653\Kies.Common.StoreManager.ni.dll
MOD - [2013/08/15 03:14:54 | 000,232,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\c5efe841e2998c266e0f5e29bed04b55\ASF_cSharpAPI.ni.dll
MOD - [2013/08/15 03:14:49 | 000,109,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.CRMMana#\13e3ee57f10e5285cc1f98e3a9c26e13\Kies.Common.CRMManager.ni.dll
MOD - [2013/08/15 03:14:46 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\11e54216f2aee21fbcbd3a751098cb7c\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2013/08/15 03:14:22 | 000,080,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ZipStore\1dd23f0d663e85fd7471859147b682e7\ZipStore.ni.dll
MOD - [2013/08/15 03:14:14 | 000,187,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\2cf3987fcddce6b17d2b03aaa1c4b11b\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2013/08/15 03:14:00 | 001,646,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a8641a548883ae709df563915312e03\Kies.Locale.ni.dll
MOD - [2013/08/15 03:13:59 | 000,079,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\75c5aed1bb8bdca76b525643fbb233f1\Kies.MVVM.ni.dll
MOD - [2013/08/15 03:13:40 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll
MOD - [2013/08/15 03:13:27 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\f17c7bc239be0eb7661cbcd3cff1ea16\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 03:13:11 | 001,812,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll
MOD - [2013/08/15 03:09:06 | 005,628,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll
MOD - [2013/08/15 03:08:50 | 009,100,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll
MOD - [2013/07/10 03:21:58 | 000,043,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.FUSCryptLib\9f9f207dfba1cd5a166a9d504d527611\Interop.FUSCryptLib.ni.dll
MOD - [2013/07/10 03:21:57 | 000,175,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\89df88e12edd4cbc6f629a8e8c3f4e91\Interop.DevFileServiceLib.ni.dll
MOD - [2013/07/10 03:21:33 | 000,045,568 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5e5190fb957915307e495bd499202388\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2013/07/10 03:21:26 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\be9d4a331a41a83465c56b735845c86b\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\0cd09e4839a2bfe65311191d2e61c698\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2013/07/10 03:21:26 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\666b10af8e7a3ce91019a4f9688f318d\Interop.PRPLAYERCORELib.ni.dll
MOD - [2013/07/10 03:21:25 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\a474771ad225ef2b83d38a86a160ed53\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2013/07/10 03:21:21 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceServi#\e7571e6816ce81874b68fd4ae6f9d40d\Interop.DeviceServiceModelDBLib.ni.dll
MOD - [2013/07/10 03:21:09 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\abebd90a3673cde0cd3a1b81a9f18f86\CabLib.ni.dll
MOD - [2013/07/10 03:21:08 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\4ae14b63968b4bfde39959e0e0728f95\Interop.DeviceSearchLib.ni.dll
MOD - [2013/07/10 03:17:46 | 014,418,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll
MOD - [2013/06/22 14:55:10 | 000,315,392 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\ANPDApi.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2011/09/14 13:56:20 | 000,294,912 | ---- | M] () -- C:\Program Files\D-Link\DWA-160\wlanapp.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/10/09 09:57:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/05 21:11:21 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/28 17:47:18 | 000,563,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/10/19 03:01:27 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/12 14:39:24 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Program Files\D-Link\DWA-160\ANIWConnService.exe -- (D-Link Wireless N Dual Band DWA-160 _WPS)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | System | Stopped] -- System32\DRIVERS\netbt.sys -- (NetBT)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
DRV - [2013/06/27 15:15:01 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/06/27 15:15:01 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/06/27 15:15:01 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/06/04 09:15:02 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2013/05/31 08:58:50 | 000,013,560 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\gfibto.sys -- (gfibto)
DRV - [2013/05/09 04:59:10 | 000,061,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/05/09 04:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/05/09 04:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/05/09 04:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/05/09 04:59:08 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/05/02 00:23:50 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/09/09 14:45:20 | 001,265,216 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Dnetr28u.sys -- (netr28u)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/07/29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/05/29 07:58:30 | 000,012,800 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\anodlwf.sys -- (anodlwf)
DRV - [2009/07/29 08:41:00 | 009,790,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 19:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 18:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AGERESoftModem)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 21:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 21:11:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/05 21:11:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/05 21:11:10 | 000,000,000 | ---D | M]

[2011/10/18 13:34:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Extensions
[2013/10/24 20:03:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/12/10 17:46:10 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\[email protected]
[2013/10/24 20:03:10 | 001,195,896 | ---- | M] () (No name found) -- C:\Users\Computer\AppData\Roaming\mozilla\firefox\profiles\wevy5ckh.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}.xpi
[2013/10/05 21:11:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/05 21:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/05 21:11:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Computer\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - Extension: Chrome In-App Payments service = C:\Users\Computer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/09/26 11:08:50 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [D-Link D-Link Wireless N Dual Band DWA-160 ] C:\Program Files\D-Link\DWA-160\AirNCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{225B6366-C854-438B-8416-7A00E37DF294}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F355BF47-CF84-48BF-AD2B-A72F6B586315}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell - "" = AutoRun
O33 - MountPoints2\{2070bdbf-f5b4-11e1-9748-00248c9d2640}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean.exe)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/29 11:39:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\CC Support
[2013/10/24 20:03:39 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/18 10:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/10/18 10:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2013/10/15 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86
[2013/10/15 19:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\Dolphin x86 4.0
[2013/10/15 15:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6
[2013/10/05 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/03 19:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013/09/30 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013/09/30 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump

========== Files - Modified Within 30 Days ==========

[2013/10/29 12:12:04 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/29 11:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/29 11:49:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/29 11:48:20 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 11:48:20 | 000,018,816 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/29 11:40:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/29 11:40:34 | 2314,067,968 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/29 08:37:38 | 000,001,426 | ---- | M] () -- C:\Users\Computer\Desktop\VEW.exe - Shortcut.lnk
[2013/10/19 15:22:48 | 000,624,162 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/10/19 15:22:48 | 000,106,538 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/10/15 19:05:54 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Dolphin x86.lnk
[2013/10/14 16:15:02 | 000,000,258 | ---- | M] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/10/09 09:57:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/10/09 09:57:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/29 15:00:25 | 016,339,507 | ---- | M] () -- C:\Users\Public\Documents\Revised Marching Drill 2013.pdf

========== Files Created - No Company Name ==========

[2013/10/29 08:37:32 | 000,001,426 | ---- | C] () -- C:\Users\Computer\Desktop\VEW.exe - Shortcut.lnk
[2013/10/15 19:05:54 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Dolphin x86.lnk
[2013/10/03 19:42:15 | 000,001,049 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013/09/29 15:00:09 | 016,339,507 | ---- | C] () -- C:\Users\Public\Documents\Revised Marching Drill 2013.pdf
[2013/06/27 15:15:01 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/26 13:37:31 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/22 14:57:52 | 000,000,258 | ---- | C] () -- C:\Users\Computer\AppData\Roaming\ANICONFIG_{F355BF47-CF84-48BF-AD2B-A72F6B586315}.ini
[2013/06/22 14:51:59 | 000,014,119 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2013/06/22 14:51:59 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys
[2013/05/22 20:43:52 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/05/22 20:43:48 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2013/05/22 20:43:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2013/05/22 20:43:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2013/05/22 20:43:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2013/05/15 20:18:56 | 000,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/17 09:33:06 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/03/17 09:33:05 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2012/02/20 17:09:23 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/07 09:48:49 | 000,004,608 | ---- | C] () -- C:\Users\Computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08:44:34 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/10/18 08:21:23 | 000,000,632 | RHS- | C] () -- C:\Users\Computer\ntuser.pol

========== ZeroAccess Check ==========

[2009/07/14 00:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 21:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< MD5 for: NETBT.SYS >
[2009/07/13 19:12:21 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=DD52A733BF4CA5AF84562A5E2F963B91 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys

< End of report >

Attached Files

  • Attached File  OTL2.Txt   77.12KB   94 downloads

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:OTL
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\szkgfs.sys -- (szkgfs)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\szkg.sys -- (szkg5)
DRV - File not found [Kernel | Boot | Stopped] -- system32\drivers\is3srv.sys -- (is3srv)
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
[2013/08/23 09:04:05 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Computer\AppData\Roaming\mozilla\Firefox\Profiles\wevy5ckh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O34 - HKLM BootExecute: (sdnclean.exe)
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

:files
C:\WINDOWS\system32\drivers\netbt.sys|C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7600.16385_none_603b1e855897bcd6\netbt.sys /replace
net start netbt /c

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\10292013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
If you don't get a log, run Combofix a second time. If you get an error about a registry entry being deleted then just reboot again.

Run OTL again, Quickscan and post the log. How is it running now?
  • 0

#9
mom2dacl

mom2dacl

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
OTL keeps going unresponsive when I try to run the fix. any ideas?
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Let's see if it did anything:

Copy the text in the code box:

/md5start
netbt.sys
/md5stop



Run OTL (Vista or Win 7 => right click and Run As Administrator)
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.

Go on and do the other steps (aswMBR and Combofix)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP