[help I'm broken]

the box that comes up only gives me the option to run.  will it automatically save to my desktop if i click run?

[help I'm broken]

Also. Optimizer pro is not in the control panel add/ remove

[help I'm broken]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.06.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MOM :: KMC-953C5353487 [administrator]

 

Protection: Disabled

 

1/5/2014 8:20:51 PM

mbam-log-2014-01-05 (20-20-51).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213712

Time elapsed: 10 minute(s), 6 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 10

HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.

HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 4

C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.

 

Files Detected: 52

C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.

C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.

 

(end)

[help I'm broken]

2014/01/05 20:06:46 -0700 KMC-953C5353487 MOM IP-BLOCK 162.210.192.26 (Type: outgoing)

2014/01/05 20:06:46 -0700 KMC-953C5353487 MOM IP-BLOCK 162.210.192.26 (Type: outgoing)

[help I'm broken]

I get that main screen , but my options are.

Perform quick scan

Perform full scan

Perform flash scan

Scan

[help I'm broken]

I am having trouble posting on the computer so I hope you will excuse the multiple postings of the last logs. I see the malwarebytes is showing nothing has been removed. When I go to logs. I get

Item.

C documents and settings\MOM\applicationdata\malwarebytes\malwarebytes anti malware\logs\mbam- log-2014-01-05(18-38-38).txt

C\documents and settings\all users\application data\malwarebytes\malwarebytesanti-malware\logs\protection log 2014-01-05.txt

My options are: OPEN. DELETE. DELETE ALL

There are boxes next to the two lines with pencil icons, however clicking on them changes nothing

[help I'm broken]

Is this what you need from  www.malwarebytes.org there are two logs.  I posted them both.

 

Database version: v2014.01.06.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MOM :: KMC-953C5353487 [administrator]

 

Protection: Enabled

 

1/5/2014 6:38:38 PM

mbam-log-2014-01-05 (18-38-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213873

Time elapsed: 12 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 10

HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.

HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 4

C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.

 

Files Detected: 53

C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.

C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shoppingchip_2310-3861dc78.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

(end)

 

[help I'm broken]

OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free

2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll

MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll

MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll

MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll

MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll

MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll

MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll

MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll

MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll

MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll

MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll

MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll

MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Sweetpacks (Enabled)

CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://www.sweetpacks-search.com/?barid=&src=10&

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\

CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes

[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job

[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job

[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat

[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe

[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st

[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat

 

========== ZeroAccess Check ==========

 

[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Purity Check ==========

 

 

 

< End of report >

[help I'm broken]

OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free

2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll

MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll

MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll

MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll

MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll

MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll

MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll

MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll

MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll

MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll

MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll

MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll

MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Sweetpacks (Enabled)

CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://www.sweetpacks-search.com/?barid=&src=10&

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\

CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes

[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job

[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job

[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat

[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe

[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st

[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat

 

========== ZeroAccess Check ==========

 

[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Purity Check ==========

 

 

 

< End of report >

[help I'm broken]

OTL logfile created on: 1/5/2014 7:12:00 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\MOM\My Documents\Downloads

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

1022.09 Mb Total Physical Memory | 179.80 Mb Available Physical Memory | 17.59% Memory free

2.40 Gb Paging File | 1.60 Gb Available in Paging File | 66.43% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 149.00 Gb Total Space | 54.37 Gb Free Space | 36.49% Space Free | Partition Type: NTFS

Drive D: | 442.92 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: KMC-953C5353487 | User Name: MOM | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/01/05 19:07:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\MOM\My Documents\Downloads\OTL.com

PRC - [2013/12/03 19:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2013/11/19 11:45:30 | 000,317,736 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/02/16 09:19:02 | 000,298,616 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2012/09/27 15:08:08 | 000,989,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMSWCS.EXE

PRC - [2012/09/27 15:04:44 | 001,087,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMUPDT.EXE

PRC - [2012/09/27 15:02:40 | 001,279,120 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE

PRC - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

PRC - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005/03/22 17:20:44 | 000,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/12/03 19:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppgooglenaclpluginchrome.dll

MOD - [2013/12/03 19:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

MOD - [2013/12/03 19:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

MOD - [2013/12/03 19:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll

MOD - [2013/01/01 23:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll

MOD - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

MOD - [2012/02/21 03:18:22 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll

MOD - [2012/02/21 03:17:34 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\04326608ac9ad05c2a1e8bd46a068a91\System.Xaml.ni.dll

MOD - [2012/02/21 03:14:27 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b72152b4330e2f009a868aa16c47acb4\PresentationFramework.ni.dll

MOD - [2012/02/21 03:14:02 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f28df9c2988724883cf19532d7f9f151\System.Windows.Forms.ni.dll

MOD - [2012/02/21 03:13:59 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\ed36e9ff00f2fb0f33f1c08b20a7afc0\PresentationCore.ni.dll

MOD - [2012/02/21 03:13:40 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\ff4ecc058f27a9c36136e5d38e43fb59\WindowsBase.ni.dll

MOD - [2012/02/21 03:13:39 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2ff57b810eb920860469184dd683cb8a\System.Drawing.ni.dll

MOD - [2012/02/21 03:13:37 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll

MOD - [2012/02/21 03:13:32 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\a2b1103ad3d9f329e0c9164994137c81\System.Core.ni.dll

MOD - [2012/02/21 03:13:27 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll

MOD - [2012/02/21 03:13:26 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\21071fcc838660d96f10920c4c3cd206\System.Xml.ni.dll

MOD - [2012/02/21 03:13:18 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\3ff4657a86a0e14b4be577969e0ec762\System.ni.dll

MOD - [2012/02/21 03:13:05 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll

MOD - [2008/04/13 17:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

MOD - [2008/04/13 17:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll

MOD - [2005/06/21 16:22:06 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\dlcdlmpm.dll

 

 

========== Services (SafeList) ==========

 

SRV - [2013/12/18 13:58:16 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/16 09:04:10 | 007,393,912 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2012/03/28 05:49:11 | 000,140,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)

SRV - [2011/03/27 06:36:24 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Stopped] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloSystemService)

SRV - [2011/03/15 15:20:42 | 000,724,152 | ---- | M] (iolo technologies, LLC) [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (ioloFileInfoList)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\dlcdcoms.exe -- (dlcd_device)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] --  -- (Changer)

DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2010/06/29 18:30:08 | 000,009,341 | ---- | M] (iolo technologies, LLC (based on original work by Bo Brantén)) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)

DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=U039&ocid=U039DHP&dt=071113

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = 

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes,DefaultScope = {4054044A-AFC0-4B68-844A-087CB9CE1695}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{350CE36D-85BF-4656-99F5-0131F5FD9691}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{4054044A-AFC0-4B68-844A-087CB9CE1695}: "URL" = http://www.bing.com/search?FORM=U039DF&PC=U039&dt=071113&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGIE_en

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{9184CF1E-5F0E-4046-884A-962ED79A32F4}: "URL" = http://www.flickr.com/search/?q={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\{AFC1B22D-97A7-4C9A-BEA1-FDF396F55243}: "URL" = http://delicious.com/search?p={searchTerms}

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\SearchScopes\AF75D99F91B54B6FBB9B1C082130E685: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-527237240-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Sweetpacks (Enabled)

CHR - default_search_provider: search_url = http://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid=&&st=23

CHR - default_search_provider: suggest_url = ,

CHR - homepage: http://www.sweetpacks-search.com/?barid=&src=10&

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: Google Drive = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: ShoppingChip = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jhgnljmpfmibocijhefankplcoajfncl\1.1\

CHR - Extension: Google Wallet = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

CHR - Extension: Gmail = C:\Documents and Settings\MOM\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)

O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonQuickMenu] C:\Program Files\Canon\Quick Menu\CNQMMAIN.EXE (CANON INC.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKU\S-1-5-21-1715567821-527237240-725345543-1003..\Run: [smileboxTray] C:\Documents and Settings\MOM\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKU\S-1-5-21-1715567821-527237240-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{841573EA-CB45-437D-B3F7-51E4691CD279}: DhcpNameServer = 192.168.1.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\MOM\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/03/27 08:09:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/11/13 09:20:10 | 000,000,170 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\AutoRun\command - "" = F:\BOOTEX\thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\explore\command - "" = F:\BOOTEX/thumbcache_131.exe

O33 - MountPoints2\{f52f4608-5f23-11e0-bc6a-0013721cf071}\Shell\open\command - "" = F:\.////BOOTEX/thumbcache_131.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/01/05 18:36:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MOM\Application Data\Malwarebytes

[2014/01/05 18:36:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2014/01/05 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2014/01/05 18:36:18 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2014/01/05 18:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2014/01/05 10:35:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter

[2014/01/04 20:33:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT

[2014/01/04 19:21:49 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2013/12/18 13:58:13 | 009,293,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/01/05 19:21:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{38F799C7-E557-4F14-AA97-4517AD0F4B51}.job

[2014/01/05 18:58:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2014/01/05 18:57:16 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2014/01/05 18:57:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2014/01/05 18:45:30 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for MOM.job

[2014/01/05 18:36:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/05 18:32:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2014/01/04 21:00:43 | 000,005,681 | ---- | M] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2014/01/03 11:01:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2013/12/25 01:03:02 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll

[2013/12/25 01:03:02 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll

[2013/12/25 01:03:02 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcm80.dll

[2013/12/20 17:46:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2013/12/19 03:21:37 | 000,171,488 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2013/12/19 03:04:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2013/12/18 13:58:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2013/12/18 13:58:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2013/12/18 13:58:13 | 009,293,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe

[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/01/05 18:36:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2014/01/04 21:00:42 | 000,005,681 | ---- | C] () -- C:\Documents and Settings\MOM\Desktop\click.htm

[2013/10/28 19:23:51 | 000,302,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1715567821-527237240-725345543-1003-0.dat

[2013/10/28 19:23:51 | 000,174,726 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat

[2013/07/10 19:58:59 | 000,033,958 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\uninstaller.exe

[2013/05/29 08:11:44 | 004,325,376 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi

[2012/12/20 18:52:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2012/06/25 15:51:15 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\MOM\oneClickdigitalSecurityUpgrade.1st

[2012/02/14 22:33:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/03/28 19:40:54 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/27 08:18:04 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\MOM\Local Settings\Application Data\fusioncache.dat

 

========== ZeroAccess Check ==========

 

[2011/03/27 08:06:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== Purity Check ==========

 

 

 

< End of report >

[help I'm broken]

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.06.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

MOM :: KMC-953C5353487 [administrator]

 

Protection: Enabled

 

1/5/2014 6:38:38 PM

mbam-log-2014-01-05 (18-38-38).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 213873

Time elapsed: 12 minute(s), 38 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 10

HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113} (PUP.Optional.Iminent.A) -> No action taken.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> No action taken.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> No action taken.

HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> No action taken.

HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> No action taken.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 4

C:\Program Files\ShoppingChip (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075 (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip (PUP.Optional.MultiPlug.A) -> No action taken.

 

Files Detected: 53

C:\Documents and Settings\All Users\Application Data\ReadOnlyInstaller.msi (PUP.Optional.WeCare.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.exe (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Adobe Photoshop CS6.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update (1).exe (PUP.Optional.AirInstaller) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\Browser_Update.exe (PUP.Optional.DomaIQ) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iMeshSetup-r393-n-bc.exe (PUP.Optional.iMeshMusicBoxTB.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\LphantSetup-r126-n-bc.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\FlashPlayersetup__3720_i233498806_il25.exe (PUP.Optional.InstallMonetizer) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (1).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (2).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc (3).exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\My Documents\Downloads\iLividSetup-r1118-t-bc.exe (PUP.Optional.Bandoo) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsj8C.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsr87.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\LuckyLeap.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIESetup.exe (PUP.Optional.SweetPacks.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\SweetIMSetup.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\294823_.exe (PUP.Optional.BundleLoader.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\DownloadManager.exe (PUP.Optional.Smart) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\18be6784_.exe (PUP.Optional.Searchprotect) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\nsg1B03\Uninstall.exe (PUP.Optional.Bandoo.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\spch.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\ins9178.exe (PUP.Optional.Firseria) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\LuckyLeap_2309-167e5c2f.exe (PUP.Optional.LuckyLeap.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\OptimizerPro.exe (PUP.Optional.OptimizerPro.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shopup_2510_exe2-47bfde8d.exe (PUP.Optional.Bundler) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\SweetIMCO_0710_EN-bbf1713f.exe (PUP.Optional.SweetIM.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4XEVOXMJ\WSSetup[1].exe (PUP.Optional.InstallBrain.A) -> No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W1U3KTYF\SkywalkerSetup[1].exe (PUP.Optional.Sweetpacks) -> No action taken.

C:\Program Files\PSupport\psupport.dll (PUP.Optional.SProtect.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.tlb (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dat (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Program Files\ShoppingChip\4o.x64.dll (PUP.Optional.ShoppingChip.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\CT3316075.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\initdata.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\manifest.json (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\stub.exe (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ct3316075\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.

C:\Documents and Settings\All Users\Application Data\ShoppingChip\54q.dat (PUP.Optional.MultiPlug.A) -> No action taken.

C:\Documents and Settings\MOM\Local Settings\Temp\ins9178\shoppingchip_2310-3861dc78.exe (Adware.Agent) -> Quarantined and deleted successfully.

 

(end)

 

[help I'm broken]

chuck, I am tired and calling it a night.  We can do more tomorrow, if that works for you.

[help I'm broken]

It sends me to a website www.malwarebytes.org/free/. Don't know what tomdomfrom here.

[help I'm broken]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.9 (01.01.2014:1)

OS: Microsoft Windows XP x86

Ran by MOM on Sat 01/04/2014 at 20:35:45.70

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\discoveryhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\gifanimator.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iminent.webbooster.internetexplorer.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\imtrprogress.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\imweb.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\wmhelper.dll

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{799391D3-EB86-4BAC-9BD3-CBFEA58A0E15}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A2DF06F9-A21A-44A8-8A99-8B9C84F29160}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D858DAFC-9573-4811-B323-7011A3AA7E61}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01947140-417F-46B6-8751-A3A2B8345E1A}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\funwebproducts

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminent

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&search

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\mywebsearch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\umbrella

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.datacontrol.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historykillerscheduler.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.historyswattercontrolbar.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.htmlmenu.2

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.iecookiesmanager.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.killerobjmanager.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswatterbarbutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\funwebproducts.popswattersettingscontrol.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.downloadargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.linktopromoteargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.rawdataargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.tinyurlargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.business.tinyfying.virallinkargs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.clientcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.contractbase

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.addtousercontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.checkloginstatuscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.cleancachecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.gameovercallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getcreditcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getinstallationcontextcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatuscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getloginstatusresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariablecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.getvariableresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.installationcontextresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loadcontentcommandresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logincommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.loginstatuschangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.logoutcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.mergeidentitycommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.myaccountcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.playcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.postcontentcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.recycleviewscommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.setvariablecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showbrowserwindowcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showcontrolcentercommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.showpluginwindowcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.testcontentcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.usercontentchangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.variablechangedcallback

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.warmupcommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.datacontracts.welcomecommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.servercommand

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.communication.serverresult

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lightcontent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.lighturi

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminent.mediator.mediatorserviceproxy

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.browserhelperobject.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iminentwebbooster.scriptextender.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.chatsessionplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.htmlpanel.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.multiplebutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.outlookaddin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.pseudotransparentplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.thirdpartyinstaller.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearch.urlalertbutton.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.settingsplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mywebsearchtoolbar.toolbarplugin.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\screensavercontrol.screensaverinstaller.1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\torch.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07B18EAB-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3E720452-B472-4954-B7AA-33069EB53906}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mywebsearch bar uninstall

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411281122}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44CF-8957-5838F569A31D}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"

Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Documents and Settings\MOM\appdata\locallow\SkwConfig.bin"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Documents and Settings\MOM\Local Settings\Application Data\cre"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\we-care reminder"

 

 

 

~~~ Chrome

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sat 01/04/2014 at 20:41:11.14

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[help I'm broken]

Computer is constantly having pop ups, and redirects me to pages that I have not chosen.  I often have to shut down the internet and begin again, each time just getting one page farther before I am bombarded with popup pages again.