cant stop popups/slow computer

[ksoreide]

pop ups everytime i click anywhere... lots of delays in windows... internet explorer quit working

[flashh4]

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT


    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



    Download Malwarebytes' Anti-Malware (save it to your desktop).  >>>   http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14079554978349&key=bf4adfcbb328b51c165afd7f95bfc060&libId=42688bc4-849b-499e-80b4-6ff4c3b395d8&loc=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fshowtopic%3D128466&v=1&out=http%3A%2F%2Fwww.malwarebytes.org%2Fmbam-download.php&ref=http%3A%2F%2Fforums.whatthetech.com%2Findex.php%3Fs%3De77133f793c31b8c04786ca55ed0fbe6%26showforum%3D27&title=Windows%208%20very%20slow%20and%20drops%20wi-fi%20%5BSolved%5D%20-%20Virus%2C%20Spyware%20%26%20Malware%20Removal&txt=%3Cspan%20style%3D%22color%3A%230000FF%3B%22%3E%3Cstrong%3EMalwarebytes%27%20Anti-Malware%3C%2Fstrong%3E%3C%2Fspan%3E

      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      *  Select Scan tab.



* Select type of scan to perform:


   
  * Threat Scan < --- Select this type of scan
  * Custom Scan
  * Hyper Scan

Next click the Scan button.

When the scan is complete, if no malicious items are found you can close the program.

If malicious items are found be sure that everything is checked, and click Quarantine .

When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
 
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
 

 

Post the logs as you get them, then go to the next in line !

 

Thanks

Chuck

[flashh4]

If you need you can post questions here also ! Or make comments !!

 

Chuck

[ksoreide]

# AdwCleaner v3.216 - Report created 02/11/2014 at 16:47:25

# Updated 17/07/2014 by Xplode

# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)

# Username : Cory - CORY-PC

# Running from : C:\Users\Cory\AppData\Local\Temp\a2oixkbxSh\wmu29W5Cwq\adwcleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

Service Deleted : CltMngSvc

[#] Service Deleted : globalUpdate

[#] Service Deleted : globalUpdatem

Service Deleted : Wajam Internet Enhancer Service

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Optimizer Pro

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam

Folder Deleted : C:\Program Files\Ask.com

Folder Deleted : C:\Program Files\globalUpdate

Folder Deleted : C:\Program Files\SearchProtect

Folder Deleted : C:\Program Files\System Optimizer Pro

Folder Deleted : C:\Program Files\Wajam

Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

Folder Deleted : C:\Users\Cory\AppData\Local\AskToolbar

Folder Deleted : C:\Users\Cory\AppData\Local\globalUpdate

Folder Deleted : C:\Users\Cory\AppData\Local\SearchProtect

Folder Deleted : C:\Users\Cory\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Cory\AppData\LocalLow\visi_coupon

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage

File Deleted : C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

File Deleted : C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage

File Deleted : C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal

File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job

File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore

File Deleted : C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job

File Deleted : C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA

File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-1.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-1

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-11.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-11

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-2.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-2

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-3.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-3

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-4.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-4

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-5.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-5

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-5_user.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-5_user

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-6.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-6

File Deleted : C:\Windows\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-7.job

File Deleted : C:\Windows\System32\Tasks\ce482cd0-131f-4f88-8c9c-50aace996083-7

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CA753AE1-DBDC-4F72-A596-1A89615DDFC8}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CA753AE1-DBDC-4F72-A596-1A89615DDFC8}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0A40F0D-94FB-4F15-9453-B46E1451222A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0A40F0D-94FB-4F15-9453-B46E1451222A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D6D7E97-16D7-48E9-8152-C541290155E6}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D6D7E97-16D7-48E9-8152-C541290155E6}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3617A497-2B7B-40B9-ACCA-028BA7DEE90A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3617A497-2B7B-40B9-ACCA-028BA7DEE90A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4349D8A-6BDF-4805-B354-CEA3F222AB2B}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4349D8A-6BDF-4805-B354-CEA3F222AB2B}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F01E1C5D-45B8-417C-A8B2-939F6B379C0F}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F01E1C5D-45B8-417C-A8B2-939F6B379C0F}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E5791E98-DD43-4C56-8B3B-D30F403CA62C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E5791E98-DD43-4C56-8B3B-D30F403CA62C}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{009C0529-A3FD-43B4-AC0E-8CD256B5DD52}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{009C0529-A3FD-43B4-AC0E-8CD256B5DD52}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1C6D4FE1-3E0E-413E-AA16-6F251FB130B8}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1C6D4FE1-3E0E-413E-AA16-6F251FB130B8}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{485D6B4F-DA33-4713-AC0C-B7566CEAC59A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{485D6B4F-DA33-4713-AC0C-B7566CEAC59A}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{26398B9D-1DF3-49C2-8BDD-F6B6EF4AE226}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26398B9D-1DF3-49C2-8BDD-F6B6EF4AE226}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE0BDE24-22B2-4001-92BD-87350AE3093F}

[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE0BDE24-22B2-4001-92BD-87350AE3093F}

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [search Protection]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171162}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172262}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175562}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176662}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644174462}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171162}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171162}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110611171162}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\AskToolbar

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\Wajam

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKLM\Software\GlobalUpdate

Key Deleted : HKLM\Software\installedbrowserextensions

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\Wajam

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v9.0.8112.16584

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [searchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

 

-\\ Google Chrome v38.0.2125.111

 

[ File : C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [16290 octets] - [02/11/2014 16:29:50]

AdwCleaner[R1].txt - [16719 octets] - [02/11/2014 16:44:43]

AdwCleaner[s0].txt - [16377 octets] - [02/11/2014 16:47:25]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [16438 octets] ##########

 

[flashh4]

Great job Kate, that cleaned a bunch but i can see more that will be removed with other programs !

 

Post the other logs as you get them, i am keeping a close eye on you here !

 

Thanks

Chuck

[ksoreide]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.5 (10.31.2014:1)

OS: Windows Vista Home Premium x86

Ran by Cory on Sun 11/02/2014 at 17:21:44.19

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"

 

 

 

~~~ Files

 

Successfully deleted: [File] "C:\Users\Cory\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage"

Successfully deleted: [File] "C:\Users\Cory\appdata\local\google\chrome\user data\default\local storage\http_www.superfish.com_0.localstorage-journal"

Successfully deleted: [File] "C:\Users\Cory\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage"

Successfully deleted: [File] "C:\Users\Cory\appdata\local\google\chrome\user data\default\local storage\https_inst.shoppingate.info_0.localstorage-journal"

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Users\Cory\appdata\locallow\yahoocouponaddon"

Successfully deleted: [Empty Folder] C:\Users\Cory\appdata\local\{43EBCA0D-70AF-4A05-965B-B14C2590B16D}

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Cory\appdata\local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 11/02/2014 at 17:26:54.94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[flashh4]

Looking better as we go ! Now with the Malwarebytes log !

 

There will be more programs for us to run after i read threw the logs you are posting !

 

Chuck

[flashh4]

Kate, here is the new programs i will need from you after i get the Malwarebytes log ! So do them as your time permits you !

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com




==========================

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:

 

DDS log(s)

OTL.txt and Extras.txt (if a Extras.txt is produced)


Thanks
Chuck

[ksoreide]

DDS (Ver_2012-11-20.01) - NTFS_x86 

Internet Explorer: 9.0.8112.16584

Run by Cory at 19:45:27 on 2014-11-02

Microsoft® Windows Vistaâ„¢ Home Premium   6.0.6002.2.1252.1.1033.18.3060.1432 [GMT -7:00]

.

AV: avast! Internet Security *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Internet Security *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\Common Files\COMODO\launcher_service.exe

C:\Windows\system32\SLsvc.exe

C:\Program Files\Dell\DellDock\DockLogin.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Alwil Software\Avast5\afwServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

C:\Users\Cory\AppData\Roaming\VOPackage\VOsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe

C:\Windows\RtHDVCpl.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\COMODO\GeekBuddy\unit_manager.exe

C:\Program Files\COMODO\GeekBuddy\unit.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Windows\system32\msiexec.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com

uWindow Title = Windows Internet Explorer provided by Yahoo!

uSearch Bar = www.google.com

uSearch Page = www.google.com

mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

uProxyOverride = <-loopback>

uSearchAssistant = www.google.com

uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

mURLSearchHooks: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn1\YNanoClient_IE.dll

BHO: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn1\YNanoClient_IE.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn4\YTSingleInstance.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: Yahoo! Axis for IE: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - c:\program files\yahoo!\ynanoclient\cpn1\YNanoClient_IE.dll

uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe

uRun: [YSearchProtection] c:\program files\yahoo!\search protection\SearchProtection.exe

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [PCKeeper2] "c:\program files\kromtech\pckeeper\PCKeeper.exe" /autorun

mRun: [RtHDVCpl] RtHDVCpl.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m

mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter

mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave

mRunOnce: [VOPackage] c:\users\cory\appdata\roaming\vopackage\VOPackage.exe /runonce

mRunOnce: [upospd_us_349.exe] c:\users\cory\appdata\local\ospd_us_349\upospd_us_349.exe -runonce

StartupFolder: c:\users\cory\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe

StartupFolder: c:\users\cory\appdata\roaming\micros~1\windows\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll

TCP: NameServer = 192.168.0.1 205.171.2.25

TCP: Interfaces\{B3D6E85A-AF8F-4DAD-A080-9DE1998C8446} : DHCPNameServer = 192.168.0.1 205.171.2.25

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll 

LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\38.0.2125.111\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

============= SERVICES / DRIVERS ===============

.

R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2013-7-26 12112]

R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2013-7-26 204784]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-26 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-26 175176]

R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-9-22 208888]

R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2013-7-26 104752]

R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-7-26 21576]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-26 770344]

R1 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys [2014-6-25 35064]

R1 HMD;COMODO livePCsupport Hardware Monitor Driver;c:\windows\system32\drivers\hmd.sys [2014-6-25 15400]

R1 RapportCerberus_80055;RapportCerberus_80055;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80055.sys [2014-10-21 430264]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-9-22 251288]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2014-9-22 332696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-8 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-8 46808]

R2 avast! Firewall;avast! Firewall;c:\program files\alwil software\avast5\afwServ.exe [2013-7-26 137960]

R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2014-9-25 70864]

R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-23 155648]

R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 GeekBuddyRSP;GeekBuddyRSP Server;c:\program files\common files\comodo\GeekBuddyRSP.exe [2014-9-24 2327248]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-9-22 1919256]

R2 servervo;VO Service component;c:\users\cory\appdata\roaming\vopackage\VOsrv.exe [2014-11-2 89600]

R2 YNanoService;Yahoo! NanoClient Service;c:\program files\yahoo!\ynanoclient\cpn0\YNanoService.exe [2012-7-25 157016]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\hp\common\HPSupportSolutionsFrameworkService.exe [2014-3-6 49464]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-19 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-11-2 114904]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]

.

=============== Created Last 30 ================

.

2014-11-03 02:36:59 -------- d-----w- c:\programdata\2308189059

2014-11-03 01:34:07 -------- d-----w- c:\users\cory\appdata\local\Kromtech

2014-11-03 01:33:54 -------- d-----w- c:\users\cory\appdata\local\Zeoinsight

2014-11-03 01:33:53 -------- d-----w- c:\users\cory\appdata\local\ZBAnalyticsCore

2014-11-03 01:32:41 -------- d-----w- c:\programdata\Systweak

2014-11-03 01:32:39 -------- d-----w- c:\program files\ASP

2014-11-03 01:32:36 17136 ----a-w- c:\windows\system32\sasnative32.exe

2014-11-03 01:29:11 -------- d-----w- c:\users\cory\appdata\local\SearchProtect

2014-11-03 01:27:34 -------- d-----w- c:\users\cory\appdata\roaming\Systweak

2014-11-03 01:27:31 18280 ----a-w- c:\windows\system32\roboot.exe

2014-11-03 01:27:23 -------- d-----w- c:\program files\RCP

2014-11-03 01:25:55 -------- d-----w- c:\program files\SearchProtect

2014-11-03 01:24:34 -------- d-----w- c:\program files\Super Optimizer

2014-11-03 01:21:34 -------- d-----w- c:\program files\CommonShare

2014-11-03 01:19:49 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-11-03 01:18:55 75480 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-11-03 01:18:55 51928 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-11-03 01:18:54 23256 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-11-03 01:18:54 -------- d-----w- c:\programdata\Malwarebytes

2014-11-03 01:18:54 -------- d-----w- c:\program files\Malwarebytes Anti-Malware

2014-11-03 01:12:28 -------- d-----w- c:\users\cory\appdata\roaming\VOPackage

2014-11-03 01:01:58 -------- d-----w- c:\users\cory\appdata\local\ospd_us_349

2014-11-03 01:01:57 -------- d-----w- c:\program files\ospd_us_349

2014-11-03 01:01:30 -------- d-----w- c:\program files\LPT

2014-11-03 00:58:46 -------- d-----w- c:\users\cory\appdata\local\LPT

2014-11-03 00:58:42 -------- d-----w- c:\users\cory\appdata\local\Smartbar

2014-11-03 00:53:41 -------- d-----w- c:\programdata\Kromtech

2014-11-03 00:21:33 -------- d-----w- c:\windows\ERUNT

2014-11-02 23:31:28 536576 ----a-w- c:\windows\system32\sqlite3.dll

2014-11-02 23:29:41 -------- d-----w- C:\AdwCleaner

2014-11-02 21:54:16 8901368 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{698f0946-f545-48c0-babe-450683494793}\mpengine.dll

2014-10-23 00:35:09 -------- d-----w- c:\program files\common files\COMODO

2014-10-18 09:05:29 81560 ----a-w- c:\windows\system32\mscories.dll

2014-10-18 09:05:29 156824 ----a-w- c:\windows\system32\mscorier.dll

2014-10-18 09:05:29 1131664 ----a-w- c:\windows\system32\dfshim.dll

2014-10-18 09:03:05 2054656 ----a-w- c:\windows\system32\win32k.sys

2014-10-18 09:02:31 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys

2014-10-18 09:00:29 66560 ----a-w- c:\windows\system32\packager.dll

.

==================== Find3M  ====================

.

2014-10-28 13:35:00 229000 ------w- c:\windows\system32\MpSigStub.exe

2014-09-29 17:15:18 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2014-09-29 17:15:18 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2014-09-23 04:04:42 208888 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2014-09-19 22:44:32 1810432 ----a-w- c:\windows\system32\jscript9.dll

2014-09-19 22:38:15 1129472 ----a-w- c:\windows\system32\wininet.dll

2014-09-19 22:37:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2014-09-19 22:36:04 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2014-09-19 22:35:46 421376 ----a-w- c:\windows\system32\vbscript.dll

2014-09-19 22:34:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2014-09-19 22:34:22 11776 ----a-w- c:\windows\system32\mshta.exe

2014-09-09 06:24:46 2048 ----a-w- c:\windows\system32\tzres.dll

2014-08-23 01:03:46 297984 ----a-w- c:\windows\system32\gdi32.dll

.

============= FINISH: 19:46:23.54 ===============

[ksoreide]

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft® Windows Vistaâ„¢ Home Premium 

Boot Device: \Device\HarddiskVolume3

Install Date: 12/18/2008 8:01:18 PM

System Uptime: 11/2/2014 7:23:16 PM (0 hours ago)

.

Motherboard: Dell Inc. |  | 0RY007

Processor: Pentium® Dual-Core  CPU      E5200  @ 2.50GHz | Socket 775 | 2500/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 145.62 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 4.49 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0000

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter

PNP Device ID: ROOT\*6TO4MP\0000

Service: tunnel

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Microsoft 6to4 Adapter

Device ID: ROOT\*6TO4MP\0002

Manufacturer: Microsoft

Name: Microsoft 6to4 Adapter #2

PNP Device ID: ROOT\*6TO4MP\0002

Service: tunnel

.

==== System Restore Points ===================

.

RP576: 8/18/2014 3:00:25 AM - Windows Update

RP577: 8/20/2014 7:21:16 AM - Scheduled Checkpoint

RP578: 9/4/2014 7:42:15 PM - Windows Update

RP579: 9/5/2014 3:00:11 AM - Windows Update

RP580: 9/18/2014 11:57:47 AM - Windows Update

RP581: 9/21/2014 3:42:41 PM - Windows Update

RP582: 9/22/2014 8:44:15 PM - Scheduled Checkpoint

RP583: 9/24/2014 6:45:06 PM - Windows Update

RP584: 9/29/2014 11:17:22 AM - Windows Update

RP585: 10/1/2014 3:41:33 PM - Scheduled Checkpoint

RP586: 10/1/2014 4:35:04 PM - Installed Rapport

RP587: 10/17/2014 8:49:10 PM - Windows Update

RP588: 10/18/2014 3:00:14 AM - Windows Update

RP591: 10/21/2014 11:31:58 AM - Installed Rapport

RP592: 10/21/2014 12:04:19 PM - Windows Update

RP593: 10/28/2014 8:19:38 PM - Windows Update

RP594: 11/2/2014 2:51:55 PM - Windows Update

RP595: 11/2/2014 7:13:49 PM - avast! Internet Security Setup

RP596: 11/2/2014 7:39:13 PM - Removed PCKeeper

RP597: 11/2/2014 7:40:19 PM - Removed KromtechAccountService

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 15 ActiveX

Adobe Reader 9

Advanced-System Protector

Apple Application Support

Apple Mobile Device Support

Apple Software Update

avast! Internet Security

Bonjour

Browser Address Error Redirector

Compatibility Pack for the 2007 Office system

D3DX10

Dell-eBay

Dell Best of Web

Dell DataSafe Online

Dell Dock

Dell Getting Started Guide

Dell Remote Access

Dell Support Center (Support Software)

DELL0604

EDocs

GeekBuddy

Google Chrome

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.514

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

HP Support Solutions Framework

Intel® PRO Network Connections 12.1.11.0

iTunes

Java 6 Update 7

Junk Mail filter update

LimeWire 5.5.16

Malwarebytes Anti-Malware version 2.0.3.1025

McAfee Security Scan Plus

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Automated Troubleshooting Services Shim

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

QuickTime 7

Rapport

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Search Protect

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Segoe UI

Snap.Do

Snap.Do Engine

Trusteer Endpoint Protection

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

VoiceOver Kit

WildTangent Games

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Axis

Yahoo! Search Protection

Yahoo! Software Update

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

11/2/2014 7:30:44 PM, Error: Service Control Manager [7022]  - The PCKeeper Service service hung on starting.

11/2/2014 7:29:34 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error 5 (0x5).

11/2/2014 7:29:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.

11/2/2014 7:29:34 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Advanced Networking Service service to connect.

11/2/2014 7:29:34 PM, Error: Service Control Manager [7000]  - The HP Support Solutions Framework Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

11/2/2014 7:27:02 PM, Error: EventLog [6008]  - The previous system shutdown at 7:21:31 PM on 11/2/2014 was unexpected.

11/2/2014 6:29:09 PM, Error: Service Control Manager [7000]  - The SPPD service failed to start due to the following error:  The specified procedure could not be found.

.

==== End Of File ===========================

[ksoreide]

thats both of the DDS file logs

[flashh4]

OK, i need you to go back to Control Panel/ Uninstall programs and uninstall Javaâ„¢ 6 Update 7 !!!!

This is the reason you were so badly infected >>>   LimeWire 5.5.16, it is call a P2P (peer to peer) program, if i was you i would remove it, if not please do not use it while we are cleaning the computer ! I would like to see it removed tho, it can be done in the Control Panel also !!

 

Chuck

[ksoreide]

removing both now...

[ksoreide]

OTL Extras logfile created on: 11/2/2014 7:52:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cory\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.15% Memory free

6.21 Gb Paging File | 4.70 Gb Available in Paging File | 75.78% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 145.12 Gb Free Space | 65.14% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.90% Space Free | Partition Type: NTFS

 

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79B9250E-3714-4877-A2B0-D6C1E93E471A}" = GeekBuddy

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81E14A67-42ED-4DD0-AE08-366FE3D3102E}" = HP Support Solutions Framework

"{8956ABAC-F1A3-4AED-9D71-10C9084C081D}" = Snap.Do

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay

"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1" = Advanced-System Protector

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"avast" = avast! Internet Security

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"GoToAssist" = GoToAssist 8.0.0.514

"LimeWire" = LimeWire 5.5.16

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PROSetDX" = Intel® PRO Network Connections 12.1.11.0

"Rapport_msi" = Trusteer Endpoint Protection

"RealPlayer 15.0" = RealPlayer

"SearchProtect" = Search Protect

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! NanoClient" = Yahoo! Axis

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79931338-8266-46d9-9889-4166859248de}" = Snap.Do Engine

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/2/2014 9:02:15 PM | Computer Name = Cory-PC | Source = Perflib | ID = 1008

Description = 

 

Error - 11/2/2014 10:14:07 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 11/2/2014 10:14:07 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 11/2/2014 10:14:07 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1170

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1170

 

Error - 11/2/2014 10:21:35 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 11/2/2014 10:21:35 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2730

 

Error - 11/2/2014 10:29:32 PM | Computer Name = Cory-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 11/2/2014 8:37:30 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 11/2/2014 8:37:30 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11/2/2014 9:29:09 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 11/2/2014 10:27:02 PM | Computer Name = Cory-PC | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:21:31 PM on 11/2/2014 was unexpected.

 

Error - 11/2/2014 10:29:34 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7024

Description = 

 

Error - 11/2/2014 10:29:34 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11/2/2014 10:29:34 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11/2/2014 10:29:34 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 11/2/2014 10:30:44 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7022

Description = 

 

 

< End of report >

[ksoreide]

OTL logfile created on: 11/2/2014 7:52:41 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cory\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 49.15% Memory free

6.21 Gb Paging File | 4.70 Gb Available in Paging File | 75.78% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 145.12 Gb Free Space | 65.14% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.90% Space Free | Partition Type: NTFS

 

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/11/02 19:50:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cory\Downloads\OTL.com

PRC - [2014/11/02 18:45:49 | 000,089,600 | ---- | M] () -- C:\Users\Cory\AppData\Roaming\VOPackage\VOsrv.exe

PRC - [2014/10/21 21:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/09/25 06:04:48 | 000,258,256 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit_manager.exe

PRC - [2014/09/25 06:04:48 | 000,243,920 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\COMODO\GeekBuddy\unit.exe

PRC - [2014/09/25 06:04:46 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\launcher_service.exe

PRC - [2014/09/24 14:09:32 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

PRC - [2014/09/22 21:04:34 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2014/09/22 21:04:34 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2014/04/09 06:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2013/05/09 01:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe

PRC - [2012/07/25 08:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/11/03 07:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/10/04 11:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/09/23 20:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe

PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/05/11 06:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/10/21 21:05:00 | 014,902,600 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

MOD - [2014/10/21 21:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

MOD - [2014/10/21 21:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

MOD - [2014/10/21 10:58:25 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\77e3187042597b719af1e5f16096ea22\MenuSkinning.ni.dll

MOD - [2014/10/21 10:58:06 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\df2a920b8e863d14ab8503f96c7b3ecd\VistaBridgeLibrary.ni.dll

MOD - [2014/10/21 10:58:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\738c8aa4347b36988f555005a63cb9a0\System.Management.ni.dll

MOD - [2014/10/21 10:58:01 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\26f446df5bd21dd338a855e2c2f87073\DellDock.ni.exe

MOD - [2014/10/21 10:57:59 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\f411f628b6029786818987206112b525\MyDock.Util.ni.dll

MOD - [2014/10/21 10:57:39 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a853267710221e6c57a5249dcf5511b8\System.Web.Services.ni.dll

MOD - [2014/10/21 10:57:27 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a98a13deac020eca5e7dcb5ebb2b7414\System.Configuration.ni.dll

MOD - [2014/10/21 10:36:20 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a224433c0fb9281862f36823e86822fc\System.Xml.ni.dll

MOD - [2014/10/21 10:36:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f32d5986039f142f6e4f412de7c8901c\System.Windows.Forms.ni.dll

MOD - [2014/10/21 10:35:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\65897bde93bce2462330f19ef677477d\System.Drawing.ni.dll

MOD - [2014/10/21 10:32:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll

MOD - [2014/09/22 19:00:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\6ccc2f167855025c161a81628c49f88f\Accessibility.ni.dll

MOD - [2014/09/22 18:57:58 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll

MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008/11/03 07:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2008/11/03 07:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll

MOD - [2008/11/03 07:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2008/11/03 07:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll

MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll

MOD - [2008/11/03 07:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\‮ﯹ๛\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\???\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe <] -- (‮etadpug)

SRV - [2014/11/02 18:45:49 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Users\Cory\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)

SRV - [2014/09/29 10:15:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/09/25 06:04:46 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)

SRV - [2014/09/24 14:09:32 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)

SRV - [2014/09/22 21:04:34 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2014/04/09 06:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)

SRV - [2014/03/06 14:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)

SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/05/09 01:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV - [2012/07/25 08:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)

SRV - [2008/12/19 01:20:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2008/09/30 08:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Stopped] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)

SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/07/04 16:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\syvbdlxk.sys -- (syvbdlxk)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Cory\AppData\Local\Temp\mbr.sys -- (mbr)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - [2014/11/02 18:19:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2014/10/21 10:35:56 | 000,430,264 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys -- (RapportCerberus_80055)

DRV - [2014/09/22 21:04:42 | 000,332,696 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2014/09/22 21:04:42 | 000,251,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2014/09/22 21:04:42 | 000,208,888 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2014/06/25 22:33:56 | 000,015,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\hmd.sys -- (HMD)

DRV - [2014/06/25 22:33:42 | 000,035,064 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)

DRV - [2013/07/27 06:37:11 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/07/27 06:37:09 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/05/09 01:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2013/05/09 01:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2013/05/09 01:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2013/03/13 11:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)

DRV - [2008/06/17 10:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)

DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49905;https=127.0.0.1:49905

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49905;https=127.0.0.1:49905

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com/Results.aspx?gd=&ctid=CT3330120&octid=EB_ORIGINAL_CTID&ISID=MEF5F6DCD-82AA-4E58-A28B-2A33D4DBCC44&SearchSource=58&CUI=&UM=6&UP=SP164368FF-CF6B-4DE1-8124-B213BE3A6526&q={searchTerms}&SSPV=

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes\{B8D847CD-B359-41A4-B7AE-90E1EB92D0D5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/05 20:17:25 | 000,000,000 | ---D | M]

 

[2009/02/28 11:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cory\AppData\Roaming\Mozilla\Extensions

[2009/02/28 11:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cory\AppData\Roaming\Mozilla\Extensions\[email protected]

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms},

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\

CHR - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

CHR - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

 

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000..\Run: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun File not found

O4 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKLM..\RunOnce: [upospd_us_349.exe] C:\Users\Cory\AppData\Local\ospd_us_349\upospd_us_349.exe ()

O4 - HKLM..\RunOnce: [VOPackage] C:\Users\Cory\AppData\Roaming\VOPackage\VOPackage.exe ()

O4 - Startup: C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3D6E85A-AF8F-4DAD-A080-9DE1998C8446}: DhcpNameServer = 192.168.0.1 205.171.2.25

O20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/02 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059

[2014/11/02 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Kromtech

[2014/11/02 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Zeoinsight

[2014/11/02 18:33:53 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\ZBAnalyticsCore

[2014/11/02 18:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak

[2014/11/02 18:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASP

[2014/11/02 18:29:11 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\SearchProtect

[2014/11/02 18:27:34 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\Systweak

[2014/11/02 18:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\RCP

[2014/11/02 18:26:59 | 000,000,000 | ---D | C] -- C:\Users\Cory\Documents\Optimizer Pro

[2014/11/02 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect

[2014/11/02 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Super Optimizer

[2014/11/02 18:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\CommonShare

[2014/11/02 18:19:49 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/02 18:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/11/02 18:18:55 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2014/11/02 18:18:55 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2014/11/02 18:18:54 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2014/11/02 18:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/11/02 18:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/11/02 18:12:28 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\VOPackage

[2014/11/02 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\ospd_us_349

[2014/11/02 18:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY

[2014/11/02 18:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ospd_us_349

[2014/11/02 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\LPT

[2014/11/02 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\LPT

[2014/11/02 17:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Smartbar

[2014/11/02 17:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech

[2014/11/02 17:21:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/11/02 16:31:28 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/11/02 16:29:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/10/22 17:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2014/10/22 17:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO

[2014/10/18 02:05:29 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2014/10/18 02:05:29 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2014/10/18 02:03:05 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2014/10/18 02:00:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2014/10/17 20:03:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/10/17 20:03:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/10/17 20:03:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/10/17 20:03:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/10/17 20:03:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/10/17 20:03:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/10/17 20:03:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/10/17 20:03:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/10/17 20:03:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/10/17 20:03:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/10/17 20:03:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/10/17 20:03:43 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2009/08/19 20:02:29 | 008,270,752 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Cory\AppData\Roaming\DataSafeDotNet.exe

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2014/11/02 19:35:44 | 000,641,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/11/02 19:35:44 | 000,119,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/11/02 19:33:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/11/02 19:33:47 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/11/02 19:28:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/11/02 19:26:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/11/02 19:26:40 | 3207,819,264 | -HS- | M] () -- C:\hiberfil.sys

[2014/11/02 19:14:19 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/11/02 19:08:27 | 000,000,878 | ---- | M] () -- C:\Users\Cory\Desktop\Continue Live Installation.lnk

[2014/11/02 18:48:56 | 000,024,064 | ---- | M] () -- C:\Users\Cory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/11/02 18:19:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/02 18:19:11 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/11/02 18:19:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/11/02 15:24:21 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/10/28 06:35:00 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2014/10/22 17:35:11 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

[2014/10/21 10:28:29 | 000,282,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2014/11/02 19:08:27 | 000,000,878 | ---- | C] () -- C:\Users\Cory\Desktop\Continue Live Installation.lnk

[2014/11/02 18:32:36 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe

[2014/11/02 18:27:31 | 000,018,280 | ---- | C] () -- C:\Windows\System32\roboot.exe

[2014/11/02 18:19:11 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/25 22:33:56 | 000,015,400 | ---- | C] () -- C:\Windows\System32\drivers\hmd.sys

[2013/12/24 11:21:39 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

[2013/12/24 11:21:32 | 000,004,760 | ---- | C] () -- C:\Windows\hphmdl11.dat

[2013/08/19 17:48:35 | 000,109,207 | ---- | C] () -- C:\Users\Cory\Golden Gate bridge night.jpg

[2013/08/10 08:27:17 | 000,003,854 | ---- | C] () -- C:\Users\Cory\Guitar.jpg

[2013/08/08 15:29:32 | 000,005,716 | ---- | C] () -- C:\Users\Cory\Midnight Riders logo.jpg

[2013/07/27 06:37:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/07/27 06:37:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/07/27 06:37:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/07/26 17:09:27 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/07/26 17:09:26 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/07/26 09:47:23 | 000,012,434 | ---- | C] () -- C:\Users\Cory\CenturyLink_Configuration_Details.mht

[2009/05/04 13:11:41 | 000,001,370 | ---- | C] () -- C:\Users\Cory\AppData\Roaming\wklnhst.dat

[2008/12/24 21:43:12 | 000,024,064 | ---- | C] () -- C:\Users\Cory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2011/07/11 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2011/11/14 09:26:47 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\LimeWire

[2014/11/02 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\Systweak

[2010/06/24 16:12:21 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\Template

[2014/11/02 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\VOPackage

[2008/12/24 22:04:06 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\WildTangent

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

 

< End of report >

[flashh4]

Kate, i have wrote you a script to run a OTL fix !

 

This fix is for this computer only, if ran on a different computer it may render it useless !!

 

====================

 

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the .  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLSRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\‮ﯹ๛\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\???\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe <] -- (‮etadpug)DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\syvbdlxk.sys -- (syvbdlxk)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Cory\AppData\Local\Temp\mbr.sys -- (mbr)DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://www.trovi.com...B213BE3A6526&q={searchTerms}&SSPV=IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes\{B8D847CD-B359-41A4-B7AE-90E1EB92D0D5}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found[2009/02/28 11:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cory\AppData\Roaming\Mozilla\Extensions[2009/02/28 11:11:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cory\AppData\Roaming\Mozilla\Extensions\[email protected] - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\CHR - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\CHR - Extension: No name found = C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000..\Run: [PCKeeper2] "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun File not foundO4 - Startup: C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk =  File not foundO13 - gopher Prefix: missingO20 - AppInit_DLLs: (c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll) -  File not found[2014/11/02 18:26:59 | 000,000,000 | ---D | C] -- C:\Users\Cory\Documents\Optimizer Pro[2014/11/02 18:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect[2014/11/02 18:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Super Optimizer :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

 

Please post that return log when you have it !!

 

Thanks

Chuck

[flashh4]

Kate, after you post the OTL fix log run this program so we can see if you need updates ??

 

Thanks

Chuck

[ksoreide]

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk not found!

File move failed. C:\Windows\temp\TMP00000001643F1C72B4CDF070 scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[ksoreide]

that is what popped up when i had to restart computer after OTL fix quit.  just wanted you to see that

[flashh4]

Kate,That is just showing it couldn't be found in the search it made !!

 

Chuck

[ksoreide]

OTL logfile created on: 11/4/2014 5:26:54 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cory\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.61% Memory free

6.20 Gb Paging File | 4.58 Gb Available in Paging File | 73.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 149.28 Gb Free Space | 67.01% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.90% Space Free | Partition Type: NTFS

 

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/11/04 17:26:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Cory\Downloads\OTL (2).com

PRC - [2014/11/02 18:45:49 | 000,089,600 | ---- | M] () -- C:\Users\Cory\AppData\Roaming\VOPackage\VOsrv.exe

PRC - [2014/10/21 21:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe

PRC - [2014/09/24 14:09:32 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe

PRC - [2014/09/22 21:04:34 | 002,607,384 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

PRC - [2014/09/22 21:04:34 | 001,919,256 | ---- | M] (IBM Corp.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

PRC - [2014/04/09 06:13:04 | 000,279,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

PRC - [2014/03/06 14:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe

PRC - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

PRC - [2013/05/09 01:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\afwServ.exe

PRC - [2012/07/25 08:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/11/03 07:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/10/04 11:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2008/09/30 08:03:14 | 000,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

PRC - [2008/09/30 08:03:12 | 000,464,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe

PRC - [2008/09/23 20:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe

PRC - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/05/11 06:26:44 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/10/21 21:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

MOD - [2014/10/21 21:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

MOD - [2014/10/21 10:58:25 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MenuSkinning\77e3187042597b719af1e5f16096ea22\MenuSkinning.ni.dll

MOD - [2014/10/21 10:58:06 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\df2a920b8e863d14ab8503f96c7b3ecd\VistaBridgeLibrary.ni.dll

MOD - [2014/10/21 10:58:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\738c8aa4347b36988f555005a63cb9a0\System.Management.ni.dll

MOD - [2014/10/21 10:58:01 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\DellDock\26f446df5bd21dd338a855e2c2f87073\DellDock.ni.exe

MOD - [2014/10/21 10:57:59 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyDock.Util\f411f628b6029786818987206112b525\MyDock.Util.ni.dll

MOD - [2014/10/21 10:57:39 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a853267710221e6c57a5249dcf5511b8\System.Web.Services.ni.dll

MOD - [2014/10/21 10:57:27 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\a98a13deac020eca5e7dcb5ebb2b7414\System.Configuration.ni.dll

MOD - [2014/10/21 10:36:20 | 005,465,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a224433c0fb9281862f36823e86822fc\System.Xml.ni.dll

MOD - [2014/10/21 10:36:01 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f32d5986039f142f6e4f412de7c8901c\System.Windows.Forms.ni.dll

MOD - [2014/10/21 10:35:52 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\65897bde93bce2462330f19ef677477d\System.Drawing.ni.dll

MOD - [2014/10/21 10:32:47 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf2c94955471d68d3708b1fbf613ae46\System.ni.dll

MOD - [2014/09/22 19:00:46 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\6ccc2f167855025c161a81628c49f88f\Accessibility.ni.dll

MOD - [2014/09/22 18:57:58 | 011,496,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\3444fbefcbd532181c499150ace644a4\mscorlib.ni.dll

MOD - [2014/03/23 16:04:20 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

MOD - [2014/02/12 19:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/02/12 19:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2008/11/03 07:54:00 | 001,745,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

MOD - [2008/11/03 07:54:00 | 000,262,384 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll

MOD - [2008/11/03 07:54:00 | 000,132,336 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll

MOD - [2008/11/03 07:54:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll

MOD - [2008/11/03 07:54:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll

MOD - [2008/11/03 07:54:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll

 

 

========== Services (SafeList) ==========

 

SRV - File not found [Disabled | Unknown] -- C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\‮ﯹ๛\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\???\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe <] -- (‮etadpug)

SRV - [2014/11/02 18:45:49 | 000,089,600 | ---- | M] () [Auto | Running] -- C:\Users\Cory\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)

SRV - [2014/09/29 10:15:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/09/25 06:04:46 | 000,070,864 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\COMODO\launcher_service.exe -- (CLPSLauncher)

SRV - [2014/09/24 14:09:32 | 002,327,248 | ---- | M] (Comodo Security Solutions, Inc.) [Auto | Running] -- C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe -- (GeekBuddyRSP)

SRV - [2014/09/22 21:04:34 | 001,919,256 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)

SRV - [2014/04/09 06:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService)

SRV - [2014/03/06 14:47:22 | 000,049,464 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)

SRV - [2013/05/09 01:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2013/05/09 01:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)

SRV - [2012/07/25 08:57:48 | 000,157,016 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\YNanoClient\cpn0\YNanoService.exe -- (YNanoService)

SRV - [2008/12/19 01:20:49 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/10/04 11:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter)

SRV - [2008/09/30 08:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)

SRV - [2008/09/23 20:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/07/04 16:17:48 | 000,164,600 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService)

SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

 

 

========== Driver Services (SafeList) ==========

 

DRV - [2014/11/02 18:19:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV - [2014/10/21 10:35:56 | 000,430,264 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80055.sys -- (RapportCerberus_80055)

DRV - [2014/09/22 21:04:42 | 000,332,696 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)

DRV - [2014/09/22 21:04:42 | 000,251,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)

DRV - [2014/09/22 21:04:42 | 000,208,888 | ---- | M] (IBM Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)

DRV - [2014/06/25 22:33:56 | 000,015,400 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\hmd.sys -- (HMD)

DRV - [2014/06/25 22:33:42 | 000,035,064 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\CFRMD.sys -- (CFRMD)

DRV - [2013/07/27 06:37:11 | 000,175,176 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)

DRV - [2013/07/27 06:37:09 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2013/05/09 01:59:10 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2013/05/09 01:59:10 | 000,049,376 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)

DRV - [2013/05/09 01:59:09 | 000,204,784 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)

DRV - [2013/05/09 01:59:09 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2013/05/09 01:59:09 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2013/05/09 01:59:09 | 000,021,576 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)

DRV - [2013/05/09 01:59:08 | 000,104,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)

DRV - [2013/03/13 11:01:58 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis)

DRV - [2008/06/17 10:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)

DRV - [2007/04/29 01:42:24 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKLM\..\URLSearchHook: {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

IE - HKLM\..\SearchScopes,DefaultScope = 

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49905;https=127.0.0.1:49905

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49905;https=127.0.0.1:49905

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..\SearchScopes\{D48F3AFA-E63A-42E7-81C3-AD8DA3D2C3F6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>

 

 

========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/07/05 20:17:25 | 000,000,000 | ---D | M]

 

 

========== Chrome  ==========

 

CHR - default_search_provider:  (Enabled)

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = http://suggest.seccint.com/CSuggestJson.ashx?prefix={searchTerms},

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll

CHR - plugin: Windows Live® Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

 

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Yahoo! Axis for IE) - {035FDC10-9F1D-430E-87DA-573FFBF5608D} - C:\Program Files\Yahoo!\YNanoClient\cpn1\YNanoClient_IE.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [tvncontrol] C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)

O4 - Startup: C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O7 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Policies\Microsoft\Internet Explorer\SearchScopes present

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-2920039684-3325085463-2878161145-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.2.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B3D6E85A-AF8F-4DAD-A080-9DE1998C8446}: DhcpNameServer = 192.168.0.1 205.171.2.25

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\inspiron_DT_1152x864_03.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/11/02 20:35:24 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/11/02 19:36:59 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059

[2014/11/02 18:34:07 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Kromtech

[2014/11/02 18:33:54 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Zeoinsight

[2014/11/02 18:33:53 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\ZBAnalyticsCore

[2014/11/02 18:32:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak

[2014/11/02 18:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\ASP

[2014/11/02 18:29:11 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\SearchProtect

[2014/11/02 18:27:34 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\Systweak

[2014/11/02 18:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\RCP

[2014/11/02 18:21:34 | 000,000,000 | ---D | C] -- C:\Program Files\CommonShare

[2014/11/02 18:19:49 | 000,114,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/02 18:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

[2014/11/02 18:18:55 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys

[2014/11/02 18:18:55 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys

[2014/11/02 18:18:54 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2014/11/02 18:18:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware

[2014/11/02 18:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2014/11/02 18:12:28 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\VOPackage

[2014/11/02 18:01:58 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\ospd_us_349

[2014/11/02 18:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONESOFTPERDAY

[2014/11/02 18:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ospd_us_349

[2014/11/02 18:01:30 | 000,000,000 | ---D | C] -- C:\Program Files\LPT

[2014/11/02 17:58:46 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\LPT

[2014/11/02 17:58:42 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Smartbar

[2014/11/02 17:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kromtech

[2014/11/02 17:21:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/11/02 16:31:28 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll

[2014/11/02 16:29:41 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/10/22 17:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO

[2014/10/22 17:35:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\COMODO

[2014/10/18 02:05:29 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll

[2014/10/18 02:05:29 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll

[2014/10/18 02:03:05 | 002,054,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2014/10/18 02:00:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll

[2014/10/17 20:03:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2014/10/17 20:03:47 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2014/10/17 20:03:47 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2014/10/17 20:03:47 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2014/10/17 20:03:47 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2014/10/17 20:03:47 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2014/10/17 20:03:46 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2014/10/17 20:03:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2014/10/17 20:03:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2014/10/17 20:03:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2014/10/17 20:03:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2014/10/17 20:03:43 | 001,810,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2009/08/19 20:02:29 | 008,270,752 | ---- | C] (Dell, Inc.                                                   ) -- C:\Users\Cory\AppData\Roaming\DataSafeDotNet.exe

 

========== Files - Modified Within 30 Days ==========

 

[2014/11/04 17:19:41 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/11/04 17:18:56 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/11/04 17:14:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/11/04 16:48:52 | 000,641,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2014/11/04 16:48:51 | 000,119,172 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2014/11/04 16:40:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2014/11/04 16:40:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2014/11/04 16:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/11/04 16:40:05 | 3209,875,456 | -HS- | M] () -- C:\hiberfil.sys

[2014/11/02 19:59:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2014/11/02 19:59:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2014/11/02 19:08:27 | 000,000,878 | ---- | M] () -- C:\Users\Cory\Desktop\Continue Live Installation.lnk

[2014/11/02 18:48:56 | 000,024,064 | ---- | M] () -- C:\Users\Cory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2014/11/02 18:19:49 | 000,114,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys

[2014/11/02 18:19:11 | 000,000,901 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/11/02 15:24:21 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2014/10/28 06:35:00 | 000,229,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2014/10/22 17:35:11 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk

[2014/10/21 10:28:29 | 000,282,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 

========== Files Created - No Company Name ==========

 

[2014/11/02 19:59:22 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS

[2014/11/02 19:59:22 | 000,000,000 | RHS- | C] () -- C:\IO.SYS

[2014/11/02 19:08:27 | 000,000,878 | ---- | C] () -- C:\Users\Cory\Desktop\Continue Live Installation.lnk

[2014/11/02 18:32:36 | 000,017,136 | ---- | C] () -- C:\Windows\System32\sasnative32.exe

[2014/11/02 18:27:31 | 000,018,280 | ---- | C] () -- C:\Windows\System32\roboot.exe

[2014/11/02 18:19:11 | 000,000,901 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/06/25 22:33:56 | 000,015,400 | ---- | C] () -- C:\Windows\System32\drivers\hmd.sys

[2013/12/24 11:21:39 | 000,036,864 | ---- | C] () -- C:\Windows\hpfsched.exe

[2013/12/24 11:21:32 | 000,004,760 | ---- | C] () -- C:\Windows\hphmdl11.dat

[2013/08/19 17:48:35 | 000,109,207 | ---- | C] () -- C:\Users\Cory\Golden Gate bridge night.jpg

[2013/08/10 08:27:17 | 000,003,854 | ---- | C] () -- C:\Users\Cory\Guitar.jpg

[2013/08/08 15:29:32 | 000,005,716 | ---- | C] () -- C:\Users\Cory\Midnight Riders logo.jpg

[2013/07/27 06:37:16 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum

[2013/07/27 06:37:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum

[2013/07/27 06:37:12 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum

[2013/07/26 17:09:27 | 000,175,176 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys

[2013/07/26 17:09:26 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys

[2013/07/26 09:47:23 | 000,012,434 | ---- | C] () -- C:\Users\Cory\CenturyLink_Configuration_Details.mht

[2009/05/04 13:11:41 | 000,001,370 | ---- | C] () -- C:\Users\Cory\AppData\Roaming\wklnhst.dat

[2008/12/24 21:43:12 | 000,024,064 | ---- | C] () -- C:\Users\Cory\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 

========== ZeroAccess Check ==========

 

[2006/11/02 05:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/03/25 06:26:04 | 011,587,584 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

========== LOP Check ==========

 

[2011/07/11 15:33:40 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1

[2014/11/02 18:32:51 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\Systweak

[2010/06/24 16:12:21 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\Template

[2014/11/02 18:46:01 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\VOPackage

[2008/12/24 22:04:06 | 000,000,000 | ---D | M] -- C:\Users\Cory\AppData\Roaming\WildTangent

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

 

< End of report >

[ksoreide]

OTL Extras logfile created on: 11/4/2014 5:26:54 PM - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Cory\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

2.99 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 48.61% Memory free

6.20 Gb Paging File | 4.58 Gb Available in Paging File | 73.91% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 222.78 Gb Total Space | 149.28 Gb Free Space | 67.01% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.49 Gb Free Space | 44.90% Space Free | Partition Type: NTFS

 

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

========== Firewall Settings ==========

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18D47FA1-0440-48D3-A7E0-DA09537FF471}" = Apple Mobile Device Support

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}" = iTunes

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604

"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B4AD1A9-E73A-4184-9D6B-072F8A3C5EBA}" = VoiceOver Kit

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{79B9250E-3714-4877-A2B0-D6C1E93E471A}" = GeekBuddy

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{81E14A67-42ED-4DD0-AE08-366FE3D3102E}" = HP Support Solutions Framework

"{8956ABAC-F1A3-4AED-9D71-10C9084C081D}" = Snap.Do

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support

"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay

"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access

"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~4A5BE654_is1" = Advanced-System Protector

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"avast" = avast! Internet Security

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"GoToAssist" = GoToAssist 8.0.0.514

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PROSetDX" = Intel® PRO Network Connections 12.1.11.0

"Rapport_msi" = Trusteer Endpoint Protection

"RealPlayer 15.0" = RealPlayer

"SearchProtect" = Search Protect

"WildTangent dell Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! NanoClient" = Yahoo! Axis

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{79931338-8266-46d9-9889-4166859248de}" = Snap.Do Engine

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 11/2/2014 10:14:07 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description = 

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1170

 

Error - 11/2/2014 10:21:34 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1170

 

Error - 11/2/2014 10:21:35 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 11/2/2014 10:21:35 PM | Computer Name = Cory-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 2730

 

Error - 11/2/2014 10:29:32 PM | Computer Name = Cory-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 11/3/2014 12:03:47 AM | Computer Name = Cory-PC | Source = Application Error | ID = 1000

Description = Faulting application OTL.com, version 3.2.69.0, time stamp 0x2a425e19,

 faulting module RPCRT4.dll, version 6.0.6002.18882, time stamp 0x51dd2d9c, exception

 code 0xc0000005, fault offset 0x000afaf5,  process id 0x15cc, application start time

 0x01cff71107dd290f.

 

Error - 11/4/2014 7:41:46 PM | Computer Name = Cory-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 11/4/2014 8:05:44 PM | Computer Name = Cory-PC | Source = Application Error | ID = 1000

Description = Faulting application OTL.scr, version 3.2.69.0, time stamp 0x2a425e19,

 faulting module ntdll.dll, version 6.0.6002.18881, time stamp 0x51da3e27, exception

 code 0xc0000005, fault offset 0x0004a152,  process id 0x13e4, application start time

 0x01cff88ac3819343.

 

[ System Events ]

Error - 11/2/2014 11:35:25 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 11/2/2014 11:35:26 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7031

Description = 

 

Error - 11/4/2014 7:43:32 PM | Computer Name = Cory-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 11/4/2014 7:43:32 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11/4/2014 7:43:32 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 11/4/2014 7:44:02 PM | Computer Name = Cory-PC | Source = DCOM | ID = 10005

Description = 

 

Error - 11/4/2014 7:44:02 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 11/4/2014 7:44:02 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 11/4/2014 7:59:35 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 11/4/2014 7:59:36 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7031

Description = 

 

 

< End of report >

[ksoreide]

All processes killed

========== OTL ==========

Error: No service named ‮etadpug was found to stop!

Unable to delete service\driver key ‮etadpug.

File C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\‮ﯹ๛\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe < [WARNING: C:\Program Files\Google\Desktop\Install\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\   \...\???\{f43d7468-0d77-6d66-ea35-25d35bdbc287}\GoogleUpdate.exe <] not found.

Error: No service named syvbdlxk was found to stop!

Service\Driver key syvbdlxk not found.

File C:\Windows\system32\drivers\syvbdlxk.sys not found.

Error: No service named NwlnkFwd was found to stop!

Service\Driver key NwlnkFwd not found.

File system32\DRIVERS\nwlnkfwd.sys not found.

Error: No service named NwlnkFlt was found to stop!

Service\Driver key NwlnkFlt not found.

File system32\DRIVERS\nwlnkflt.sys not found.

Error: No service named mbr was found to stop!

Service\Driver key mbr not found.

File C:\Users\Cory\AppData\Local\Temp\mbr.sys not found.

Error: No service named IpInIp was found to stop!

Service\Driver key IpInIp not found.

File system32\DRIVERS\ipinip.sys not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B8D847CD-B359-41A4-B7AE-90E1EB92D0D5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B8D847CD-B359-41A4-B7AE-90E1EB92D0D5}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.

Folder C:\Users\Cory\AppData\Roaming\Mozilla\Extensions\ not found.

Folder C:\Users\Cory\AppData\Roaming\Mozilla\Extensions\[email protected]\ not found.

File C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0 not found.

File C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0 not found.

File C:\Users\Cory\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0 not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-2920039684-3325085463-2878161145-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PCKeeper2 not found.

File move failed. C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~1\searchprotect\searchprotect\bin\spvc32loader.dll deleted successfully.

Folder C:\Users\Cory\Documents\Optimizer Pro\ not found.

Folder C:\Program Files\SearchProtect\ not found.

Folder C:\Program Files\Super Optimizer\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Cory

->Java cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Cory

->Flash cache emptied: 0 bytes

 

User: Default

 

User: Default User

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Cory

->Temp folder emptied: 48216 bytes

->Temporary Internet Files folder emptied: 753798 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 8396202 bytes

->Flash cache emptied: 0 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 34320893 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37957709 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 78.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 11042014_174626

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk not found!

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[flashh4]

Kate, that looks good ! Almost done !

 

I need a security check log please !

 

Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.

 

 

After you post the Security Check log do this:

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.


Let me know how it's running & if there is any other problems ??

 

Thanks

Chuck

[ksoreide]

Results of screen317's Security Check version 0.99.89  

 Windows Vista Service Pack 2 x86 (UAC is enabled)  

 Internet Explorer 9  

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

avast! Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Adobe Flash Player 10 Flash Player out of Date! 

 Adobe Reader 9 Adobe Reader out of Date! 

 Google Chrome 38.0.2125.104  

 Google Chrome 38.0.2125.111  

````````Process Check: objlist.exe by Laurent````````  

 Windows Defender MSASCui.exe 

 Windows Defender MSASCui.exe   

 Alwil Software Avast5 AvastSvc.exe  

 Alwil Software Avast5 afwServ.exe  

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 1 % 

````````````````````End of Log``````````````````````