Needing help with flash

Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    This time, click on the Clean button.
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


Full System Scan with Malwarebytes Antimalware

    Please download Malwarebytes !

    Double-click mbam-setup- and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.

    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.


Please post these logs as you get them then continue on with the next in line !!




Link to post
Share on other sites
# AdwCleaner v3.212 - Report created 15/06/2014 at 20:38:51

# Updated 05/06/2014 by Xplode

# Operating System : Windows 7 Home Basic Service Pack 1 (32 bits)

# Username : Lynda Bincent - LYNDALAPTOP

# Running from : C:\Users\Lynda Bincent\Downloads\adwcleaner_3.212 (1).exe

# Option : Clean


***** [ Services ] *****



***** [ Files / Folders ] *****


Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\Media Get LLC

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\iBryte

Folder Deleted : C:\Program Files\uTorrentControl_v2

Folder Deleted : C:\Program Files\Common Files\Spigot

Folder Deleted : C:\Users\Lynda Bincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard

File Deleted : C:\Program Files\Mozilla Firefox\user.js

File Deleted : C:\Windows\System32\Tasks\BitGuard


***** [ Shortcuts ] *****



***** [ Registry ] *****


Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11C7BD4D-4A0E-494D-A5C0-E6D2C4A81DD7}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11C7BD4D-4A0E-494D-A5C0-E6D2C4A81DD7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler

Key Deleted : HKLM\SOFTWARE\Classes\MF

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKCU\Software\a68cd8b23beb42

Key Deleted : HKLM\SOFTWARE\a68cd8b23beb42

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225025

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7473B6BD-4691-4744-A82B-7854EB3D70B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{537F4F0B-3542-4C7D-A3E5-CF121482696C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F1C619DC-1F8C-4EAC-8326-A86571D7E7FF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0EE4B6F4-3677-4853-8166-28788CF3C035}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FD10651-262B-41F6-9576-BBB12878D780}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7A08176C-7DE3-4D2C-8829-4398157B0433}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{7473B6BD-4691-4744-A82B-7854EB3D70B6}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{37153479-1976-43C3-A1EE-557513977B64}]

Key Deleted : HKCU\Software\DataMngr

[#] Key Deleted : HKCU\Software\DataMngr_Toolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\InstallIQ

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\

Key Deleted : HKLM\Software\uTorrentControl_v2

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v2 Toolbar

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF


***** [ Browsers ] *****


-\\ Internet Explorer v11.0.9600.17041



-\\ Google Chrome v35.0.1916.153


[ File : C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\preferences ]





AdwCleaner[R0].txt - [7274 octets] - [15/06/2014 20:34:20]

AdwCleaner[R1].txt - [7330 octets] - [15/06/2014 20:35:55]

AdwCleaner[s0].txt - [7067 octets] - [15/06/2014 20:38:51]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [7127 octets] ##########
Link to post
Share on other sites

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x86
Ran by Lynda Bincent on Sun 06/15/2014 at 21:04:46.05


~~~ Services


~~~ Registry Values


~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-820361396-3150281825-3581644629-1004\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_0_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\Softonic_downloader_0_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3F62D94-EEBB-11E1-B88F-CBBD4CC15727}


~~~ Files


~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"


~~~ Event Viewer Logs were cleared



Scan was completed on Sun 06/15/2014 at 21:11:30.20
End of JRT log

Link to post
Share on other sites

Lynda, i must warn you about the use of P2P programs ! >>> uTorrent


P2P Warning

There are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.
Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect to become infected & malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
Below are a few more articles on P2P that you may wish to read .... ... works.html

Either refrain from using this program or simply remove, i would remove it before you become infected with something that we may not be able to clean ! I have seen this happen. !!!




Link to post
Share on other sites

Lynda forget the Malwarebytes log since it won't open right ! Lets continue with more cleaning & checking !!


Run RogueKiller

IMPORTANT: Do not reboot your computer if at all possible otherwise the malware will reactivate and you will have to run RogueKiller again

Download RogueKiller to your desktop. >>>

    close all running programs
    for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
    when the prescan is finished, click on Scan
    click on Report and copy/paste the content in your next post.[/list
    If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe

Please post the contents of the RKreport.txt in your next reply.







Download DDS and save it to your Desktop.  >>> DDS

    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.

Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.











Vista and Windows 7 users:

These tools MUST be run from the executable. (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")


Download OldTimer to your desk top !


If you already have a copy of OTL delete it and use this version.

* Double click OTL.exe to launch the program.
* Check the following.

   o Scan all users.
   o Standard Output.
   o Lop check.
   o Purity check.

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

   o OTL.txt (open on your desktop).
   o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

*This may have to be broken into more than one post !



Post next:

1. RougeKiller log

2. DDS log(s)

3. OTL Logs






Work on these as you have the time & post them, i will read threw them tomorrow & write up a fix !!

Link to post
Share on other sites

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software

mail :

Feedback :

Website :

Blog :

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lynda Bincent [Admin rights]

Mode : Scan -- Date : 06/16/2014 01:09:56

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 11 ¤¤¤

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x837421e8

[iRP:Addr] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x837421e8

[EAT:Addr] (iexplore.exe) jscript9.dll - DllCanUnloadNow : C:\Windows\System32\ieapfltr.dll @ 0x69c71845

[EAT:Addr] (iexplore.exe) jscript9.dll - DllGetClassObject : C:\Windows\System32\ieapfltr.dll @ 0x69c67390

[EAT:Addr] (iexplore.exe) jscript9.dll - DllRegisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca0fe0

[EAT:Addr] (iexplore.exe) jscript9.dll - DllUnregisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca1042

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8025GAL ATA Device +++++

--- User ---

[MBR] e83bb28b746d66711df4619ca8757469

[bSP] ef220eb94b0c0129ca22e6354ac2bd9d : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB

User = LL1 ... OK

User = LL2 ... OK



Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 11.0.9600.17041 BrowserJavaVersion: 10.7.2

Run by Lynda Bincent at 1:27:28 on 2014-06-16


============== Running Processes ================




c:\Program Files\Microsoft Security Client\MsMpEng.exe







C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe



C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

C:\Program Files\Microsoft Security Client\msseces.exe


C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe


C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe


C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC


============== Pseudo HJT Report ===============


mURLSearchHooks: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - <orphaned>

BHO: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77} : DHCPNameServer =

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\2716D6164616 : DHCPNameServer =

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\343405C4 : DHCPNameServer =

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\441697370294E6E60275962756C6563737 : DHCPNameServer =

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\D4162796F6E6F564275656F575966496 : DHCPNameServer =

TCP: Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}\E4544574541425 : DHCPNameServer =

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.153\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome


============= SERVICES / DRIVERS ===============


R? aswSnx;aswSnx

R? b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? IEEtwCollectorService;Internet Explorer ETW Collector Service

R? LMIInfo;LogMeIn Kernel Information Provider

R? LMIRfsClientNP;LMIRfsClientNP

R? RdpVideoMiniport;Remote Desktop Video Miniport Driver

R? TsUsbFlt;TsUsbFlt

S? AESTFilters;Andrea ST Filters Service

S? btusbflt;Bluetooth USB Filter

S? LMIRfsDriver;LogMeIn Remote File System Driver

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? MBAMSwissArmy;MBAMSwissArmy

S? MBAMWebAccessControl;MBAMWebAccessControl

S? MpFilter;Microsoft Malware Protection Driver

S? MpKsl9763322e;MpKsl9763322e

S? MpKsl99dc4dc7;MpKsl99dc4dc7

S? NisDrv;Microsoft Network Inspection System

S? NisSrv;Microsoft Network Inspection

S? Skype C2C Service;Skype C2C Service

S? SmartDefragDriver;SmartDefragDriver

S? yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller


=============== Created Last 30 ================


2014-06-16 05:41:50 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\MpKsl99dc4dc7.sys

2014-06-16 04:06:45 39464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\MpKsl9763322e.sys

2014-06-16 04:06:18 26624 ----a-w- c:\windows\system32\drivers\TrueSight.sys

2014-06-16 04:06:16 -------- d-----w- c:\programdata\RogueKiller

2014-06-16 02:36:16 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-06-16 02:34:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-06-16 02:34:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-06-16 02:34:36 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-06-16 02:34:35 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-06-16 02:33:27 -------- d-----w- c:\users\lynda bincent\appdata\local\Programs

2014-06-16 02:04:37 -------- d-----w- c:\windows\ERUNT

2014-06-16 01:35:38 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-06-16 01:33:51 -------- d-----w- C:\AdwCleaner

2014-06-15 18:55:47 -------- d-----w- c:\users\lynda bincent\appdata\local\Google

2014-06-15 14:22:02 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a4d0fa3d-acef-4ada-ab95-0de88d03f0c6}\mpengine.dll

2014-06-14 03:58:09 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1666548a-d9fa-4493-a19d-72b1734d3a65}\gapaengine.dll

2014-06-14 03:56:10 8073384 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2014-06-11 21:59:22 1389056 ----a-w- c:\windows\system32\msxml6.dll

2014-06-11 21:59:21 2048 ----a-w- c:\windows\system32\msxml6r.dll

2014-06-11 21:59:21 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-06-11 21:59:21 1237504 ----a-w- c:\windows\system32\msxml3.dll

2014-06-11 21:59:17 187840 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2014-06-11 21:59:17 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2014-06-11 21:59:12 391680 ----a-w- c:\windows\system32\aepdu.dll

2014-06-11 21:59:12 302592 ----a-w- c:\windows\system32\aeinv.dll

2014-06-11 21:58:57 626688 ----a-w- c:\windows\system32\usp10.dll

2014-06-11 12:29:15 2742784 ----a-w- c:\windows\system32\rdpcorets.dll

2014-06-11 12:29:15 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2014-06-04 19:07:27 765968 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll

2014-05-29 04:05:19 5694464 ----a-w- c:\windows\system32\mstscax.dll

2014-05-26 19:59:09 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2014-05-26 19:58:59 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-05-26 19:58:56 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2014-05-26 19:58:52 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2014-05-26 19:58:52 17920 ----a-w- c:\windows\system32\wksprtPS.dll

2014-05-26 19:58:52 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-05-26 19:58:51 53248 ----a-w- c:\windows\system32\tsgqec.dll

2014-05-26 19:58:50 855552 ----a-w- c:\windows\system32\rdvidcrl.dll

2014-05-26 19:58:50 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe

2014-05-26 19:58:50 350208 ----a-w- c:\windows\system32\wksprt.exe

2014-05-26 19:58:49 1068544 ----a-w- c:\windows\system32\mstsc.exe

2014-05-26 19:53:33 -------- d-----w- c:\program files\Microsoft

2014-05-26 19:51:20 -------- d-----w- c:\windows\Temp2EF300B1-A887-8409-8FAC-7BAE39C870AA-Signatures

2014-05-26 19:08:24 -------- d-----w- c:\program files\Microsoft Security Client

2014-05-26 18:20:49 792576 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-05-25 03:13:58 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-05-24 01:18:19 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-23 17:20:09 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{06d3b6ff-f369-4ece-a200-e72c2b7851a7}\mpengine.dll

2014-05-23 16:30:03 -------- d-sh--w- c:\users\lynda bincent\appdata\local\EmieUserList

2014-05-23 16:30:03 -------- d-sh--w- c:\users\lynda bincent\appdata\local\EmieSiteList

2014-05-23 16:25:57 -------- d-sh--w- C:\found.000

2014-05-18 09:54:13 -------- d-s---w- c:\windows\system32\CompatTel

2014-05-18 08:42:15 -------- d-----w- c:\windows\system32\MRT

2014-05-18 08:07:46 640512 ----a-w- c:\windows\system32\advapi32.dll

2014-05-18 08:07:46 619520 ----a-w- c:\windows\system32\tdh.dll

2014-05-18 08:07:46 1289096 ----a-w- c:\windows\system32\ntdll.dll

2014-05-18 08:07:08 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2014-05-18 08:07:08 231424 ----a-w- c:\windows\system32\mswsock.dll

2014-05-17 23:02:46 40960 ----a-w- c:\windows\system32\wwanprotdim.dll

2014-05-17 23:02:46 185344 ----a-w- c:\windows\system32\wwansvc.dll

2014-05-17 23:02:42 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys

2014-05-17 23:02:42 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys

2014-05-17 23:02:42 2048 ----a-w- c:\windows\system32\iologmsg.dll

2014-05-17 23:02:42 149440 ----a-w- c:\windows\system32\drivers\storport.sys

2014-05-17 23:01:59 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll

2014-05-17 22:52:27 381440 ----a-w- c:\windows\system32\wer.dll

2014-05-17 20:58:47 -------- d-----w- C:\007295d5d97d96774a

2014-05-17 20:54:42 12625408 ----a-w- c:\windows\system32\wmploc.DLL

2014-05-17 20:54:39 164864 ----a-w- c:\program files\windows media player\wmplayer.exe


==================== Find3M ====================


2014-06-15 18:55:03 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-06-15 18:55:03 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-04-12 02:15:13 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2014-04-12 02:15:13 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2014-04-12 02:12:09 15872 ----a-w- c:\windows\system32\sspisrv.dll

2014-04-12 02:12:09 100352 ----a-w- c:\windows\system32\sspicli.dll

2014-04-12 02:12:06 22016 ----a-w- c:\windows\system32\secur32.dll

2014-04-12 02:11:58 1059840 ----a-w- c:\windows\system32\lsasrv.dll

2014-04-12 02:11:22 22528 ----a-w- c:\windows\system32\lsass.exe

2013-06-07 17:55:12 4167680 ----a-w- c:\program files\GUT34ED.tmp


============= FINISH: 1:29:58.91 ===============

Link to post
Share on other sites


==== Installed Programs ======================


Adobe Flash Player 13 Plugin

Adobe Flash Player 14 ActiveX

Apple Application Support

Apple Software Update


Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Facebook Video Calling

Google Chrome

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Intel® Graphics Media Accelerator Driver

Java 7 Update 7

Java Auto Updater

Logitech Vid HD

Logitech Webcam Software

LogMeIn Hamachi

Malwarebytes Anti-Malware version

Microsoft .NET Framework 4.5.1

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

PerfectDisk 11 Professional

Pokémon Trading Card Game Online

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Skype Click to Call

Smart Defrag 2

Synaptics Pointing Device Driver

System Requirements Lab for Intel

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

WinZip 16.5


==== End Of File ===========================

Link to post
Share on other sites

Good Morning (here) Lynda, we are gaining on the cleaning !


Did you forget to run & post the OTL log for me ???? The instructions are above in my last post !

I need it before you finish my instructions below !!






We need to run the RougeKiller again with these instructions this time !


Open RogueKiller :     
* Quit all programs that you may have started.
* Please disconnect any USB or external drives from the computer before you run this scan!
* For Vista or Windows 7, right-click and select "Run as Administrator to start"
* For Windows XP, double-click to start.
* Wait until Prescan has finished ...
* Then Click on "Scan" button
* Wait until the Status box shows "Scan Finished"
* click on "delete"
* Wait until the Status box shows "Deleting Finished"
* Click on "Report" and copy/paste the content of the Notepad into your next reply.
* The log should be found in RKreport[1].txt on your Desktop
* Exit/Close RogueKiller+








Go to your control panel & under the add/remove /uninstall programs please remove these, if present !

1. Java 7 Update 7







Please download Farbar Service Scanner and run it on the computer with the issue. >>>

    Make sure the following options are checked:
       * Internet Services
      *  Windows Firewall
       * System Restore
    Press "Scan" .
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.



Please post next:

1. OTL Log

2. RougeKiller log

3. FSS TXT log





Link to post
Share on other sites

OTL logfile created on: 6/16/2014 9:25:30 AM - Run 1

OTL by OldTimer - Version Folder = C:\Users\Lynda Bincent\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 141.95 Mb Available Physical Memory | 13.98% Memory free

1.99 Gb Paging File | 0.83 Gb Available in Paging File | 41.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 50.78 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: LYNDALAPTOP | User Name: Lynda Bincent | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/06/16 08:47:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lynda Bincent\Downloads\OTL.exe

PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\NisSrv.exe

PRC - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe

PRC - [2014/03/11 10:13:14 | 000,951,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2013/01/09 13:38:43 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2011/03/15 15:18:04 | 000,066,824 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe

PRC - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

PRC - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe

PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

PRC - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

PRC - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/09/21 17:49:10 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/09/21 17:49:10 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\stacsv.exe

PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\AEstSrv.exe

========== Modules (No Company Name) ==========

MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2009/10/14 14:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe

MOD - [2009/10/14 14:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe

========== Services (SafeList) ==========

SRV - [2014/06/15 13:55:11 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/05/18 03:09:37 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/03/11 10:13:24 | 000,279,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV - [2014/03/11 10:13:24 | 000,022,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2011/03/15 15:18:00 | 001,570,056 | ---- | M] (Raxco Software, Inc.) [Auto | Running] -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent)

SRV - [2011/03/15 15:17:46 | 001,475,848 | ---- | M] (Raxco Software, Inc.) [On_Demand | Running] -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine)

SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2009/10/07 02:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009/09/21 17:49:10 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\stacsv.exe -- (STacSV)

SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_d5cfa0b8f21ea198\AEstSrv.exe -- (AESTFilters)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\LYNDAB~1\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | Auto | Stopped] -- -- (LMIInfo)

DRV - [2014/06/16 08:06:04 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2014/06/16 00:41:50 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4D0FA3D-ACEF-4ADA-AB95-0DE88D03F0C6}\MpKsl99dc4dc7.sys -- (MpKsl99dc4dc7)

DRV - [2014/06/15 23:06:45 | 000,039,464 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A4D0FA3D-ACEF-4ADA-AB95-0DE88D03F0C6}\MpKsl9763322e.sys -- (MpKsl9763322e)

DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2014/03/11 09:52:30 | 000,104,264 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2013/10/01 19:42:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/12/10 20:01:01 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/10/15 12:32:35 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2012/07/03 11:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/05/23 17:35:39 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2010/11/26 19:02:20 | 000,015,672 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)

DRV - [2010/11/20 04:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/08/11 09:10:06 | 000,135,184 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS)

DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)

DRV - [2009/10/07 02:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/09/28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)

DRV - [2009/09/21 17:49:10 | 000,418,304 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2009/07/13 19:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/03/18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)

DRV - [2008/07/26 16:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/07/26 16:25:48 | 000,627,864 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2008/07/26 16:22:34 | 002,570,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI)

DRV - [2008/07/26 16:22:22 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKLM\..\URLSearchHook: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" ={searchTerms}&src=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9F 3E 9D C9 A0 FD CE 01 [binary data]

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS521

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\ C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\ Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\ Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.)

[2012/09/10 07:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage:

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

CHR - plugin: Java Deployment Toolkit (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\

CHR - Extension: Google Drive = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\\

CHR - Extension: YouTube = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\\

CHR - Extension: Google Wallet = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\\

CHR - Extension: Gmail = C:\Users\Lynda Bincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [igfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} (Java Plug-in 1.6.0_34)


O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D81957-097B-4522-A163-58FDBD772B77}: DhcpNameServer =

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (SmartDefragBootTime.exe)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\ [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Link to post
Share on other sites

========== Files/Folders - Created Within 30 Days ==========

[2014/06/15 23:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller

[2014/06/15 21:36:16 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/06/15 21:35:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/06/15 21:34:37 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2014/06/15 21:34:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2014/06/15 21:34:36 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2014/06/15 21:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/06/15 21:33:27 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Local\Programs

[2014/06/15 21:04:37 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/06/15 20:35:38 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/06/15 20:33:51 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/06/15 14:02:02 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Roaming\Google

[2014/06/15 13:58:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2014/06/15 13:57:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2014/06/15 13:55:47 | 000,000,000 | ---D | C] -- C:\Users\Lynda Bincent\AppData\Local\Google

[2014/06/11 16:59:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6r.dll

[2014/06/11 16:59:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll

[2014/06/11 16:59:17 | 000,187,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS

[2014/06/11 16:59:12 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014/06/11 16:59:12 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014/06/11 07:29:15 | 002,742,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll

[2014/06/11 07:29:15 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RdpGroupPolicyExtension.dll

[2014/05/26 14:59:09 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll

[2014/05/26 14:58:59 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe

[2014/05/26 14:58:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys

[2014/05/26 14:58:52 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll

[2014/05/26 14:58:52 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll

[2014/05/26 14:58:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll

[2014/05/26 14:58:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll

[2014/05/26 14:58:50 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll

[2014/05/26 14:58:50 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe

[2014/05/26 14:58:50 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe

[2014/05/26 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2014/05/26 14:51:20 | 000,000,000 | ---D | C] -- C:\Windows\Temp2EF300B1-A887-8409-8FAC-7BAE39C870AA-Signatures

[2014/05/26 14:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2014/05/26 13:20:49 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll

[2014/05/24 22:13:58 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe

[2014/05/23 20:18:19 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/05/23 11:30:03 | 000,000,000 | -HSD | C] -- C:\Users\Lynda Bincent\AppData\Local\EmieUserList

[2014/05/23 11:30:03 | 000,000,000 | -HSD | C] -- C:\Users\Lynda Bincent\AppData\Local\EmieSiteList

[2014/05/23 11:25:57 | 000,000,000 | -HSD | C] -- C:\found.000

[2014/05/18 04:54:13 | 000,000,000 | --SD | C] -- C:\Windows\System32\CompatTel

[2014/05/18 03:42:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT

[2014/05/18 03:09:45 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2014/05/18 03:09:43 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2014/05/18 03:09:43 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2014/05/18 03:09:43 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/05/18 03:09:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2014/05/18 03:09:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/05/18 03:09:42 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2014/05/18 03:09:42 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/05/18 03:09:41 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2014/05/18 03:09:41 | 000,367,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/05/18 03:09:41 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/05/18 03:09:40 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/05/18 03:09:40 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/05/18 03:09:40 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/05/18 03:09:40 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/05/18 03:09:40 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/05/18 03:09:40 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/05/18 03:09:39 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/05/18 03:09:39 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/05/18 03:09:39 | 000,238,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/05/18 03:09:39 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2014/05/18 03:09:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2014/05/18 03:09:39 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2014/05/18 03:09:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2014/05/18 03:09:38 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/05/18 03:09:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2014/05/18 03:09:37 | 004,254,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/05/18 03:09:37 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/05/18 03:09:37 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2014/05/18 03:09:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2014/05/18 03:09:37 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/05/18 03:09:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2014/05/18 03:09:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2014/05/18 03:09:37 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/05/18 03:09:37 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/05/18 03:09:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2014/05/18 03:09:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/05/18 03:09:37 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2014/05/18 03:09:37 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/05/18 03:09:37 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/05/18 03:09:36 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/05/18 03:07:46 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll

[2014/05/17 18:03:22 | 002,349,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2014/05/17 18:03:19 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll

[2014/05/17 18:03:05 | 003,969,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2014/05/17 18:03:04 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2014/05/17 18:03:02 | 000,538,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\objsel.dll

[2014/05/17 18:03:01 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll

[2014/05/17 18:03:01 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngprovider.dll

[2014/05/17 18:03:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\adprovider.dll

[2014/05/17 18:03:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\capiprovider.dll

[2014/05/17 18:03:01 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpapiprovider.dll

[2014/05/17 18:03:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dimsroam.dll

[2014/05/17 18:03:01 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wincredprovider.dll

[2014/05/17 18:03:00 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sspisrv.dll

[2014/05/17 18:02:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll

[2014/05/17 18:02:42 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys

[2014/05/17 18:02:42 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys

[2014/05/17 18:02:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll

[2014/05/17 17:52:27 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wer.dll

[2014/05/17 15:58:47 | 000,000,000 | ---D | C] -- C:\007295d5d97d96774a

[2014/05/17 15:54:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/06/16 09:07:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/06/16 08:55:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/06/16 08:31:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000UA.job

[2014/06/16 08:07:02 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000UA.job

[2014/06/16 08:06:04 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/06/16 00:42:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/06/16 00:42:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/06/16 00:41:44 | 000,026,624 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys

[2014/06/16 00:32:48 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/06/16 00:32:36 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl

[2014/06/16 00:32:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/06/16 00:32:13 | 798,466,048 | -HS- | M] () -- C:\hiberfil.sys

[2014/06/15 22:31:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000Core.job

[2014/06/15 21:35:31 | 000,001,060 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/15 21:24:09 | 000,008,442 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Needing help with flash - Malware Removal - BestTechie Forums.url

[2014/06/15 18:58:40 | 000,002,225 | ---- | M] () -- C:\Users\Lynda Bincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/15 14:32:34 | 000,002,129 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/06/15 14:07:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-820361396-3150281825-3581644629-1000Core.job

[2014/06/15 13:55:03 | 000,699,056 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe

[2014/06/15 13:55:03 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2014/06/09 17:33:56 | 000,000,216 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Lynda Vincent.url

[2014/06/09 17:32:14 | 000,000,176 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\QuiBids, The Best Online Auction Site! -

[2014/06/09 17:31:43 | 000,000,164 | ---- | M] () -- C:\Users\Lynda Bincent\Desktop\Electronics, Cars, Fashion, Collectibles, Coupons and More eBay.url

[2014/06/08 03:48:16 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll

[2014/06/08 03:43:43 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll

[2014/06/07 22:26:25 | 000,055,109 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Tornado.jpg

[2014/06/07 18:56:25 | 000,038,528 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\BEAUTIFUL CLOUDS.jpg

[2014/05/26 14:53:23 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2014/05/26 12:32:20 | 000,232,114 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\census.cache

[2014/05/26 12:32:19 | 000,121,015 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\ars.cache

[2014/05/26 11:19:04 | 000,000,010 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\sponge.last.runtime.cache

[2014/05/26 11:12:27 | 000,000,036 | ---- | M] () -- C:\Users\Lynda Bincent\AppData\Local\housecall.guid.cache

[2014/05/26 10:33:05 | 000,081,550 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Kk and Me.jpg

[2014/05/26 10:32:16 | 000,011,488 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Hurt with Truth but never with a lie.jpg

[2014/05/26 10:32:16 | 000,003,594 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynn.jpg

[2014/05/26 10:31:42 | 000,409,552 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynda.htm

[2014/05/26 10:21:51 | 000,050,938 | ---- | M] () -- C:\Users\Lynda Bincent\Documents\Lynda.jpg

[2014/05/23 20:20:25 | 000,662,634 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/05/23 20:20:25 | 000,122,470 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/05/18 04:59:42 | 000,399,888 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2014/05/18 03:09:45 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll

[2014/05/18 03:09:43 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsIntl.dll

[2014/05/18 03:09:43 | 000,182,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2014/05/18 03:09:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2014/05/18 03:09:43 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2014/05/18 03:09:43 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/05/18 03:09:42 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2014/05/18 03:09:42 | 000,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/05/18 03:09:42 | 000,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll

[2014/05/18 03:09:41 | 000,704,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2014/05/18 03:09:41 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2014/05/18 03:09:41 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/05/18 03:09:40 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll

[2014/05/18 03:09:40 | 000,575,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2014/05/18 03:09:40 | 000,238,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2014/05/18 03:09:40 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/05/18 03:09:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2014/05/18 03:09:40 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2014/05/18 03:09:40 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2014/05/18 03:09:39 | 001,967,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/05/18 03:09:39 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/05/18 03:09:39 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2014/05/18 03:09:39 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2014/05/18 03:09:39 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2014/05/18 03:09:39 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2014/05/18 03:09:38 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/05/18 03:09:38 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2014/05/18 03:09:37 | 004,254,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2014/05/18 03:09:37 | 000,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll

[2014/05/18 03:09:37 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/05/18 03:09:37 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2014/05/18 03:09:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2014/05/18 03:09:37 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe

[2014/05/18 03:09:37 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2014/05/18 03:09:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2014/05/18 03:09:37 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll

[2014/05/18 03:09:37 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll

[2014/05/18 03:09:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2014/05/18 03:09:37 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/05/18 03:09:37 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2014/05/18 03:09:37 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/05/18 03:09:37 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll

[2014/05/18 03:07:46 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tdh.dll

[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/06/15 23:06:18 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys

[2014/06/15 21:35:31 | 000,001,060 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/15 21:24:08 | 000,008,442 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Needing help with flash - Malware Removal - BestTechie Forums.url

[2014/06/15 14:34:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\Ikeext.etl

[2014/06/15 13:58:36 | 000,002,225 | ---- | C] () -- C:\Users\Lynda Bincent\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2014/06/15 13:58:36 | 000,002,129 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/06/15 13:56:01 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/06/15 13:55:59 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/06/09 17:33:54 | 000,000,216 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Lynda Vincent.url

[2014/06/09 17:32:14 | 000,000,176 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\QuiBids, The Best Online Auction Site! -

[2014/06/09 17:31:42 | 000,000,164 | ---- | C] () -- C:\Users\Lynda Bincent\Desktop\Electronics, Cars, Fashion, Collectibles, Coupons and More eBay.url

[2014/06/07 22:27:05 | 000,055,109 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Tornado.jpg

[2014/06/07 18:58:05 | 000,038,528 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\BEAUTIFUL CLOUDS.jpg

[2014/05/26 14:09:00 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2014/05/26 12:32:20 | 000,232,114 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\census.cache

[2014/05/26 12:32:19 | 000,121,015 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\ars.cache

[2014/05/26 11:19:04 | 000,000,010 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\sponge.last.runtime.cache

[2014/05/26 11:12:27 | 000,000,036 | ---- | C] () -- C:\Users\Lynda Bincent\AppData\Local\housecall.guid.cache

[2014/05/26 10:36:52 | 000,081,550 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Kk and Me.jpg

[2014/05/26 10:34:57 | 000,011,488 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Hurt with Truth but never with a lie.jpg

[2014/05/26 10:33:00 | 000,003,594 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynn.jpg

[2014/05/26 10:31:41 | 000,409,552 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynda.htm

[2014/05/26 10:23:11 | 000,050,938 | ---- | C] () -- C:\Users\Lynda Bincent\Documents\Lynda.jpg

[2014/05/18 03:09:40 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2013/03/06 13:07:17 | 000,015,672 | ---- | C] () -- C:\Windows\System32\drivers\SmartDefragDriver.sys

[2012/09/25 16:56:59 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini




"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 21:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment


"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/18 11:08:32 | 000,636,928 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free


"" = %systemroot%\system32\wbem\wbemess.dll -- [2012/12/18 11:08:32 | 000,351,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2013/06/07 18:11:21 | 000,000,000 | ---D | M] -- C:\Users\Lynda Bincent\AppData\Roaming\DVDVideoSoft

[2013/06/07 18:04:24 | 000,000,000 | ---D | M] -- C:\Users\Lynda Bincent\AppData\Roaming\IObit

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/16/2014 9:25:30 AM - Run 1

OTL by OldTimer - Version Folder = C:\Users\Lynda Bincent\Downloads

Home Basic Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1015.30 Mb Total Physical Memory | 141.95 Mb Available Physical Memory | 13.98% Memory free

1.99 Gb Paging File | 0.83 Gb Available in Paging File | 41.76% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 74.43 Gb Total Space | 50.78 Gb Free Space | 68.23% Space Free | Partition Type: NTFS

Computer Name: LYNDALAPTOP | User Name: Lynda Bincent | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========


.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)


.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========


batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========


"DisableNotifications" = 0

"EnableFirewall" = 1


"DisableNotifications" = 0

"EnableFirewall" = 1


"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========


"{05573ABF-35C3-47D3-85D4-ABB81AC38AC3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{130F7C14-E4A4-4679-ADF5-0B698A5FDA2E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{146B3FE4-4D51-4DEB-AB67-25DE7C993155}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{23D614C2-F8CA-491F-B233-47CCA9E579B4}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{247FF247-B826-4F41-8824-3B96F4029479}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{2EF1F80A-B174-4AE4-8760-2BEEEC9FA544}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |

"{38B10EBE-27AC-470B-B4E4-B46E4B2EE712}" = rport=445 | protocol=6 | dir=out | app=system |

"{410D3E97-9295-43A6-B2E7-020A1CE9010D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{45E01EAA-EFFA-4B23-81F8-07273067B306}" = rport=138 | protocol=17 | dir=out | app=system |

"{4CE47743-2186-46AE-9AB4-D803B35486CF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5253A24A-3533-491D-84DF-29CE86520C62}" = lport=137 | protocol=17 | dir=in | app=system |

"{5D042874-3FFD-4C81-BE1B-81811FF22904}" = lport=138 | protocol=17 | dir=in | app=system |

"{6F10BAAC-B67F-4181-8EE4-607C76EF3C8A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{7738EB84-08A4-47E9-80BD-979D776BFA6F}" = lport=445 | protocol=6 | dir=in | app=system |

"{879E4921-A47B-48ED-B368-07165AF165C2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |

"{9250A6BA-74FF-47E1-9D73-A8844BF565A7}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{96F6E91A-3F53-4FEA-A228-9AD2364C5D4F}" = lport=139 | protocol=6 | dir=in | app=system |

"{97D8D5AF-CCE8-4FED-9D41-D3A3AC267DBF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9FD0016A-8F13-42A9-B5DA-D9BEDEF23803}" = rport=139 | protocol=6 | dir=out | app=system |

"{A0F20905-D1C7-4D6A-9AFB-25755D6DC53F}" = lport=10243 | protocol=6 | dir=in | app=system |

"{BAC3AB67-0D45-417A-8BF6-DA7AEC3826C7}" = rport=10243 | protocol=6 | dir=out | app=system |

"{C2DADFFF-072D-4F3D-A2F3-3A08AA2DCE16}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{CA00D4E1-89CD-4FDA-B3A5-11917051A4FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{CF419647-D89E-4C22-8B6A-E6D9962609DA}" = lport=2869 | protocol=6 | dir=in | app=system |

"{D136B570-F0C7-47F7-8C2B-4740EC10D073}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D9623B32-57A6-408C-9EFB-2E4EB4A2C9A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{E1C9146D-48AE-4AC0-98DF-AE4D95F56D32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{EC545A51-C26C-4898-93C7-87F9E44A3E61}" = rport=137 | protocol=17 | dir=out | app=system |

"{ED76692F-E847-4176-B462-00DF1259EC57}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{F98B70FF-E14D-4159-A26A-2D57DE352CDA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FC1160AC-71DC-48CC-8168-978AB1E5BBD6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{FDCA3F77-C59D-46F0-B360-9E4111A4C6A4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========


"{25AD6C30-B525-47A0-8525-0B2442FED18C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2EE305CD-5D50-4CF0-BA00-82981B316CA5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{37054615-9177-4321-8CAF-FCDE016876E5}" = protocol=17 | dir=in | app=c:\users\duane\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{3C33BB9B-E2D5-413C-93EB-287CC21364E4}" = protocol=1 | dir=out | [email protected],-28544 |

"{407D0D1B-34E1-42B3-A69E-1E149D71F260}" = protocol=6 | dir=in | app=c:\users\duane\appdata\local\google\google talk plugin\googletalkplugin.exe |

"{45736AED-8F12-4820-A9D4-613C4D473F21}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{4983B103-678B-42F4-8491-624D7E718C50}" = protocol=58 | dir=out | [email protected],-28546 |

"{65456A35-D9F8-446D-9153-FF00B3C0E80F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{66BE8E71-D679-4628-BF40-EBF7F922C926}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6DE4154C-2A18-4CF4-9E1A-B154BD643694}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7A96058F-CE64-4175-8F51-9BA764918A04}" = protocol=1 | dir=in | [email protected],-28543 |

"{89BDF013-BA4E-4BFC-B6BF-30AA5E12C9BA}" = protocol=6 | dir=out | app=system |

"{89CF99E3-FDCA-44A1-8D3A-93BD47D7E9E0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{AA05C409-14EF-4D5F-A3BF-C47E9B952434}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{B63D8A6A-AB9D-4A73-99FA-9540E097D191}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{BAA20A52-9FAD-4885-8340-E9CB8E32CF9E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{BD46B986-F68F-442C-B771-4F9358C7424B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{C1A09A1C-6AFE-44B6-AD6E-27D137F319DE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |

"{C67CF20F-3B84-4D05-92BB-33E9EDC7CBE8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{C7FC13C1-29B5-4601-BB27-C2CAB7A7362A}" = protocol=17 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

"{D9C07777-E3A7-46E7-8BB2-FFF13119D56C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{DD22B246-4842-4A98-A72C-5AB52A401ADB}" = protocol=58 | dir=in | [email protected],-28545 |

"{DD543B16-1215-4CDA-8888-B4072292FF7B}" = dir=in | app=c:\users\duane\appdata\local\facebook\video\skype\facebookvideocalling.exe |

"{EB17C3E3-3545-49CE-9959-ED5308266312}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{F060E994-A608-490D-ADB0-73EFECA6E55F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{F3B11E89-183B-4DE9-873B-5AAC61EE1872}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |

"{F97B51AD-6942-4DAB-9430-FE99F5246E72}" = protocol=6 | dir=in | app=c:\program files\logitech\vid hd\vid.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========


"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7

"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support

"{36A345C9-0691-45A1-AEEF-29ECEC8B5014}" = Microsoft Security Client

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{76CE5B47-F5A4-4E5C-99A0-CEFF6146EA4A}" = System Requirements Lab for Intel

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B7607FC8-72AD-486D-B6B7-A402D5876309}" = PerfectDisk 11 Professional

"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D4}" = WinZip 16.5

"{D81F39D4-FDA9-4356-92B1-16081D8BF71A}" = Pokémon Trading Card Game Online

"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi

"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin

"CCleaner" = CCleaner

"Google Chrome" = Google Chrome

"HDMI" = Intel® Graphics Media Accelerator Driver

"Logitech Vid" = Logitech Vid HD

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version

"Microsoft Security Client" = Microsoft Security Essentials

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Smart Defrag 2_is1" = Smart Defrag 2

"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 20 Event Log Errors ==========

[ System Events ]

Error - 6/15/2014 10:26:58 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/15/2014 10:27:55 PM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/15/2014 11:15:48 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%2

Error - 6/15/2014 11:15:57 PM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/15/2014 11:16:56 PM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/16/2014 1:32:25 AM | Computer Name = LyndaLaptop | Source = EventLog | ID = 6008

Description = The previous system shutdown at 12:19:38 AM on ?6/?16/?2014 was unexpected.

Error - 6/16/2014 1:32:36 AM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7000

Description = The LogMeIn Kernel Information Provider service failed to start due

to the following error: %%2

Error - 6/16/2014 1:32:53 AM | Computer Name = LyndaLaptop | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

aswSnx cdrom

Error - 6/16/2014 1:33:35 AM | Computer Name = LyndaLaptop | Source = DCOM | ID = 10016

Description =

Error - 6/16/2014 3:01:14 AM | Computer Name = LyndaLaptop | Source = volsnap | ID = 393252

Description = The shadow copies of volume C: were aborted because the shadow copy

storage could not grow due to a user imposed limit.

< End of report >

Link to post
Share on other sites

RogueKiller V9.0.2.0 [Jun 3 2014] by Adlice Software

mail :

Feedback :

Website :

Blog :

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version

Started in : Normal mode

User : Lynda Bincent [Admin rights]

Mode : Remove -- Date : 06/16/2014 10:38:09

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mbr -> NOT SELECTED

[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mbr -> NOT SELECTED

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> NOT SELECTED

[PUM.Policies] HKEY_USERS\S-1-5-21-820361396-3150281825-3581644629-1004\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> NOT SELECTED

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED

[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 8 ¤¤¤

[EAT:Addr] (iexplore.exe) jscript9.dll - DllCanUnloadNow : C:\Windows\System32\ieapfltr.dll @ 0x69c71845

[EAT:Addr] (iexplore.exe) jscript9.dll - DllGetClassObject : C:\Windows\System32\ieapfltr.dll @ 0x69c67390

[EAT:Addr] (iexplore.exe) jscript9.dll - DllRegisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca0fe0

[EAT:Addr] (iexplore.exe) jscript9.dll - DllUnregisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca1042

[EAT:Addr] (iexplore.exe) jscript9.dll - DllCanUnloadNow : C:\Windows\System32\ieapfltr.dll @ 0x69c71845

[EAT:Addr] (iexplore.exe) jscript9.dll - DllGetClassObject : C:\Windows\System32\ieapfltr.dll @ 0x69c67390

[EAT:Addr] (iexplore.exe) jscript9.dll - DllRegisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca0fe0

[EAT:Addr] (iexplore.exe) jscript9.dll - DllUnregisterServer : C:\Windows\System32\ieapfltr.dll @ 0x69ca1042

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8025GAL ATA Device +++++

--- User ---

[MBR] e83bb28b746d66711df4619ca8757469

[bSP] ef220eb94b0c0129ca22e6354ac2bd9d : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 76217 MB

User = LL1 ... OK

User = LL2 ... OK


RKreport_SCN_06152014_235303.log - RKreport_SCN_06162014_010956.log - RKreport_SCN_06162014_103355.log

Link to post
Share on other sites

Farbar Service Scanner Version: 10-06-2014

Ran by Lynda Bincent (administrator) on 16-06-2014 at 10:49:14

Running from "C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BC7UGNA5"

Microsoft Windows 7 Home Basic Service Pack 1 (X86)

Boot Mode: Normal


Internet Services:


Connection Status:


Localhost is accessible.

LAN connected.

Google IP is accessible. is accessible. is accessible.

Windows Firewall:


Firewall Disabled Policy:


System Restore:


System Restore Disabled Policy:


Other Services:


File Check:


C:\Windows\system32\nsisvc.dll => File is digitally signed

C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed

C:\Windows\system32\dhcpcore.dll => File is digitally signed

C:\Windows\system32\Drivers\afd.sys => File is digitally signed

C:\Windows\system32\Drivers\tdx.sys => File is digitally signed

C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed

C:\Windows\system32\dnsrslvr.dll => File is digitally signed

C:\Windows\system32\mpssvc.dll => File is digitally signed

C:\Windows\system32\bfe.dll => File is digitally signed

C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed

C:\Windows\system32\SDRSVC.dll => File is digitally signed

C:\Windows\system32\vssvc.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

**** End of log ****

Link to post
Share on other sites

Lynda, i need you to run an OTL fix for me !


We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLDRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\LYNDAB~1\AppData\Local\Temp\mbr.sys -- (mbr)DRV - File not found [Kernel | Auto | Stopped] -- -- (LMIInfo)IE - HKLM\..\URLSearchHook: {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value foundIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" ={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}: "URL" ={searchTerms}&src=iesearchE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" ={searchTerms}&{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MXGB_enUS521[2012/09/10 07:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensionsO2 - BHO: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - {26605315-8a79-4ff6-bbb9-63363b9d86b3} - No CLSID value found.O13 - gopher Prefix: missingO21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log that i wrote the script for = OTL Fix !








Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>>

Link 2 >>>

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

Post this log when you have time !


We are close to having it clean so hang with me a bit longer !




Link to post
Share on other sites

All processes killed

========== OTL ==========

Error: No service named mbr was found to stop!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mbr deleted successfully.

File C:\Users\LYNDAB~1\AppData\Local\Temp\mbr.sys not found.

Service LMIInfo stopped successfully!

Service LMIInfo deleted successfully!

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{26605315-8a79-4ff6-bbb9-63363b9d86b3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26605315-8a79-4ff6-bbb9-63363b9d86b3}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1d89ae7-449d-4929-b24b-fded04adbe06}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.

C:\Program Files\Mozilla Firefox\extensions folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26605315-8a79-4ff6-bbb9-63363b9d86b3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26605315-8a79-4ff6-bbb9-63363b9d86b3}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{26605315-8a79-4ff6-bbb9-63363b9d86b3} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{26605315-8a79-4ff6-bbb9-63363b9d86b3}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========


User: All Users

User: Default

User: Default User

User: Duane

User: kayla ford

User: Lynda Bincent

->Java cache emptied: 34171 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


User: All Users

User: Default

User: Default User

User: Duane

User: kayla ford

User: Lynda Bincent

->Flash cache emptied: 9055 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Duane

User: kayla ford

->Temp folder emptied: 40348 bytes

->Temporary Internet Files folder emptied: 139714 bytes

User: Lynda Bincent

->Temp folder emptied: 141848968 bytes

->Temporary Internet Files folder emptied: 509225020 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 8242566 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 227648 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 107425661 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 732.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

System Restore Service not available.

OTL by OldTimer - Version log created on 06162014_135307

Files\Folders moved on Reboot...

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XHAW0PZT\like[6].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U1H1Q0F3\page-2[1].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\2q6dNtNfG1YHziVjQ1hUSA[1].woff moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\ads[2].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\ads[3].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\sNpRL69iYnSa-pHm90cZTA[1].woff moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\V80PAcvrynR[1].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PRLKX5XI\V80PAcvrynR[2].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\NOC79VZO\zrt_lookup[1].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KT13U8AS\fastbutton[1].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2HEHXUX6\postmessageRelay[1].htm moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\16QE2OZL\dds[1].scr moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

C:\Users\Lynda Bincent\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.84

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````


Adobe Flash Player

Google Chrome 29.0.1547.66

Google Chrome 35.0.1916.153

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Ok Lynda lets do some clean up of the programs we ran !


Clean up with OTL

    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.





Do you have a good Antivirus ?? I can recommend a great free one ?






Make sure to visit the Secunia Software Inspector
and update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.


You can keep this program or remove after you download & run it to see if anything is out of date !






Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.

adblock plus

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
Online Armor Free
Agnitum Outpost Firewall Free
Comodo Firewall Free
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
6.WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
7. Finally, I strongly recommend that you read Miekiemoes' great advice How to prevent malware .



Let me know how it's running, it might be a tad slow but will speed up after a few normal reboots !!



Happy Surfing



Link to post
Share on other sites

I will close this topic after 5 days !! If for some reason you need it re-opened please PM me or another mod !

If you feel we have done a good job please refer Besttechie & flashh4 (Chuck) to others !




Link to post
Share on other sites
This topic is now closed to further replies.