jonbutch
-
Content Count
19 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by jonbutch
-
-
I did remove that update 37, but it scanned adobe when I downloaded it.
-
All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E42C384F-5050-482E-946A-75D19B6ABF00}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\ not found.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: JoAn->Java cache emptied: 406311 bytesUser: PublicTotal Java Files Cleaned = 0.00 mb[EMPTYFLASH]User: All UsersUser: Default->Flash cache emptied: 56468 bytesUser: Default User->Flash cache emptied: 0 bytesUser: JoAn->Flash cache emptied: 39918 bytesUser: PublicTotal Flash Files Cleaned = 0.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes->Flash cache emptied: 0 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: JoAn->Temp folder emptied: 4800449 bytes->Temporary Internet Files folder emptied: 74805720 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 444571693 bytes->Flash cache emptied: 0 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 3149183 bytes%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytesRecycleBin emptied: 39354085 bytesTotal Files Cleaned = 540.00 mbC:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore PointOTL by OldTimer - Version 3.2.69.0 log created on 11142013_092050Files\Folders moved on Reboot...PendingFileRenameOperations files...Registry entries deleted on Reboot...
-
TL logfile created on: 11/14/2013 8:31:03 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JoAn\DownloadsHome Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 58.92% Memory free5.99 Gb Paging File | 4.19 Gb Available in Paging File | 70.03% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFSComputer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All usersCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/11/14 08:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL (1).comPRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.comPRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exePRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exePRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exePRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exePRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exePRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exePRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exePRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exePRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exePRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXEPRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEPRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXEPRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exePRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exePRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exePRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exePRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exePRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exePRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe========== Modules (No Company Name) ==========MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dllMOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dllMOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dllMOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dllMOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dllMOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dllMOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dllMOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dllMOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dllMOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dllMOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dllMOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dllMOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dllMOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dllMOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exeMOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeMOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dllMOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dllMOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dllMOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dllMOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dllMOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dllMOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dllMOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dllMOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dllMOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dllMOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dllMOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dllMOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dllMOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dllMOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dllMOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dllMOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dllMOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dllMOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dllMOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dllMOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dllMOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dllMOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dllMOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dllMOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dllMOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dllMOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dllMOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dllMOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll========== Services (SafeList) ==========SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper)SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV)SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters)SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr)DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15)DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG)DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86)DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86)DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022)DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022)DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS)DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBoxIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M]========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)O4 - HKU\S-1-5-21-4144150036-1733957249-969350786-1001..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe ()O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O13 - gopher Prefix: missingO16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRunO33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=trueO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll[2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll[2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine[2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll[2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll[2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll[2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe[2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe[2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll[2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll[2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll[2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll[2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll[2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll[2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL[2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe[2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe[2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe[2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll[2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill========== Files - Modified Within 30 Days ==========[2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys[2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll[2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll[2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe[2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe[2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe[2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll[2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job========== Files Created - No Company Name ==========[2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe[2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0}[2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini========== ZeroAccess Check ==========[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both========== Purity Check ==========< End of report >
-
OTL logfile created on: 11/14/2013 8:29:16 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JoAn\DownloadsHome Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.00 Gb Total Physical Memory | 1.73 Gb Available Physical Memory | 57.89% Memory free5.99 Gb Paging File | 4.16 Gb Available in Paging File | 69.47% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program FilesDrive C: | 218.20 Gb Total Space | 176.20 Gb Free Space | 80.75% Space Free | Partition Type: NTFSComputer Name: JOAN-PC | User Name: JoAn | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current userCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/11/14 08:27:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JoAn\Downloads\OTL.comPRC - [2013/11/06 01:26:09 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exePRC - [2013/08/01 17:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exePRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exePRC - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/11/22 19:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exePRC - [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exePRC - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exePRC - [2010/10/27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exePRC - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exePRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exePRC - [2009/11/06 08:50:18 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exePRC - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exePRC - [2009/07/16 21:57:36 | 004,562,944 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXEPRC - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEPRC - [2009/07/16 21:57:04 | 003,086,848 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXEPRC - [2009/06/29 00:59:00 | 000,217,088 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exePRC - [2009/06/29 00:59:00 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exePRC - [2009/06/29 00:59:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exePRC - [2009/06/29 00:59:00 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exePRC - [2009/06/24 19:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exePRC - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exePRC - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe========== Modules (No Company Name) ==========MOD - [2013/11/06 01:26:07 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppgooglenaclpluginchrome.dllMOD - [2013/11/06 01:26:06 | 013,582,800 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\PepperFlash\pepflashplayer.dllMOD - [2013/11/06 01:26:05 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dllMOD - [2013/11/06 01:25:13 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libglesv2.dllMOD - [2013/11/06 01:25:12 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\libegl.dllMOD - [2013/11/06 01:25:10 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.48\ffmpegsumo.dllMOD - [2013/09/12 02:26:12 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dllMOD - [2013/09/12 02:26:00 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dllMOD - [2013/08/15 02:27:31 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/07/12 04:26:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2013/06/04 18:22:32 | 000,481,280 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\Genie.dllMOD - [2013/05/27 23:21:30 | 004,334,592 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Map.dllMOD - [2013/05/14 19:56:24 | 008,432,128 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Resource.dllMOD - [2013/05/13 22:18:30 | 000,931,840 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Ui.dllMOD - [2013/05/09 20:12:10 | 000,229,888 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Airprint.dllMOD - [2013/04/27 23:25:56 | 001,205,760 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dllMOD - [2013/04/07 04:42:00 | 000,123,136 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\genie2_tray.exeMOD - [2013/04/07 04:38:46 | 001,044,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeMOD - [2013/03/27 01:52:32 | 000,500,736 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dllMOD - [2013/03/27 01:51:52 | 000,714,240 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_Update.dllMOD - [2013/03/27 01:51:40 | 000,641,536 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Statistics.dllMOD - [2013/03/27 01:51:26 | 001,198,080 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dllMOD - [2013/03/27 01:50:02 | 000,186,368 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DragonNetTool.dllMOD - [2013/03/27 01:49:54 | 000,116,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupApiPlugin.dllMOD - [2013/03/27 01:49:40 | 000,485,376 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dllMOD - [2013/03/27 01:49:26 | 000,438,272 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Wireless.dllMOD - [2013/03/27 01:43:48 | 001,067,520 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\GeniePlugin_Internet.dllMOD - [2013/03/27 01:42:54 | 000,137,728 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnosePlugin.dllMOD - [2013/03/27 01:42:52 | 000,088,064 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QRCode.dllMOD - [2013/03/27 01:42:50 | 001,553,920 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SvtNetworkTool.dllMOD - [2013/03/26 19:58:14 | 000,074,752 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\NetcardApi.dllMOD - [2013/03/26 19:58:12 | 000,136,704 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\airprintdll.dllMOD - [2013/03/26 19:58:08 | 000,139,264 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\DiagnoseDll.dllMOD - [2013/03/26 19:58:06 | 000,072,192 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\SVTUtils.dllMOD - [2013/03/26 19:58:06 | 000,066,560 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\WSetupDll.dllMOD - [2013/02/18 23:46:06 | 009,814,016 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtGui4.dllMOD - [2013/02/18 23:46:06 | 002,537,472 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtCore4.dllMOD - [2013/02/18 23:46:06 | 001,140,224 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtNetwork4.dllMOD - [2013/02/18 23:46:00 | 000,399,360 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\QtXml4.dllMOD - [2013/02/18 23:46:00 | 000,287,232 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qjpeg4.dllMOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qico4.dllMOD - [2013/02/18 23:46:00 | 000,083,456 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\imageformats\qgif4.dllMOD - [2013/02/18 23:46:00 | 000,043,008 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\libgcc_s_dw2-1.dllMOD - [2013/02/18 23:46:00 | 000,011,362 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\mingwm10.dllMOD - [2012/11/29 02:56:00 | 003,332,720 | ---- | M] () -- C:\Program Files\NETGEAR Genie\bin\drivers\libntgr_api.dllMOD - [2012/05/30 07:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files\Norton 360\Engine\20.4.0.40\wincfi39.dllMOD - [2009/07/16 21:57:02 | 000,055,808 | ---- | M] () -- C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll========== Services (SafeList) ==========SRV - [2013/10/08 19:53:55 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/05/26 21:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe -- (N360)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/02/11 15:44:38 | 000,139,776 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exe -- (VZWConfigService)SRV - [2010/06/03 13:49:52 | 000,215,552 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exe -- (NWHelper)SRV - [2010/03/27 20:42:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)SRV - [2009/11/06 08:50:18 | 000,229,458 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\stacsv.exe -- (STacSV)SRV - [2009/07/16 21:57:36 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE -- (wltrysvc)SRV - [2009/07/13 18:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)SRV - [2009/03/02 11:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\AEstSrv.exe -- (AESTFilters)SRV - [2007/02/12 01:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH)========== Driver Services (SafeList) ==========DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\JoAn\AppData\Local\Temp\mbr.sys -- (mbr)DRV - [2013/11/09 09:34:05 | 001,612,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVEX15.SYS -- (NAVEX15)DRV - [2013/11/09 09:34:05 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131113.023\NAVENG.SYS -- (NAVENG)DRV - [2013/10/28 11:13:17 | 000,393,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131113.002\IDSvix86.sys -- (IDSVix86)DRV - [2013/10/22 16:11:14 | 001,096,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx86.sys -- (BHDrvx86)DRV - [2013/08/27 12:19:45 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)DRV - [2013/08/26 21:55:15 | 000,376,920 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)DRV - [2013/08/26 21:55:15 | 000,108,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2013/08/20 09:34:10 | 000,142,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)DRV - [2013/05/22 22:25:28 | 000,934,488 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymEFA.sys -- (SymEFA)DRV - [2013/05/20 22:02:00 | 000,367,704 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\1404000.028\SymDS.sys -- (SymDS)DRV - [2013/05/15 22:02:14 | 000,603,224 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtsp.sys -- (SRTSP)DRV - [2013/04/24 17:43:56 | 000,339,544 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\symnets.sys -- (SymNetS)DRV - [2013/04/15 19:41:14 | 000,134,744 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\ccSetx86.sys -- (ccSet_N360)DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)DRV - [2013/03/04 18:39:19 | 000,175,264 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\Ironx86.sys -- (SymIRON)DRV - [2013/03/04 18:21:35 | 000,032,344 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\1404000.028\srtspx.sys -- (SRTSPX)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_022.sys -- (NWUSBPort2_022)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_022.sys -- (NWUSBPort_022)DRV - [2011/03/01 13:44:26 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_022.sys -- (NWUSBModem_022)DRV - [2011/03/01 13:44:24 | 000,243,712 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWRmNet_022.sys -- (NWRmNet_022)DRV - [2010/11/20 03:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV - [2010/11/20 02:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)DRV - [2009/11/06 08:50:18 | 000,420,864 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)DRV - [2009/07/16 21:56:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)DRV - [2009/07/13 16:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)DRV - [2009/06/11 07:39:00 | 009,765,568 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)DRV - [2009/05/22 02:17:52 | 000,058,528 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR)DRV - [2009/05/07 02:47:12 | 000,041,504 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR)DRV - [2009/03/24 16:25:24 | 000,197,680 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)DRV - [2008/06/09 08:41:28 | 000,332,288 | ---- | M] (Novatel Wireless, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NWVNdis.sys -- (NWVNDIS)DRV - [2008/06/09 08:41:28 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)DRV - [2008/05/27 15:03:00 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{E42C384F-5050-482E-946A-75D19B6ABF00}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLSDF8&pc=MDDS&src=IE-SearchBoxIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USSMB/1IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013IE - HKCU\..\SearchScopes,DefaultScope =IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>========== FireFox ==========FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\IPSFF [2013/10/09 18:56:55 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\coFFPlgn\ [2013/11/14 06:52:13 | 000,000,000 | ---D | M]========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.msn.com/?pc=U141&ocid=U141DHP&dt=072013CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\pdf.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.48\gcswf32.dllCHR - plugin: Norton Confidential (Enabled) = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dllCHR - plugin: Java Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dllCHR - Extension: Entanglement Web App = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\3.4.9_0\CHR - Extension: Poppit = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\CHR - Extension: Norton Identity Protection = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\CHR - Extension: Google Wallet = C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hostsO2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.dll (Symantec Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\20.4.0.40\CoIEPlg.dll (Symantec Corporation)O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)O4 - HKLM..\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O13 - gopher Prefix: missingO16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} http://76.10.86.11//activex/AMC.cab (Reg Error: Key error.)O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 10.45.2)O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)O16 - DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab (Java Plug-in 1.7.0_45)O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27D0F1AC-E3DB-4C3E-B184-D4030F18D260}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DF1F4B1-4535-4941-BED8-9A7762F58584}: DhcpNameServer = 66.174.92.14 66.174.95.44O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell - "" = AutoRunO33 - MountPoints2\{4a60b62e-4f97-11df-a90d-0026b9aaf02c}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=trueO34 - HKLM BootExecute: (autocheck autochk *)O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/11/14 07:28:08 | 000,873,384 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll[2013/11/14 07:28:07 | 000,796,072 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll[2013/11/14 07:14:49 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Desktop\RK_Quarantine[2013/11/14 06:37:41 | 000,000,000 | ---D | C] -- C:\Users\JoAn\AppData\Roaming\Malwarebytes[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/14 06:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/14 06:37:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys[2013/11/14 06:37:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2013/11/14 06:28:08 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/14 06:09:25 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/11/14 03:02:50 | 002,877,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll[2013/11/14 03:02:50 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb[2013/11/14 03:02:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll[2013/11/14 03:02:49 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll[2013/11/14 03:02:49 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll[2013/11/14 03:02:48 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll[2013/11/14 03:02:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll[2013/11/14 03:02:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe[2013/11/14 03:02:48 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe[2013/11/14 03:02:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll[2013/11/13 16:03:56 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll[2013/11/13 16:03:56 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll[2013/11/13 16:03:49 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll[2013/11/13 16:03:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll[2013/11/13 16:03:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshwfp.dll[2013/11/13 16:03:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL[2013/11/12 05:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java[2013/11/12 05:14:05 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe[2013/11/12 05:13:59 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe[2013/11/12 05:13:59 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe[2013/11/12 05:13:59 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll[2013/11/12 05:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2013/11/12 05:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle[2013/10/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Users\JoAn\Documents\2013-10-16 bill========== Files - Modified Within 30 Days ==========[2013/11/14 08:31:57 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/14 07:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/11/14 07:12:14 | 000,891,200 | ---- | M] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/14 06:57:32 | 000,014,240 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/14 06:54:38 | 000,624,412 | ---- | M] () -- C:\Windows\System32\perfh009.dat[2013/11/14 06:54:38 | 000,106,756 | ---- | M] () -- C:\Windows\System32\perfc009.dat[2013/11/14 06:50:22 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/14 06:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/14 06:49:54 | 2411,950,080 | -HS- | M] () -- C:\hiberfil.sys[2013/11/14 06:37:37 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/14 03:23:08 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2013/11/12 23:49:06 | 000,002,131 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013/11/12 05:13:44 | 000,873,384 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll[2013/11/12 05:13:44 | 000,796,072 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll[2013/11/12 05:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe[2013/11/12 05:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe[2013/11/12 05:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe[2013/11/12 05:13:44 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll[2013/11/08 03:52:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job========== Files Created - No Company Name ==========[2013/11/14 07:12:13 | 000,891,200 | ---- | C] () -- C:\Users\JoAn\Desktop\SecurityCheck.exe[2013/11/14 06:37:37 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2011/11/17 21:36:32 | 000,000,000 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{7EF74A49-7FA8-497F-93E2-FF676B51C0A0}[2011/05/18 17:54:41 | 000,001,940 | ---- | C] () -- C:\Users\JoAn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini========== ZeroAccess Check ==========[2009/07/13 21:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 18:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both< End of report >
-
RogueKiller V8.7.8 [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : JoAn [Admin rights]Mode : Remove -- Date : 11/14/2013 07:44:24| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD2500BJKT-75F4T0 +++++--- User ---[MBR] 9e7c972dce97891ed157f05fa49b80c7[bSP] f2a9a93ae10556041b7062f54cfa9146 : Windows Vista MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 223434 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[0]_D_11142013_074424.txt >>RKreport[0]_D_11142013_072144.txt;RKreport[0]_D_11142013_073115.txt;RKreport[0]_S_11142013_071832.txtRKreport[0]_S_11142013_072510.txt;RKreport[0]_S_11142013_074147.txt
-
ogueKiller V8.7.8 [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : JoAn [Admin rights]Mode : Remove -- Date : 11/14/2013 07:31:15| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)¤¤¤ External Hives: ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts
-
Results of screen317's Security Check version 0.99.77Windows 7 Service Pack 1 x86 (UAC is enabled)Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!Norton 360WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````Malwarebytes Anti-Malware version 1.75.0.1300Java 7 Update 45Adobe Reader 10.1.8 Adobe Reader out of Date!Google Chrome 30.0.1599.101Google Chrome 31.0.1650.48````````Process Check: objlist.exe by Laurent````````Norton ccSvcHst.exeMalwarebytes Anti-Malware mbamservice.exeMalwarebytes Anti-Malware mbamgui.exeMalwarebytes' Anti-Malware mbamscheduler.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 2%````````````````````End of Log``````````````````````
-
ok I uninstalled it
-
ogueKiller V8.7.8 [Nov 14 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Blog : http://tigzyrk.blogspot.com/Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits versionStarted in : Normal modeUser : JoAn [Admin rights]Mode : Scan -- Date : 11/14/2013 07:25:10| ARK || FAK || MBR |¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 0 ¤¤¤¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Startup Entries : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [LOADED] ¤¤¤[Address] SSDT[13] : NtAlertResumeThread @ 0x82EF1DA3 -> HOOKED (Unknown @ 0x87367AA0)[Address] SSDT[14] : NtAlertThread @ 0x82E44CC7 -> HOOKED (Unknown @ 0x87367B38)[Address] SSDT[19] : NtAllocateVirtualMemory @ 0x82E3DCBC -> HOOKED (Unknown @ 0x873443A0)[Address] SSDT[22] : NtAlpcConnectPort @ 0x82E8959E -> HOOKED (Unknown @ 0x872AAD40)[Address] SSDT[43] : NtAssignProcessToJobObject @ 0x82E130CC -> HOOKED (Unknown @ 0x87367518)[Address] SSDT[74] : NtCreateMutant @ 0x82E2435A -> HOOKED (Unknown @ 0x873678C8)[Address] SSDT[86] : NtCreateSymbolicLinkObject @ 0x82E159D4 -> HOOKED (Unknown @ 0x87367310)[Address] SSDT[87] : NtCreateThread @ 0x82EEFFDA -> HOOKED (Unknown @ 0x87343150)[Address] SSDT[88] : NtCreateThreadEx @ 0x82E844AB -> HOOKED (Unknown @ 0x873673B8)[Address] SSDT[96] : NtDebugActiveProcess @ 0x82EC1EDA -> HOOKED (Unknown @ 0x873675B0)[Address] SSDT[111] : NtDuplicateObject @ 0x82E45761 -> HOOKED (Unknown @ 0x873444E0)[Address] SSDT[131] : NtFreeVirtualMemory @ 0x82CCC82C -> HOOKED (Unknown @ 0x87344230)[Address] SSDT[145] : NtImpersonateAnonymousToken @ 0x82E09970 -> HOOKED (Unknown @ 0x87367970)[Address] SSDT[147] : NtImpersonateThread @ 0x82E8D992 -> HOOKED (Unknown @ 0x87367A08)[Address] SSDT[155] : NtLoadDriver @ 0x82DD9C40 -> HOOKED (Unknown @ 0x872961D0)[Address] SSDT[168] : NtMapViewOfSection @ 0x82E5A5F1 -> HOOKED (Unknown @ 0x87367F70)[Address] SSDT[177] : NtOpenEvent @ 0x82E23D56 -> HOOKED (Unknown @ 0x87367830)[Address] SSDT[190] : NtOpenProcess @ 0x82E25BA1 -> HOOKED (Unknown @ 0x87344630)[Address] SSDT[191] : NtOpenProcessToken @ 0x82E7837F -> HOOKED (Unknown @ 0x87344448)[Address] SSDT[194] : NtOpenSection @ 0x82E7D9FB -> HOOKED (Unknown @ 0x87367700)[Address] SSDT[198] : NtOpenThread @ 0x82E72102 -> HOOKED (Unknown @ 0x87344588)[Address] SSDT[215] : NtProtectVirtualMemory @ 0x82E56651 -> HOOKED (Unknown @ 0x87367470)[Address] SSDT[304] : NtResumeThread @ 0x82E846D2 -> HOOKED (Unknown @ 0x87367BD0)[Address] SSDT[316] : NtSetContextThread @ 0x82EF184F -> HOOKED (Unknown @ 0x87367D98)[Address] SSDT[333] : NtSetInformationProcess @ 0x82E4C875 -> HOOKED (Unknown @ 0x87367E30)[Address] SSDT[350] : NtSetSystemInformation @ 0x82E6237A -> HOOKED (Unknown @ 0x87367648)[Address] SSDT[366] : NtSuspendProcess @ 0x82EF1CDF -> HOOKED (Unknown @ 0x87367798)[Address] SSDT[367] : NtSuspendThread @ 0x82EA91CB -> HOOKED (Unknown @ 0x87367C68)[Address] SSDT[370] : NtTerminateProcess @ 0x82E6ED9A -> HOOKED (Unknown @ 0x87339D30)[Address] SSDT[371] : unknown @ 0x82E8C6CB -> HOOKED (Unknown @ 0x87367D00)[Address] SSDT[385] : NtUnmapViewOfSection @ 0x82E789BA -> HOOKED (Unknown @ 0x87367ED8)[Address] SSDT[399] : NtWriteVirtualMemory @ 0x82E73A97 -> HOOKED (Unknown @ 0x873442D8)[Address] Shadow SSDT[318] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8880C108)[Address] Shadow SSDT[402] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x887E7298)[Address] Shadow SSDT[434] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x888808C8)[Address] Shadow SSDT[436] : NtUserGetKeyState -> HOOKED (Unknown @ 0x88806608)[Address] Shadow SSDT[448] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x88880A38)[Address] Shadow SSDT[490] : NtUserMessageCall -> HOOKED (Unknown @ 0x88880730)[Address] Shadow SSDT[508] : NtUserPostMessage -> HOOKED (Unknown @ 0x88880840)[Address] Shadow SSDT[509] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x888807B8)[Address] Shadow SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8882F380)[Address] Shadow SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x88880A80)
-
Results of screen317's Security Check version 0.99.77Windows 7 Service Pack 1 x86 (UAC is enabled)Internet Explorer 10 Out of date!``````````````Antivirus/Firewall Check:``````````````Windows Firewall Enabled!Norton 360WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:`````````Malwarebytes Anti-Malware version 1.75.0.1300Java 6 Update 37Java 7 Update 45Adobe Reader 10.1.8 Adobe Reader out of Date!Google Chrome 30.0.1599.101Google Chrome 31.0.1650.48````````Process Check: objlist.exe by Laurent````````Norton ccSvcHst.exeMalwarebytes Anti-Malware mbamservice.exeMalwarebytes Anti-Malware mbamgui.exeMalwarebytes' Anti-Malware mbamscheduler.exe`````````````````System Health check`````````````````Total Fragmentation on Drive C: 2%````````````````````End of Log``````````````````````
-
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume2Install Date: 3/20/2010 7:06:34 AMSystem Uptime: 11/14/2013 6:49:42 AM (1 hours ago).Motherboard: Dell Inc. | | 0T808JProcessor: Intel® Core2 Duo CPU P7570 @ 2.26GHz | U2E1 | 2267/266mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 218 GiB total, 176.262 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP270: 10/19/2013 9:39:10 AM - Scheduled CheckpointRP271: 10/27/2013 6:35:47 AM - Scheduled CheckpointRP272: 11/3/2013 7:29:17 AM - Scheduled CheckpointRP273: 11/10/2013 8:48:19 AM - Scheduled CheckpointRP274: 11/12/2013 5:12:44 AM - Installed Java 7 Update 45RP275: 11/14/2013 3:00:37 AM - Windows Update.==== Installed Programs ======================.Update for Microsoft Office 2007 (KB2508958)Adobe AIRAdobe Flash Player 11 ActiveXAdobe Reader X (10.1.8)ArcSoft WebCam Companion 3AXIS Media Control EmbeddedCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleD3DX10Dell Backup and Recovery ManagerDell Edoc ViewerDell Support CenterDell TouchpadDell Wireless WLAN Card UtilityGoogle ChromeGoogle EarthGoogle Toolbar for Internet ExplorerGoogle Update HelperJava 7 Update 45Java Auto UpdaterJava 6 Update 37Junk Mail filter updateLogitech Harmony Remote Software 7Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMessenger CompanionMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Basic 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Outlook ConnectorMicrosoft Office Outlook MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Search Enhancement PackMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161MiFi4510 Mobile Broadband DriversMobile Broadband Generic DriversMSVCRTNETGEAR GenieNorton 360Norton Internet SecurityNVIDIA DriversOGA Notifier 2.0.0048.0PowerDVD DXRemote Control USB DriverRoxio Creator AudioRoxio Creator CopyRoxio Creator DataRoxio Creator DE 10.3Roxio Creator ToolsRoxio Express Labeler 3Roxio Update ManagerSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596754) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687309) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760411) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760415) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760585) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2760591) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2827326) 32-Bit EditionSecurity Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit EditionSecurity Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit EditionSecurity Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2827330) 32-Bit EditionSimple Start Online EditionUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit EditionUpdate for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Windows Live Communications PlatformWindows Live EssentialsWindows Live Family SafetyWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live Messenger Companion CoreWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== End Of File ===========================
-
DS (Ver_2012-11-20.01) - NTFS_x86Internet Explorer: 10.0.9200.16736 BrowserJavaVersion: 10.45.2Run by JoAn at 7:05:18 on 2013-11-14Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3067.1838 [GMT -7:00].AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\STacSV.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXEC:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exeC:\Windows\System32\spoolsv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_25c3c9ef676ad202\aestsrv.exeC:\Windows\System32\alg.exeC:\Windows\system32\dllhost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\System32\msdtc.exeC:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exeC:\Program Files\Novatel Wireless\MiFi4510\Drivers\NWHelper.exeC:\Windows\system32\DRIVERS\o2flash.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exeC:\Program Files\Novatel Wireless\LTE Support\VZWMSConfig.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\taskhost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\rundll32.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\DellTPad\Apoint.exeC:\Program Files\IDT\WDM\sttray.exeC:\Windows\System32\rundll32.exeC:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXEC:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exeC:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files\NETGEAR Genie\bin\NETGEARGenie.exeC:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\Apntex.exeC:\Program Files\DellTPad\HidFind.exeC:\Windows\system32\conhost.exeC:\Program Files\NETGEAR Genie\bin\genie2_tray.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\DllHost.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k bthsvcsC:\Windows\system32\svchost.exe -k defragsvcC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\System32\svchost.exe -k swprvC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted.============== Pseudo HJT Report ===============
-
Thank you.
-
warebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.orgDatabase version: v2013.11.14.05Windows 7 Service Pack 1 x86 NTFSInternet Explorer 10.0.9200.16736JoAn :: JOAN-PC [administrator]Protection: Enabled11/14/2013 6:40:25 AMmbam-log-2013-11-14 (06-40-25).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 197496Time elapsed: 6 minute(s), 2 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 2HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A} (PUP.LyricsAd) -> Quarantined and deleted successfully.Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 8C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RKEANGH.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RMKWVIY.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.C:\$Recycle.Bin\S-1-5-21-4144150036-1733957249-969350786-1001\$RRPC3GZ.exe (PUP.Optional.IBryte) -> Quarantined and deleted successfully.C:\Users\JoAn\Downloads\Setup (1).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.C:\Users\JoAn\Downloads\Setup (2).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.C:\Users\JoAn\Downloads\Setup (3).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.C:\Users\JoAn\Downloads\Setup (4).exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.C:\Users\JoAn\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.(end)
-
013/11/14 06:37:50 -0700 JOAN-PC JoAn MESSAGE Executing scheduled update: Daily2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting protection2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Protection started successfully2013/11/14 06:37:53 -0700 JOAN-PC JoAn MESSAGE Starting IP protection2013/11/14 06:38:15 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Starting database refresh2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Stopping IP protection2013/11/14 06:39:43 -0700 JOAN-PC JoAn MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2013.11.14.052013/11/14 06:39:49 -0700 JOAN-PC JoAn MESSAGE IP Protection stopped successfully2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Database refreshed successfully2013/11/14 06:39:52 -0700 JOAN-PC JoAn MESSAGE Starting IP protection2013/11/14 06:39:55 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfully2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting protection2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Protection started successfully2013/11/14 06:50:12 -0700 JOAN-PC (null) MESSAGE Starting IP protection2013/11/14 06:50:16 -0700 JOAN-PC JoAn MESSAGE IP Protection started successfullyThank you so much. Is this the last one?
-
unkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x86Ran by JoAn on Thu 11/14/2013 at 6:30:20.20~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsingSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\solid savingsSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{4529C960-5E21-4B6F-802A-08CC67043474}Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B4D34AE6-138D-4EDA-B003-CC968F3E14F6}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F2D7DFB7-6D91-4BD7-846E-BEF9BC3BD81A}~~~ Files~~~ FoldersSuccessfully deleted: [Folder] "C:\Users\JoAn\appdata\local\cre"Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{02D13854-C28D-450F-9DEC-D3510DF9F317}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{053B9556-130F-46B2-A94B-73F21D72E199}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{108218FD-9D0A-45C6-AC85-9B93AC07B6E9}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{13142F40-12BE-4BB1-9BE3-911C86A91463}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{154DCBCA-0D9D-4371-98E0-706C63A43BAB}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{1F30D05F-6E23-4147-BB29-8B63164BAFFF}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{20C6C53C-3F1D-41EC-86C0-309FE20BC0B0}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{32BB2673-9D65-4791-B8DF-416C1B37FB47}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3568F696-3A9E-4302-85A1-02FD77CAF03C}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{38631EF5-2802-427D-8721-027E01BFE326}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3A4B9FCD-C1DF-4099-BC63-DF6060600C9E}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C5A8F06-9D87-423C-8BBB-95FC00FD7F50}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3C80469B-3925-493F-8D45-53BF1AEA6253}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{3F5DF6AB-2016-4BF6-BCCA-38D8115657A6}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{43609A0C-B866-4018-9E30-7BD7DA97BC39}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{52034484-0B1D-425F-88AB-82589F172A7D}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{59E51816-6347-47E8-A46F-8028CE5DCABB}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5BB34597-9C49-4A72-BBE7-ADBD557FB2E6}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{5DBD5D01-6CF7-44F3-B9B0-D4E29CAF5E3E}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{615DDFDA-0542-446D-9E53-02EA45729562}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6206BDE6-C4F0-4CD1-A990-16B5FB0E9B3B}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{626D93D0-47A5-4B0B-B8BF-87CACB2C01EF}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{64CD6248-1A34-4E4E-97D8-B37CF276EC1E}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{670A5B4D-DD68-461B-9BAA-20C9E0D6809E}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{676BC263-A013-4FBE-8ACF-2D90FD64F9CC}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{685535F2-9D2F-44FC-A6E6-52B0966ED2C7}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{6DDF1C74-083C-418D-B5D8-B0423EAF85E4}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{72AD51B9-7579-4672-8748-3C42816865A0}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7BE5D585-0BB3-4FD8-B710-ED8711B546D0}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{7D10E315-187C-441B-A548-EAB702CA9C1F}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8BBACCF1-6096-4BC2-BCAD-6799ED19811C}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{8CDC8783-A7D3-44E6-9055-E58644919653}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{901F6FDE-6AAF-475E-822D-BB1E28B3DE83}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9222C060-3A70-47DE-A902-3D15C5AF085A}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{92BB9E7C-BE19-4FED-817B-AE86F990D93C}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{97E83BC3-17FC-487E-A0F3-7A39B65FF401}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{9815BB70-F05C-47E0-9AC2-AD2B3CC42EA9}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{ABC3FC02-4097-4BE3-8FDB-CEAAF12D810F}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{B3074EE4-3397-42F0-B5E5-DE40450A8C98}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BD8C27A4-45F5-4056-8500-C393DDCC83A5}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{BF4E6D1D-04FF-43FF-A62F-57FB65D31C80}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C0765A32-6FFF-41DA-BA0A-013571618413}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C1D6C0C1-8AD6-4E5D-80C1-1BA30AC42EAB}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{C9B82883-040C-4FD5-B455-18E246200E4D}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{D2ED1257-9C60-4A3A-AFDF-27E13AFFE525}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{DD0D9345-851D-47E4-84BA-3AB1D6DD7675}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E0FBDB52-5FEC-4863-B3C8-6EF156168A69}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E1181BAA-AA1F-45B2-8DA5-7044E99E61DC}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E16E9F6C-D391-4670-B3CE-74372B35CBC6}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{E9A7C4DF-F46B-4BB4-96D3-9FDF912ABEEE}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{EE153A69-0A29-4B16-AFB2-64DD4F608D8C}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{F3C06A47-DFF3-4A38-8C6C-8E97D69F619E}Successfully deleted: [Empty Folder] C:\Users\JoAn\appdata\local\{FBCAE21E-ECFD-4D5E-ADF8-2C7987B7AE9A}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 11/14/2013 at 6:32:58.96Computer was rebootedEnd of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
# AdwCleaner v3.012 - Report created 14/11/2013 at 06:18:10# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)# Username : JoAn - JOAN-PC# Running from : C:\Users\JoAn\Downloads\adwcleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\AskFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Program Files\ZyngaFolder Deleted : C:\Users\JoAn\AppData\Local\ConduitFolder Deleted : C:\Users\JoAn\AppData\LocalLow\ConduitFolder Deleted : C:\Users\JoAn\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\JoAn\AppData\LocalLow\ZyngaFile Deleted : C:\ENDFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorageFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journalFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorageFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journalFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorageFile Deleted : C:\Users\JoAn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT243872
-
My computer freezes up every once in a while.
computer freeze
in Malware Removal
Posted
Thank you so much it is running great. I appreciate you spending all the time with me and being so thurale in explaining everything to me. Thank you so much.