Keith_G Posted November 13, 2013 Report Share Posted November 13, 2013 (edited) Computer is running slower than normal and internet seems bogged down. Also some weird popups. Edited November 13, 2013 by Keith_G Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Howdy Keith and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!Do Not Remove anything or run any tools/programs until advised to do so !Perform all actions in the order given.Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== Security Check Please download and save SecurityCheck.exe to your Desktop from one of the links below.Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box. * A Notepad document should open automatically called checkup.txt * Please post the contents of that document in your next reply. NEXT Run RogueKillerIMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller againDownload RogueKiller to your desktop. >>> http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe close all running programs for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe when the prescan is finished, click on Scan click on Report and copy/paste the content in your next post.[/list If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exePlease post the contents of the RKreport.txt in your next reply. NEXT AdwCleaner Please download adwcleaner by Xplode onto your desktop.Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the Clean button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply !Re-Boot your computer now !! Post Next:1. Security Check Log2. RogueKiller log3. AdwCleaner Log4. Junkware Removal Log ThanksChuck Work on these as time permits you to ! It does not have to be done all at one time !! Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 Results of screen317's Security Check version 0.99.77 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 45 Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Keith, let the tools/programs stay on the desktop till we are done with the cleaning, this is so if we have to run 1 more than once it will already be downloaded ! Internet Explorer 10 - out of date ........... we will update it when we are done with the cleaning !! Microsoft Security Essentials & ant Antivirus needs to be turned off until we are done !! ThanksChuck Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 RogueKiller V8.7.7 [Nov 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Keith [Admin rights]Mode : Scan -- Date : 11/12/2013 20:22:50| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤[V1][sUSP PATH] DigitalSite.job : C:\Users\Keith\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND[V2][sUSP PATH] DigitalSite : C:\Users\Keith\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE - /Check [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10JPVX-75JC3T0 +++++--- User ---[MBR] acb6d21ef0346e61ca7fbc124dc06829[bSP] 16d833079be6ff591a29769bf09e3ebd : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_11122013_202250.txt >> Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 # AdwCleaner v3.012 - Report created 12/11/2013 at 20:30:11# Updated 11/11/2013 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Keith - KEITH-PC# Running from : C:\Users\Keith\Downloads\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\SpeedyPC SoftwareFolder Deleted : C:\Users\Keith\AppData\Local\ConduitFolder Deleted : C:\Users\Keith\AppData\Local\SearchprotectFolder Deleted : C:\Users\Keith\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Keith\AppData\Roaming\digitalsiteFolder Deleted : C:\Users\Keith\AppData\Roaming\DriverCureFolder Deleted : C:\Users\Keith\AppData\Roaming\SpeedyPC SoftwareFile Deleted : C:\ENDFile Deleted : C:\Users\Keith\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorageFile Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journalFile Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorageFile Deleted : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journalFile Deleted : C:\Windows\Tasks\digitalsite.jobFile Deleted : C:\Windows\System32\Tasks\digitalsite ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKCU\Software\dsiteproductsKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\SpeedyPC SoftwareKey Deleted : HKLM\Software\SpeedyPC Software ***** [ Browsers ] ***** -\\ Internet Explorer v10.0.9200.16720 -\\ Google Chrome v30.0.1599.101 [ File : C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2775 octets] - [12/11/2013 20:27:49]AdwCleaner[s0].txt - [2611 octets] - [12/11/2013 20:30:11] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2671 octets] ########## Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.0.8 (11.05.2013:1)OS: Windows 7 Home Premium x64Ran by Keith on Tue 11/12/2013 at 20:35:06.58~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Keith\appdata\local\cre" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Tue 11/12/2013 at 20:39:45.57End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Keith we have a couple infections ! So lets clean this up right now & get rid of them !!!! Pay attention to theses instructions carefully !! Open RogueKiller : * Quit all programs that you may have started.* Please disconnect any USB or external drives from the computer before you run this scan!* For Vista or Windows 7, right-click and select "Run as Administrator to start"* For Windows XP, double-click to start.* Wait until Prescan has finished ...* Then Click on "Scan" button* Wait until the Status box shows "Scan Finished"* click on "delete"* Wait until the Status box shows "Deleting Finished"* Click on "Report" and copy/paste the content of the Notepad into your next reply.* The log should be found in RKreport[1].txt on your Desktop* Exit/Close RogueKiller+ Post that log before we continue !! ThanksChuck Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 RogueKiller V8.7.7 [Nov 11 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Keith [Admin rights]Mode : Remove -- Date : 11/12/2013 21:03:09| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD10JPVX-75JC3T0 +++++--- User ---[MBR] acb6d21ef0346e61ca7fbc124dc06829[bSP] 16d833079be6ff591a29769bf09e3ebd : Windows Vista MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_D_11122013_210309.txt >>RKreport[0]_S_11122013_202250.txt;RKreport[0]_S_11122013_210210.txt Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Good job Keith that took care of those nasty things ! Now lets continue !!! MALWAREBYTES with Pics:Please download Malwarebytes' Anti-Malware to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan.When the scan is complete, click OK, then Show Results to view the results. * Then click Remove Selected . * When completed, a log will open in Notepad. Please save it to a convenient location and post the results. * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt Or via the Logs tab when the application is started.Please don't attach the scans / logs, use "copy/paste". NEXT Download DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic.Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.comPost Next:1. Malwarebytes Log2. DDS logs (2) Chuck Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org Database version: v2013.11.13.01 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16721Keith :: KEITH-PC [administrator] Protection: Enabled 11/12/2013 9:16:06 PMmbam-log-2013-11-12 (21-16-06).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 200532Time elapsed: 3 minute(s), 37 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 1C:\Users\Keith\AppData\Local\Temp\ct3314198 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. Files Detected: 12C:\Users\Keith\AppData\Local\Temp\MediaUpdater__2577_i73418413_il6232749.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\google-earth.exe\d86247066e694257a7e78f6517c796ea\parent.txt (PUP.Optional.DomaIQ) -> Quarantined and deleted successfully.C:\Users\Keith\Downloads\MediaUpdater__2577_i62158682_il561391.exe (PUP.Optional.Amonetize.AS) -> Quarantined and deleted successfully.C:\Users\Keith\Downloads\MediaUpdater__2577_i73418413_il6232749.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.C:\Users\Keith\Downloads\MediaUpdater__2577_i73418594_il6232763.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.C:\Users\Keith\Downloads\MediaUpdater__2577_i73418634_il6232708.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.C:\Users\Keith\Downloads\ZipExtractorSetup.exe (PUP.Optional.InstallCore) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\ct3314198\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\ct3314198\CT3314198.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\ct3314198\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\ct3314198\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.C:\Users\Keith\AppData\Local\Temp\ct3314198\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully. (end) Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Malwarebytes found & cleaned about what i thought it would ! Let me know when you have to stop for tonight !! The DDS (2) logs will be pretty long ! A lot of reading threw it for me ! Chuck Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16720 BrowserJavaVersion: 10.45.2Run by Keith at 21:26:44 on 2013-11-12Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6050.4274 [GMT -7:00].AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\IDT\WDM\AESTSr64.exeC:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exeC:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exeC:\Windows\system32\svchost.exe -k bthsvcsC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files\Intel\WiMAX\Bin\AppSrv.exeC:\Program Files (x86)\Intel\Bluetooth\obexsrv.exeC:\Program Files\Intel\WiMAX\Bin\DMAgent.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exec:\Program Files\Microsoft Security Client\NisSrv.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Windows\system32\taskeng.exec:\Program Files\Microsoft Mouse and Keyboard Center\itype.exec:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeC:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exeC:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exeC:\Windows\System32\rundll32.exeC:\Program Files\Dell\QuickSet\quickset.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Program Files\DellTPad\Apoint.exeC:\Windows\System32\igfxtray.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exeC:\Program Files\Microsoft Security Client\msseces.exeC:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exeC:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exeC:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\DellTPad\ApMsgFwd.exeC:\Program Files\DellTPad\HidFind.exeC:\Program Files (x86)\Intel\Bluetooth\mediasrv.exeC:\Program Files\DellTPad\Apntex.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.mWinlogon: Userinit = userinit.exe,BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dlluRun: [bitTorrent] "C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZEDmRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{D1EFE695-9AAF-44E5-B26F-E57D9E23DE84} : DHCPNameServer = 192.168.1.1Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-Run: [intelWirelessWiMAX] "C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" /tasktray /nosplashx64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Trayx64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayAppx64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exex64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exex64-Run: [igfxTray] C:\Windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exex64-Run: [Persistence] C:\Windows\System32\igfxpers.exex64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkeyx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2013-8-26 89600]R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [2013-8-26 135168]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-2-18 76448]R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-3 897088]R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-11-3 983104]R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-11-7 499200]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-12 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-12 701512]R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-11-7 869376]R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-2-18 36000]R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-3 1298496]R3 bpenum;Intel® Centrino® WiMAX Enumerator;C:\Windows\System32\drivers\bpenum.sys [2010-10-25 75264]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-2-18 298656]R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-2-18 28832]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-2-18 201376]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-2-18 55456]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-2-18 154272]R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2010-10-19 274432]R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2010-11-4 59904]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-8-26 317440]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-12 25928]R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2013-5-8 136000]R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2013-5-8 406336]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-8-26 13336]S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-8-26 2655768]S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-11-4 58128]S3 DDDriver;DDDriver;C:\Windows\System32\drivers\DDDriver64Dcsa.sys [2013-1-22 23312]S3 DellProf;DellProf;C:\Windows\System32\drivers\DellProf.sys [2013-1-22 23312]S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-14 6952960]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-24 19456]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2013-8-26 250984]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-24 57856]S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-28 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464].=============== Created Last 30 ================.2013-11-13 04:14:55 -------- d-----w- C:\Users\Keith\AppData\Roaming\Malwarebytes2013-11-13 04:14:47 -------- d-----w- C:\ProgramData\Malwarebytes2013-11-13 04:14:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-11-13 04:14:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-11-13 04:14:29 -------- d-----w- C:\Users\Keith\AppData\Local\Programs2013-11-13 03:54:08 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{72EB81F7-FF4C-473F-909A-2519129274BD}\mpengine.dll2013-11-13 03:35:05 -------- d-----w- C:\Windows\ERUNT2013-11-13 03:27:26 -------- d-----w- C:\AdwCleaner2013-11-12 00:49:10 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-11-08 00:53:11 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll2013-11-08 00:53:11 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3B0AF3F3-D730-4A4D-9812-311DF71519ED}\gapaengine.dll2013-11-06 01:32:37 -------- d-----w- C:\Users\Keith\AppData\Local\Diagnostics2013-10-27 03:53:46 -------- d-----w- C:\Users\Keith\AppData\Roaming\IDT2013-10-25 03:00:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client2013-10-25 03:00:56 -------- d-----w- C:\Program Files\Microsoft Security Client2013-10-25 02:54:01 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2013-10-25 02:54:01 458712 ----a-w- C:\Windows\System32\drivers\cng.sys2013-10-25 02:54:01 340992 ----a-w- C:\Windows\System32\schannel.dll2013-10-25 02:54:01 247808 ----a-w- C:\Windows\SysWow64\schannel.dll2013-10-25 02:54:01 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2013-10-25 02:54:01 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2013-10-25 02:54:01 1448448 ----a-w- C:\Windows\System32\lsasrv.dll2013-10-25 02:54:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2013-10-25 02:54:00 366592 ----a-w- C:\Windows\System32\qdvd.dll2013-10-23 01:17:40 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3C338BD5-E51C-4132-9915-74ACC206B10D}\mpengine.dll2013-10-16 23:04:00 -------- d-----w- C:\ProgramData\McAfee Security Scan2013-10-16 23:03:59 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan.==================== Find3M ====================.2013-10-08 13:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-09-22 22:55:10 2241024 ----a-w- C:\Windows\System32\wininet.dll2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb2013-09-21 03:30:24 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll2013-09-04 12:12:11 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-09-04 12:11:51 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-09-04 12:11:49 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-09-04 12:11:43 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-09-04 12:11:43 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-09-04 12:11:42 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-09-04 12:11:40 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-08-30 04:14:48 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll2013-08-30 00:07:21 175616 ----a-w- C:\Windows\System32\msclmd.dll2013-08-30 00:07:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll.============= FINISH: 21:27:40.72 =============== Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/28/2013 5:57:48 PMSystem Uptime: 11/12/2013 9:24:34 PM (0 hours ago).Motherboard: Dell Inc. | | 07MW3CProcessor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU 1 | 775/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 932 GiB total, 859.447 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {34446e8e-37b4-4b16-9da6-bea2db33465a}Description: Bluetooth ServerDevice ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2AC20834&1&000000000000_00000000Manufacturer: Intel CorporationName: Bluetooth ServerPNP Device ID: BTHENUM\{F0B2DD71-FB14-4E30-A62D-931874BF282F}_LOCALMFG&0000\8&2AC20834&1&000000000000_00000000Service: btmaux.==== System Restore Points ===================.RP22: 10/15/2013 4:46:18 PM - Windows UpdateRP23: 10/16/2013 5:03:11 PM - Installed Java 7 Update 45RP24: 10/21/2013 9:39:46 PM - Windows UpdateRP25: 10/24/2013 8:54:05 PM - Windows UpdateRP26: 10/24/2013 9:55:55 PM - Windows UpdateRP27: 10/28/2013 6:42:30 PM - Windows UpdateRP28: 11/1/2013 10:14:37 PM - Windows UpdateRP31: 11/5/2013 5:47:14 PM - Windows UpdateRP29: 11/5/2013 6:30:52 PM - Windows UpdateRP30: 11/5/2013 6:34:41 PM - Restore OperationRP32: 11/8/2013 6:13:14 PM - Windows UpdateRP33: 11/12/2013 8:53:42 PM - Windows Update.==== Installed Programs ======================.BitTorrentBluetooth Win7 Suite (64)Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDell TouchpadDell WLAN and Bluetooth Client InstallationDigital Line DetectGoogle ChromeGoogle Update HelperIDT AudioIntel PROSet WirelessIntel® Control CenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® PROSet/Wireless Software for Bluetooth® TechnologyIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyIntel® Turbo Boost Technology Monitor 2.0Intel® PROSet/Wireless WiMAX SoftwareJava 7 Update 45Java Auto UpdaterMalwarebytes Anti-Malware version 1.75.0.1300McAfee Security Scan PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft Mouse and Keyboard CenterMicrosoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Home and Student 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Single Image 2010Microsoft Office Word MUI (English) 2010Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Modem Diagnostic ToolNetwaitingQuickset64Realtek Ethernet Controller DriverRealtek USB 2.0 Card ReaderRenesas Electronics USB 3.0 Host Controller DriverSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687423) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826023) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2826035) 32-Bit EditionSecurity Update for Microsoft Outlook 2010 (KB2794707) 32-Bit EditionService Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit EditionUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft Access 2010 (KB2553446) 32-Bit EditionUpdate for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589298) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2589375) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760598) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2760631) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2794737) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2826026) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2810072) 32-Bit EditionUpdate for Microsoft PowerPoint 2010 (KB2553145) 32-Bit EditionUpdate for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit EditionUpdate for Microsoft Word 2010 (KB2827323) 32-Bit EditionUpdate for Zip ExtractorZip Extractor Packages.==== End Of File =========================== Link to post Share on other sites
Keith_G Posted November 13, 2013 Author Report Share Posted November 13, 2013 done for tonight Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 P2P Warning ====== BitTorrentThere are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occurOnce upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.Please read these short reports on the dangers of peer-2-peer programs and file sharing.FBI Cyber Education Letter http://www.fbi.gov/cyberinvest/cyberedletter.htmFile sharing infects 500,000 computers http://www.itpro.co.uk/195672/file-sharing-infects-500-000-computersUSAToday http://www.usatoday.com/tech/columnist/kimkomando/2006-04-13-file-sharing-woes_x.htminfoworld http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theftBelow are a few more articles on P2P that you may wish to read ....http://www.us-cert.gov/cas/tips/ST05-007.htmlhttp://www.fbi.gov/scams-safety/peertopeer/oeertopeerhttp://www.benedelman.org/spyware/p2p/http://www.pcworld.com/article/126230/i ... works.htmlEither refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!! Brb with more fix ! Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 I will leave another program i need you to download & run when you get time !! Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon.They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs,or are unsure as to what programs need to be disabled, please refer to the information availablethrough this link : How to Disable your Security Programs. Link to post Share on other sites
flashh4 Posted November 13, 2013 Report Share Posted November 13, 2013 Keith, tomorrow or tomorrow night run this program for me & post the log ! Download OldTimer to your desk top !Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).* Double click OTL.exe to launch the program.* Check the following.o Scan all users.o Standard Output. o Lop check.o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).* When finished it will produce two logs.o OTL.txt (open on your desktop).o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.* Please post me both logs. This may have to be broken into more than one post ! ThanksChuck Link to post Share on other sites
Keith_G Posted November 15, 2013 Author Report Share Posted November 15, 2013 OTL logfile created on: 11/14/2013 5:12:57 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 68.56% Memory free11.81 Gb Paging File | 9.79 Gb Available in Paging File | 82.84% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.51 Gb Total Space | 859.26 Gb Free Space | 92.24% Space Free | Partition Type: NTFS Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/11/14 17:09:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Keith\Downloads\OTL.comPRC - [2013/10/09 15:15:55 | 000,898,648 | ---- | M] (BitTorrent Inc.) -- C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exePRC - [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2011/01/14 12:21:56 | 000,135,168 | ---- | M] (Atheros) -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exePRC - [2010/11/17 07:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exePRC - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2010/11/05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exePRC - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exePRC - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exePRC - [2010/11/03 11:53:06 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exePRC - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/09/02 23:45:02 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe ========== Modules (No Company Name) ========== MOD - [2013/10/10 17:36:10 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dllMOD - [2013/10/10 17:35:56 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dllMOD - [2013/10/10 17:35:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dllMOD - [2013/10/08 17:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dllMOD - [2013/10/08 17:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dllMOD - [2013/10/08 17:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dllMOD - [2013/10/08 17:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dllMOD - [2013/10/08 17:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dllMOD - [2013/10/08 17:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dllMOD - [2013/09/11 06:08:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dllMOD - [2013/08/30 07:13:50 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2b87cb064e64ff40778ca12322abb710\IAStorUtil.ni.dllMOD - [2013/08/30 07:13:50 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\14dd60b57c8e7542cc9711866ef63e8a\IAStorCommon.ni.dllMOD - [2013/08/30 05:38:07 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dllMOD - [2013/08/30 05:37:48 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dllMOD - [2013/08/30 05:37:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/08/30 05:37:39 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ========== Services (SafeList) ========== SRV:64bit: - [2013/08/12 13:11:04 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2013/08/12 13:11:04 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2011/01/24 18:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)SRV:64bit: - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)SRV:64bit: - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)SRV:64bit: - [2010/11/07 11:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)SRV:64bit: - [2010/11/07 10:56:30 | 000,869,376 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2011/02/18 10:59:46 | 000,076,448 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe -- (AtherosSvc)SRV - [2011/01/14 12:21:56 | 000,135,168 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)SRV - [2010/11/05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/11/03 12:01:34 | 000,983,104 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)SRV - [2010/11/03 12:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)SRV - [2010/11/03 11:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)SRV - [2010/10/05 21:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/10/05 21:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/06/18 20:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2013/05/13 14:36:06 | 000,050,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2013/03/25 13:41:46 | 000,076,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)DRV:64bit: - [2013/01/22 16:40:40 | 000,023,312 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf)DRV:64bit: - [2013/01/22 16:40:40 | 000,023,312 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver)DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/07/20 12:21:50 | 000,406,336 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)DRV:64bit: - [2011/07/20 12:21:50 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/03/31 17:35:12 | 000,355,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)DRV:64bit: - [2011/03/25 16:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/02/18 11:00:00 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)DRV:64bit: - [2011/02/18 11:00:00 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)DRV:64bit: - [2011/02/18 11:00:00 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)DRV:64bit: - [2011/02/18 11:00:00 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)DRV:64bit: - [2011/02/18 11:00:00 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)DRV:64bit: - [2011/02/18 11:00:00 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)DRV:64bit: - [2011/01/24 18:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)DRV:64bit: - [2010/12/21 09:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/11/04 05:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)DRV:64bit: - [2010/11/04 03:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)DRV:64bit: - [2010/10/29 14:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010/10/25 19:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)DRV:64bit: - [2010/10/19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/10/19 18:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)DRV:64bit: - [2010/10/14 23:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2009/10/08 04:01:22 | 000,060,416 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)DRV:64bit: - [2009/09/15 12:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 13:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/05/06 15:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpIE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usIE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 8C 18 AB 4D A4 CE 01 [binary data]IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllCHR - Extension: Floorplanner = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag\13_0\CHR - Extension: Google Docs = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: The Weather Channel for Chrome = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\CHR - Extension: WeatherBug = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\njkkjobcechefaoknodniidfjapgfoco\2.2.7_0\CHR - Extension: Google Wallet = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\CHR - Extension: Google Wallet = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\CHR - Extension: Google Wallet = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\CHR - Extension: Gmail = C:\Users\Keith\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [bTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4:64bit: - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [intelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001..\Run: [bitTorrent] C:\Users\Keith\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)O4 - HKU\.DEFAULT..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-18..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not foundO9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1EFE695-9AAF-44E5-B26F-E57D9E23DE84}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O33 - MountPoints2\{079de106-3c34-11e3-92e0-4ceb42622ba3}\Shell - "" = AutoRunO33 - MountPoints2\{079de106-3c34-11e3-92e0-4ceb42622ba3}\Shell\AutoRun\command - "" = E:\setup.exe -aO34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/11/12 21:49:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/11/12 21:49:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/11/12 21:49:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/11/12 21:49:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/11/12 21:49:11 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/11/12 21:49:11 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/11/12 21:49:11 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/11/12 21:49:11 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/11/12 21:49:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/11/12 21:49:10 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/11/12 21:49:10 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/11/12 21:49:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/11/12 21:49:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/11/12 21:49:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/11/12 21:49:07 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/11/12 21:35:10 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/11/12 21:35:08 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/11/12 21:35:08 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/11/12 21:35:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll[2013/11/12 21:35:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll[2013/11/12 21:35:07 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll[2013/11/12 21:35:05 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2013/11/12 21:35:05 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/11/12 21:35:05 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll[2013/11/12 21:35:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll[2013/11/12 21:35:05 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll[2013/11/12 21:35:03 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll[2013/11/12 21:35:03 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll[2013/11/12 21:35:03 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll[2013/11/12 21:35:03 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL[2013/11/12 21:35:03 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL[2013/11/12 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\Malwarebytes[2013/11/12 21:14:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/11/12 21:14:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/11/12 21:14:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/11/12 21:14:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/11/12 21:14:29 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Programs[2013/11/12 20:35:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/11/12 20:27:26 | 000,000,000 | ---D | C] -- C:\AdwCleaner[2013/11/12 20:17:48 | 000,000,000 | ---D | C] -- C:\Users\Keith\Desktop\RK_Quarantine[2013/11/05 18:32:37 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Local\Diagnostics[2013/10/26 20:53:46 | 000,000,000 | ---D | C] -- C:\Users\Keith\AppData\Roaming\IDT[2013/10/24 20:01:09 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys[2013/10/24 20:01:09 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys[2013/10/24 20:01:09 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll[2013/10/24 20:01:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll[2013/10/24 20:01:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe[2013/10/24 20:01:08 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll[2013/10/24 20:01:08 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2013/10/24 20:01:08 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2013/10/24 20:01:08 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe[2013/10/24 20:01:08 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/10/24 20:01:08 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/10/24 20:01:08 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll[2013/10/24 20:01:08 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll[2013/10/24 20:01:08 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll[2013/10/24 20:01:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2013/10/24 20:01:08 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll[2013/10/24 20:01:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll[2013/10/24 20:01:08 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/10/24 20:01:08 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll[2013/10/24 20:01:08 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/10/24 20:01:08 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll[2013/10/24 20:01:08 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll[2013/10/24 20:01:07 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/10/24 20:01:07 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/10/24 20:00:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client[2013/10/24 20:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client[2013/10/24 19:54:00 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll[2013/10/24 19:54:00 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll[2013/10/18 14:46:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus[2013/10/16 16:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan[2013/10/16 16:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan[2013/10/16 16:03:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/10/16 16:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java ========== Files - Modified Within 30 Days ========== [2013/11/14 17:13:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/11/14 16:35:43 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/11/14 16:35:43 | 000,013,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/11/14 16:30:56 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/11/14 16:30:56 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/11/14 16:30:56 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/11/14 16:26:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/11/14 16:26:19 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini[2013/11/14 16:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/11/14 16:25:55 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys[2013/11/12 21:14:49 | 000,001,137 | ---- | M] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk[2013/11/12 21:14:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/11/12 17:23:00 | 000,000,097 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\WB.CFG[2013/11/12 17:23:00 | 000,000,006 | ---- | M] () -- C:\Users\Keith\AppData\Roaming\WBPU-TTL.DAT[2013/10/24 20:56:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif[2013/10/18 14:46:11 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk[2013/10/17 16:14:35 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2013/11/12 21:14:49 | 000,001,137 | ---- | C] () -- C:\Users\Keith\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk[2013/11/12 21:14:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/10/24 20:01:03 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif[2013/10/24 20:01:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk[2013/10/16 16:04:00 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk[2013/09/27 21:18:02 | 000,000,097 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\WB.CFG[2013/09/27 21:18:02 | 000,000,006 | ---- | C] () -- C:\Users\Keith\AppData\Roaming\WBPU-TTL.DAT[2013/08/26 10:35:33 | 000,017,776 | ---- | C] () -- C:\Windows\EvtMessage.dll[2013/08/26 10:20:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll[2013/08/26 10:08:07 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2013/08/26 10:08:04 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2013/08/26 10:08:01 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/09/27 20:18:41 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\0D0S1L2Z1P1B[2013/11/14 17:16:31 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\BitTorrent[2013/10/26 20:53:46 | 000,000,000 | ---D | M] -- C:\Users\Keith\AppData\Roaming\IDT ========== Purity Check ========== < End of report > Link to post Share on other sites
Keith_G Posted November 15, 2013 Author Report Share Posted November 15, 2013 OTL Extras logfile created on: 11/14/2013 5:12:57 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Keith\Downloads64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16736)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 5.91 Gb Total Physical Memory | 4.05 Gb Available Physical Memory | 68.56% Memory free11.81 Gb Paging File | 9.79 Gb Available in Paging File | 82.84% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 931.51 Gb Total Space | 859.26 Gb Free Space | 92.24% Space Free | Partition Type: NTFS Computer Name: KEITH-PC | User Name: Keith | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{00740E88-6FA7-4331-A54F-C7DC63EE4CEB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{04A76FA1-4351-4591-B5BC-9D899C1211CE}" = rport=10243 | protocol=6 | dir=out | app=system | "{1677D6AC-B5CB-438B-8F82-70CFD3941446}" = lport=137 | protocol=17 | dir=in | app=system | "{1AB4847A-CA81-4849-8645-12691ECF250C}" = rport=139 | protocol=6 | dir=out | app=system | "{1B5DE764-63DD-494C-A4C6-1923F7DD6518}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | "{226F0B18-0C9A-49B7-830A-D72C15DB9EB2}" = rport=137 | protocol=17 | dir=out | app=system | "{37890DC8-ECE4-402A-928A-F441F438DBB6}" = lport=445 | protocol=6 | dir=in | app=system | "{49280734-3588-4388-8E58-1F01D51D3A18}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{4A96AAC2-2B09-47C0-AEFE-66FE947B05CA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5D0EA145-0F8A-400F-A606-E7C71AD54F02}" = lport=139 | protocol=6 | dir=in | app=system | "{5D2CA484-36E9-4A99-B9D0-F9B5C87540D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6E6BF5A7-CB1D-4C7B-9BFE-DA6337798BAE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{70AE9CC8-24E5-4AA2-951B-CE2C4AD2AFAB}" = lport=138 | protocol=17 | dir=in | app=system | "{87BD8FCC-2959-4AE8-AE4F-DA0732380497}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{9F112A33-54DF-4896-B491-8EB89D169F0A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A4656CBB-FC38-40DF-8EDB-C6515C6B9841}" = rport=138 | protocol=17 | dir=out | app=system | "{A63A6675-697B-49EE-9B46-871A5C73DF52}" = lport=2869 | protocol=6 | dir=in | app=system | "{BC681A94-3246-41D8-92A5-9B2CA5EECB89}" = lport=10243 | protocol=6 | dir=in | app=system | "{D2C8FB3B-C112-4A23-A119-39C4F0E4A30F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E9AE9140-0D6D-46D6-B658-47686D3225DF}" = rport=445 | protocol=6 | dir=out | app=system | "{F7F9B61E-8C99-4AC1-8A72-D6E8C3DD897D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{02817D49-6CA2-47BA-A68C-1C1606DFF771}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | "{09A309CB-944C-4147-902E-AB2DC312BE94}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{18176DE5-AC0E-464E-8DD4-B39E1C58524B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1D3944AB-9C93-40FD-B387-99AE63B62EDA}" = protocol=17 | dir=in | app=c:\users\keith\appdata\roaming\bittorrent\bittorrent.exe | "{223E2610-0BD6-4FBA-9609-4DAFDA25CD0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{25CB010D-6CBD-453C-B4F4-6ADCE026CDE1}" = protocol=58 | dir=out | [email protected],-28546 | "{2929950F-DA9A-4F0D-8060-AF3D370AD033}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{317DA960-701C-40CB-959C-98EF8C8A228B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{37860BA3-7881-4938-B73D-48AB17E6BD05}" = protocol=6 | dir=in | app=c:\users\keith\appdata\roaming\bittorrent\bittorrent.exe | "{39BBAEFD-E765-4786-B49B-55DCB739A325}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe | "{5E30E78D-24A0-4A22-ADC2-0E50B17CCF7B}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{79DD999E-5FC6-4219-8FDC-C2D36AC5E0DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{865C8078-9363-4FC7-8CCA-41B234254C03}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8D2EEF20-AFF4-4011-A4C9-98DDD7BC85FA}" = protocol=58 | dir=in | [email protected],-28545 | "{97D5A966-7924-4444-B241-4271DEA2E27A}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{9CF07BBE-F967-40D0-A07A-5B179BBB36AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{A313DC1A-64B5-4214-AA14-DCA71368F034}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe | "{AA5BB0F8-91AF-4BD5-B4C0-81279D0FA40A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B4F62CE2-9654-4761-B492-886E42BC3693}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB798A53-DB4B-44AC-BCD3-BC03E30A8108}" = protocol=6 | dir=out | app=system | "{C15B947E-8A32-4799-81B9-2E308FDD5C4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{C55ED223-561A-4984-946D-73D4029EDDDF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{CA243745-696D-4B59-8297-1612DF6C5073}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D09479B3-BBEA-4A99-85AB-A5064E00E183}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D32EB52A-5BBB-4319-B143-F153BDEC89B8}" = protocol=1 | dir=out | [email protected],-28544 | "{D4776BC9-B5DD-49CF-AA47-991A51B8FBB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EFFDA801-E020-4CD7-B3F8-0C11DC463607}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{F110C81C-CF8B-41C7-927E-6EECA585E13A}" = protocol=1 | dir=in | [email protected],-28543 | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0335701D-8E28-4A7F-B0EF-312974755BB2}" = Modem Diagnostic Tool"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Intel® PROSet/Wireless WiFi Software"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8D26D58C-3464-4C03-BB61-5695F984EFEF}" = Microsoft Security Client"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0"{E3047FA0-2D6B-4BD6-8CD4-599955F1CE9D}" = Microsoft Mouse and Keyboard Center"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{FBCA6D68-2FBE-4A52-8EAA-856CFEA714C8}" = Intel® PROSet/Wireless WiMAX Software"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center"Microsoft Security Client" = Microsoft Security Essentials"ProInst" = Intel PROSet Wireless [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Dell WLAN and Bluetooth Client Installation"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"Google Chrome" = Google Chrome"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"McAfee Security Scan" = McAfee Security Scan Plus"Office14.SingleImage" = Microsoft Office Home and Student 2010 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"BitTorrent" = BitTorrent"DigitalSite" = Update for Zip Extractor"Zip Extractor Packages" = Zip Extractor Packages ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 11/13/2013 8:57:51 PM | Computer Name = Keith-PC | Source = Customer Experience Improvement Program | ID = 1008Description = Error - 11/14/2013 7:49:09 PM | Computer Name = Keith-PC | Source = Customer Experience Improvement Program | ID = 1008Description = [ System Events ]Error - 11/14/2013 7:28:04 PM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7022Description = The Bluetooth Support Service service hung on starting. Error - 11/14/2013 7:28:04 PM | Computer Name = Keith-PC | Source = Service Control Manager | ID = 7001Description = The Bluetooth OBEX Service service depends on the Bluetooth Support Service service which failed to start because of the following error: %%1070 < End of report > Link to post Share on other sites
flashh4 Posted November 15, 2013 Report Share Posted November 15, 2013 Sorry it's been a busy day at computer cleaning,i will look over OTL log& be back asap with a written fix ! Chuck Link to post Share on other sites
flashh4 Posted November 15, 2013 Report Share Posted November 15, 2013 Keith, lets remove some stuff found in the OTL log ! We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems.Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus OTL . :OTL:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-1528523810-4291974427-3577454758-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundO4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not foundO4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft..../?LinkID=122915" /build:7601 File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]# Then click the Run Fix button at the top.# Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.Remember to enable your real time protection.Post that log next !! Chuck Link to post Share on other sites
Keith_G Posted November 15, 2013 Author Report Share Posted November 15, 2013 All processes killed========== OTL ==========HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-1528523810-4291974427-3577454758-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IntelTBRunOnce not found.Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.File Protocol\Handler\ms-help - No CLSID value found not found.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Keith->Java cache emptied: 7583 bytes User: Public Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Keith User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: Keith->Temp folder emptied: 375401463 bytes->Temporary Internet Files folder emptied: 69619128 bytes->Java cache emptied: 0 bytes->Google Chrome cache emptied: 428757325 bytes User: Public %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 3879776 bytes%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36702 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43256543 bytesRecycleBin emptied: 470671835 bytes Total Files Cleaned = 1,327.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore Point OTL by OldTimer - Version 3.2.69.0 log created on 11142013_194336 Files\Folders moved on Reboot...C:\Users\Keith\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Keith\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites
flashh4 Posted November 15, 2013 Report Share Posted November 15, 2013 Looks good Keith ! Clean up with OTL Right-click OTL.exe and select " Run as administrator " to run it. This will remove all the tools we used to clean your pc. Close all other programs apart from OTL as this step will require a reboot On the OTL main screen, press the CleanUp! button Say Yes to the prompt and then allow the program to reboot your computer.You can now delete any tools we used if they remain on your Desktop. ======================= I know you may have some of these installed, this is just my standard all clean speech !Congratulation you are clean !!!Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop. Here are some tips to reduce the potential for spyware infection in the future: 1. Make your Internet Explorer more secure - This can be done by following these simple instructions: * From within Internet Explorer click on the Tools menu and then click on Options. * Click once on the Security tab * Click once on the Internet icon so it becomes highlighted. * Click once on the Custom Level button. * Change the Download signed ActiveX controls to Prompt * Change the Download unsigned ActiveX controls to Disable * Change the Initialize and script ActiveX controls not marked as safe to Disable * Change the Installation of desktop items to Prompt * Change the Launching programs and files in an IFRAME to Prompt * Change the Navigate sub-frames across different domains to Prompt * When all these settings have been made, click on the OK button. * If it prompts you as to whether or not you want to save the settings, press the Yes button. * Next press the Apply button and then the OK to exit the Internet Properties page. 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps: * Open Internet Explorer * Click on Tools > Internet Options * Press Security tab * Select Internet zone then place check next to Enable Protected Mode if not already done * Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply * Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/I use & like FireFox !!3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection. 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:Online Armor Free Online Armor FreeAgnitum Outpost Firewall Free Agnitum Outpost Firewall5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open. 6. Consider a custom hosts file such as MVPS HOSTS This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file. 7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.8.Finally, I strongly recommend that you read TonyKlein's good advice A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-downloadYou are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/ Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.To insure better safety, these are a must have:Rule #1 ........ Good AntivirusRule #2 ........ Good FirewallRule #3 ........ Good Router is Great ! (optional but best)Happy surfing and Stay CleanChuck It will speed up some after a few normal re-boots !! How's it running ?? Any other problems !! Internet Explorer 10 Out of date! ........ This update is up to you for now till MS makes it mandatory !!Download your language & version >>> http://windows.microsoft.com/en-us/internet-explorer/ie-11-worldwide-languages Link to post Share on other sites
Recommended Posts