daycare6 Posted March 7, 2016 Report Share Posted March 7, 2016 i need my computer cleaned out from stuff i dont need it is running to slow Link to post Share on other sites
flashh4 Posted March 7, 2016 Report Share Posted March 7, 2016 Howdy Lori and welcome to BestTechie !!! My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer. Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !! If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !! Perform all actions in the order given. Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up ! Do Not Remove anything or run any tools/programs until advised to do so ! Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections. If you think you have similar problems, please post a log in the Malware Removal forum and wait for help. =================================== AdwCleaner Please download adwcleaner by Xplode onto your desktop. Double click on AdwCleaner.exe to run the tool again. Windows XP : Double click on the icon to run it. Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" *Click on the Scan button. *AdwCleaner will begin to scan your computer like it did before. *After the scan has finished ....... This time, click on the "Clean" button. *Press OK when asked to close all programs and follow the onscreen prompts. *Press OK again to allow AdwCleaner to restart the computer and complete the removal process. *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. *Copy and paste the contents of that logfile in your next reply. *A copy of that logfile will also be saved in the C:\AdwCleaner folder. NEXT Please download Junkware Removal Tool and save to your desk top. Shut down your protection software now to avoid potential conflicts. * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator". * The tool will open and start scanning your system. * Please be patient as this can take a while to complete depending on your system's specifications. * On completion, a log (JRT.txt) is saved to your desktop and will automatically open. * Post the contents of JRT.txt into your next reply ! Re-Boot your computer now !! NEXT Download Malwarebytes' Anti-Malware (save it to your desktop). >>> https://www.malwarebytes.org/antimalware/ Click the FREE version !! * Windows XP : Double click on the icon to run it. * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator" * Select Scan tab. * Select type of scan to perform: * Threat Scan < --- Select this type of scan * Custom Scan * Hyper Scan Next click the Scan button. When the scan is complete, if no malicious items are found you can close the program. If malicious items are found be sure that everything is checked, and click Quarantine . When completed, a log will open in Notepad. Please save it to a convenient location and post the results. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot. NEXT Download DDS and save it to your Desktop. >>> DDS Double click dds.scr to run the tool. If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt. DDS will now scan your computer. When the scan is complete, DDS will open two (2) logs: DDS.txt Attach.txt If not saved these logs will be automatically deleted when closed, so save both to your Desktop. Please note it is important that you post BOTH logs in your topic. Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead. Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com Post next: 1. AdwCleaner Log 2. Junkware Removal Log 3. Malwarebytes Log 4. DDS logs (2 logs) Thanks Chuck Link to post Share on other sites
flashh4 Posted March 7, 2016 Report Share Posted March 7, 2016 I will move it to here for you !! # AdwCleaner v5.101 - Logfile created 07/03/2016 at 09:54:31 # Updated 07/03/2016 by Xplode # Database : 2016-03-06.3 [Server] # Operating system : Windows 7 Home Premium Service Pack 1 (x64) # Username : Lori - PC # Running from : C:\Users\Lori\Desktop\adwcleaner_5.101.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** [-] Service Deleted : CouponPrinterService [-] Service Deleted : vToolbarUpdater19.2.0 ***** [ Folders ] ***** [-] Folder Deleted : C:\Program Files (x86)\Application Updater [-] Folder Deleted : C:\Program Files (x86)\Ask.com [-] Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar [-] Folder Deleted : C:\Program Files (x86)\Conduit [-] Folder Deleted : C:\Program Files (x86)\Coupons [-] Folder Deleted : C:\Program Files (x86)\Inbox.com [-] Folder Deleted : C:\Program Files (x86)\RebateInformer [-] Folder Deleted : C:\Program Files (x86)\GamingWonderlandEI [-] Folder Deleted : C:\Program Files (x86)\VideoDownloadConverter [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search [-] Folder Deleted : C:\ProgramData\Ask [-] Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar [-] Folder Deleted : C:\ProgramData\AVG Secure Search [-] Folder Deleted : C:\ProgramData\AVG Security Toolbar [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons [-] Folder Deleted : C:\Users\Lori\AppData\Local\apn [-] Folder Deleted : C:\Users\Lori\AppData\Local\AVG SafeGuard toolbar [-] Folder Deleted : C:\Users\Lori\AppData\Local\Conduit [-] Folder Deleted : C:\Users\Lori\AppData\Local\iac [-] Folder Deleted : C:\Users\Lori\AppData\LocalLow\AskToolbar [-] Folder Deleted : C:\Users\Lori\AppData\LocalLow\AVG SafeGuard toolbar [-] Folder Deleted : C:\Users\Lori\AppData\LocalLow\Conduit [-] Folder Deleted : C:\Users\Lori\AppData\LocalLow\iac [-] Folder Deleted : C:\Users\Lori\AppData\LocalLow\RebateInformer [-] Folder Deleted : C:\Users\Lori\AppData\Roaming\HoolappforAndroid [-] Folder Deleted : C:\Users\Lori\AppData\Roaming\Yahoo!\Companion [-] Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe} ***** [ Files ] ***** [-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** [-] Task Deleted : Hoolapp For Android [-] Task Deleted : Hoolapp Init [-] Task Deleted : Scheduled Update for Ask Toolbar ***** [ Registry ] ***** [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL [-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo [-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@VideoDownloadConverter_ScriptHelper.com/Plugin [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874} [-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615} [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4A3D2621-C879-47E3-969D-F4AD049DEC1B} [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E3CDDB72-3ADC-4920-B42B-68A8C29FA942} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4} [#] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{385F1935-3784-48D0-A61F-6385493DED3C} [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BC153A3C-0BB7-4EED-83AE-28E6E398F56E} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38122A36-83B2-46B8-B39A-EC72A4614A07} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{38122A36-83B2-46B8-B39A-EC72A4614A07} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D6F0AC3-0C2E-4E07-8FDA-11268AB51211} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E9BBD270-4B87-4EE2-912F-6635674986C0} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{35BBB95B-2CE4-4A9E-BDED-50EFD632AC00} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4A3D2621-C879-47E3-969D-F4AD049DEC1B} [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93F0AC70-20D8-4AE8-A02F-6812EFFB6B58} [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A} [-] Key Deleted : HKCU\Software\APN [-] Key Deleted : HKCU\Software\Ask.com [-] Key Deleted : HKCU\Software\CToolbar [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar [-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\APN [-] Key Deleted : HKLM\SOFTWARE\AskToolbar [-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar [-] Key Deleted : HKLM\SOFTWARE\Conduit [-] Key Deleted : HKLM\SOFTWARE\CToolbar [-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKLM\SOFTWARE\GamingWonderlandEI [-] Key Deleted : HKLM\SOFTWARE\VideoDownloadConverter [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE} [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509 [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9 [#] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED623152-BA57-4136-8163-7C58C522B811} [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ED623152-BA57-4136-8163-7C58C522B811} [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\ApnUpdater [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\RebateInformer [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Shared Tools\MsConfig\StartupReg\vProt [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj [-] Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 ***** [ Web browsers ] ***** [-] [C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : aaaaojmikegpiepcfdkkjaplodkpfmlo ************************* :: "Tracing" keys removed :: Winsock settings cleared ************************* C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [16452 bytes] - [07/03/2016 09:54:31] C:\Program Files (x86)\AdwCleaner\AdwCleaner[S1].txt - [15968 bytes] - [07/03/2016 09:51:57] ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [16640 bytes] ########## Link to post Share on other sites
daycare6 Posted March 7, 2016 Author Report Share Posted March 7, 2016 Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 7 Home Premium x64 Ran by Lori (Administrator) on Mon 03/07/2016 at 12:29:50.64 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 54 Failed to delete: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S9MJM9Z (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\{07C7E16B-150E-4C06-9DD4-C053C0DB336E} (Empty Folder) Successfully deleted: C:\Users\Lori\AppData\Local\{44177A2B-831A-48CC-A751-5D276787BDD9} (Empty Folder) Successfully deleted: C:\Users\Lori\AppData\Local\{6C4C6441-B9F8-4B49-A77E-0D4213963FA6} (Empty Folder) Successfully deleted: C:\Users\Lori\AppData\Local\{CF92DC79-4405-4202-BFF1-8290D9419580} (Empty Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00Z06TRS (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UCYJXBP (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N80B2II (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DDPV1OK (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B6VR4P0 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJXCGQGK (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLGL4LXG (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXEOEL0E (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWAVD572 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5LKFQGZ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3JI0ZW7 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2B1IX7Z (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHV8LOHV (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQQQON7F (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEV16XFQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S20OOZ2B (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4F7LFLE (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGKIYD2R (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XM8XF5HF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVA6B16M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\00Z06TRS (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0S9MJM9Z (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0UCYJXBP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3N80B2II (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6DDPV1OK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9B6VR4P0 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJXCGQGK (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JLGL4LXG (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JXEOEL0E (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWAVD572 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L5LKFQGZ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M3JI0ZW7 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2B1IX7Z (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PHV8LOHV (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PQQQON7F (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QEV16XFQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S20OOZ2B (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U4F7LFLE (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XGKIYD2R (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XM8XF5HF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YVA6B16M (Temporary Internet Files Folder) Registry: 6 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E2636FF9-110E-4CFA-9F56-102D26919EB8} (Registry Key) Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ED623152-BA57-4136-8163-7C58C522B811} (Registry Key) Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 03/07/2016 at 12:35:53.06 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites
flashh4 Posted March 7, 2016 Report Share Posted March 7, 2016 Well looks like you can do without all that clutter/junk !! Continue when you get time !! Thanks Chuck Link to post Share on other sites
daycare6 Posted March 8, 2016 Author Report Share Posted March 8, 2016 dds.txt attach.txt Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 Posting your dds. txt .................... easier to read through this way !! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.18205 BrowserJavaVersion: 10.25.2 Run by Lori at 19:10:22 on 2016-03-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3061.1345 [GMT -7:00] . AV: AVG Internet Security 2014 *Enabled/Updated* {4D41356F-32AD-7C42-C820-63775EE4F413} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG Internet Security 2014 *Enabled/Updated* {F620D48B-1497-73CC-F290-58052563BEAE} FW: AVG Internet Security 2014 *Enabled* {757AB44A-78C2-7D1A-E37F-CA42A037B368} . ============== Running Processes =============== . c:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG2014\avgfws.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k utcsvc C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\PasswordBox\pbbtnService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\GWX\GWX.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\SysWOW64\ctfmon.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearch Page = hxxp://www.google.com uDefault_Page_URL = hxxp://www.msn.com mStart Page = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s uURLSearchHooks: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - <orphaned> mWinlogon: Userinit = userinit.exe, BHO: PasswordBox Helper: {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll TB: HopSurf toolbar: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file> mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - C:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab TCP: NameServer = 69.144.127.53 71.10.216.1 71.10.216.2 TCP: Interfaces\{4186B085-0307-40BA-9FFE-C30ECABB12C9} : DHCPNameServer = 69.144.127.53 71.10.216.1 71.10.216.2 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings x64-mStart Page = hxxp://www.google.com x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll x64-TB: HopSurf toolbar: {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" x64-IE: {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2015-5-26 237536] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2015-5-26 369120] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2015-5-26 211936] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1105000.07F\symds64.sys [2010-1-21 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1105000.07F\symefa64.sys [2010-1-21 221232] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344] R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6a.sys [2013-9-26 57144] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-10-24 237848] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2015-5-18 276960] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1105000.07F\cchpx64.sys [2010-1-21 615040] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1105000.07F\ironx64.sys [2010-1-21 148528] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1105000.07F\symtdiv.sys [2010-1-21 451120] R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [2016-2-5 1443144] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2016-2-5 3260328] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2016-2-5 301896] R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-11 1513784] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-11 1135416] R2 PasswordBox;PasswordBox;C:\Program Files (x86)\PasswordBox\pbbtnService.exe [2014-5-14 67584] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-7-11 25816] R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-11 192216] R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-11 63704] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-28 239616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-22 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2016-2-10 114688] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-15 19456] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-15 56832] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2015-6-10 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-19 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2016-03-07 16:50:50 -------- d-----w- C:\Program Files (x86)\AdwCleaner 2016-02-25 16:10:02 -------- d-----w- C:\Program Files\iPod 2016-02-25 16:10:02 -------- d-----w- C:\Program Files (x86)\iTunes 2016-02-25 16:10:01 -------- d-----w- C:\Program Files\iTunes 2016-02-25 16:06:31 -------- d-----w- C:\Program Files\Bonjour 2016-02-25 16:06:31 -------- d-----w- C:\Program Files (x86)\Bonjour 2016-02-13 20:28:04 2085888 ----a-w- C:\Windows\System32\ole32.dll 2016-02-13 20:27:56 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll 2016-02-11 13:17:09 3231232 ----a-w- C:\Windows\explorer.exe 2016-02-11 13:17:08 2973184 ----a-w- C:\Windows\SysWow64\explorer.exe 2016-02-11 13:17:08 1940992 ----a-w- C:\Windows\System32\authui.dll 2016-02-11 13:17:08 1866752 ----a-w- C:\Windows\System32\ExplorerFrame.dll 2016-02-11 13:17:08 1805824 ----a-w- C:\Windows\SysWow64\authui.dll 2016-02-11 13:17:08 1498624 ----a-w- C:\Windows\SysWow64\ExplorerFrame.dll 2016-02-10 19:12:55 1362944 ----a-w- C:\Windows\System32\appraiser.dll 2016-02-10 19:06:33 3211776 ----a-w- C:\Windows\System32\win32k.sys 2016-02-10 18:59:59 275456 ----a-w- C:\Windows\SysWow64\KernelBase.dll . ==================== Find3M ==================== . 2016-03-07 22:09:05 192216 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys 2016-02-10 08:04:18 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2016-02-10 08:04:18 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2016-02-06 10:32:57 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2016-02-06 10:10:21 144384 ----a-w- C:\Windows\System32\ieUnatt.exe 2016-02-06 09:54:50 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2016-02-06 09:37:23 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2016-01-22 06:56:05 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2016-01-22 06:41:35 66560 ----a-w- C:\Windows\System32\iesetup.dll 2016-01-22 06:40:50 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2016-01-22 06:40:43 417792 ----a-w- C:\Windows\System32\html.iec 2016-01-22 06:40:13 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll 2016-01-22 06:40:12 571904 ----a-w- C:\Windows\System32\vbscript.dll 2016-01-22 06:29:43 6052352 ----a-w- C:\Windows\System32\jscript9.dll 2016-01-22 06:27:40 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe 2016-01-22 06:27:24 814080 ----a-w- C:\Windows\System32\jscript9diag.dll 2016-01-22 06:27:10 5573056 ----a-w- C:\Windows\System32\ntoskrnl.exe 2016-01-22 06:27:08 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2016-01-22 06:27:08 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2016-01-22 06:24:12 1733592 ----a-w- C:\Windows\System32\ntdll.dll 2016-01-22 06:20:53 362496 ----a-w- C:\Windows\System32\wow64win.dll 2016-01-22 06:20:53 243712 ----a-w- C:\Windows\System32\wow64.dll 2016-01-22 06:20:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2016-01-22 06:20:36 215040 ----a-w- C:\Windows\System32\winsrv.dll 2016-01-22 06:20:33 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe 2016-01-22 06:20:31 210432 ----a-w- C:\Windows\System32\wdigest.dll 2016-01-22 06:20:20 86528 ----a-w- C:\Windows\System32\TSpkg.dll 2016-01-22 06:20:10 28672 ----a-w- C:\Windows\System32\sspisrv.dll 2016-01-22 06:20:10 135680 ----a-w- C:\Windows\System32\sspicli.dll 2016-01-22 06:20:08 503808 ----a-w- C:\Windows\System32\srcore.dll 2016-01-22 06:20:08 50176 ----a-w- C:\Windows\System32\srclient.dll 2016-01-22 06:19:06 28160 ----a-w- C:\Windows\System32\secur32.dll 2016-01-22 06:19:04 344064 ----a-w- C:\Windows\System32\schannel.dll 2016-01-22 06:19:02 1214464 ----a-w- C:\Windows\System32\rpcrt4.dll 2016-01-22 06:18:49 961024 ----a-w- C:\Windows\System32\CPFilters.dll 2016-01-22 06:18:49 723968 ----a-w- C:\Windows\System32\EncDec.dll 2016-01-22 06:18:32 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2016-01-22 06:17:03 312320 ----a-w- C:\Windows\System32\ncrypt.dll 2016-01-22 06:17:01 159744 ----a-w- C:\Windows\System32\mtxoci.dll 2016-01-22 06:17:00 315392 ----a-w- C:\Windows\System32\msv1_0.dll 2016-01-22 06:16:55 60416 ----a-w- C:\Windows\System32\msobjs.dll 2016-01-22 06:16:39 146432 ----a-w- C:\Windows\System32\msaudite.dll 2016-01-22 06:16:00 1461248 ----a-w- C:\Windows\System32\lsasrv.dll 2016-01-22 06:15:31 730112 ----a-w- C:\Windows\System32\kerberos.dll 2016-01-22 06:15:31 422400 ----a-w- C:\Windows\System32\KernelBase.dll 2016-01-22 06:13:15 3993536 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2016-01-22 06:13:15 3938752 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2016-01-22 06:13:06 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2016-01-22 06:13:04 43520 ----a-w- C:\Windows\System32\cryptbase.dll 2016-01-22 06:13:03 22016 ----a-w- C:\Windows\System32\credssp.dll 2016-01-22 06:09:40 1314328 ----a-w- C:\Windows\SysWow64\ntdll.dll 2016-01-22 06:09:06 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll 2016-01-22 06:06:50 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2016-01-22 06:06:50 665088 ----a-w- C:\Windows\SysWow64\rpcrt4.dll 2016-01-22 06:06:50 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2016-01-22 06:06:30 171520 ----a-w- C:\Windows\SysWow64\wdigest.dll 2016-01-22 06:06:19 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll 2016-01-22 06:06:11 43008 ----a-w- C:\Windows\SysWow64\srclient.dll 2016-01-22 06:05:27 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2016-01-22 06:05:20 251392 ----a-w- C:\Windows\SysWow64\schannel.dll 2016-01-22 06:04:36 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll 2016-01-22 06:04:36 535040 ----a-w- C:\Windows\SysWow64\EncDec.dll 2016-01-22 06:02:58 223232 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2016-01-22 06:02:56 114176 ----a-w- C:\Windows\SysWow64\mtxoci.dll 2016-01-22 06:02:55 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll 2016-01-22 06:02:52 176128 ----a-w- C:\Windows\SysWow64\msorcl32.dll 2016-01-22 06:02:49 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll 2016-01-22 06:02:26 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll 2016-01-22 06:02:01 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll 2016-01-22 06:02:01 496640 ----a-w- C:\Windows\SysWow64\vbscript.dll 2016-01-22 06:02:00 553472 ----a-w- C:\Windows\SysWow64\kerberos.dll 2016-01-22 06:01:26 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll 2016-01-22 06:01:17 341504 ----a-w- C:\Windows\SysWow64\html.iec 2016-01-22 06:00:26 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll 2016-01-22 05:51:37 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2016-01-22 05:46:10 2123264 ----a-w- C:\Windows\System32\inetcpl.cpl 2016-01-22 05:46:00 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll 2016-01-22 05:39:38 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll 2016-01-22 05:35:15 4611072 ----a-w- C:\Windows\SysWow64\jscript9.dll 2016-01-22 05:31:43 2597376 ----a-w- C:\Windows\System32\wininet.dll 2016-01-22 05:24:59 2050560 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2016-01-22 05:24:40 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll 2016-01-22 05:13:56 64000 ----a-w- C:\Windows\System32\auditpol.exe 2016-01-22 05:07:28 2120704 ----a-w- C:\Windows\SysWow64\wininet.dll 2016-01-22 05:07:16 338432 ----a-w- C:\Windows\System32\conhost.exe 2016-01-22 05:07:09 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe 2016-01-22 05:05:44 296960 ----a-w- C:\Windows\System32\rstrui.exe 2016-01-22 04:59:53 159232 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2016-01-22 04:58:52 290816 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2016-01-22 04:58:46 129024 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2016-01-22 04:57:17 30720 ----a-w- C:\Windows\System32\lsass.exe 2016-01-22 04:57:09 112640 ----a-w- C:\Windows\System32\smss.exe 2016-01-22 04:53:59 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2016-01-22 04:53:56 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2016-01-22 04:53:56 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2016-01-22 04:53:55 2048 ----a-w- C:\Windows\SysWow64\user.exe 2016-01-22 04:51:55 36352 ----a-w- C:\Windows\SysWow64\cryptbase.dll 2016-01-22 04:51:40 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2016-01-22 04:51:40 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2016-01-22 04:51:40 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll . ============= FINISH: 19:11:43.26 =============== Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 Attch log . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 1/6/2010 12:52:51 PM System Uptime: 3/7/2016 12:44:56 PM (7 hours ago) . Motherboard: MSI | | Boston Processor: Intel(R) Celeron(R) CPU E3200 @ 2.40GHz | Socket 775 | 2400/800mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 184.285 GiB free. D: is FIXED (NTFS) - 12 GiB total, 2.178 GiB free. E: is CDROM () F: is Removable G: is FIXED (FAT32) - 149 GiB total, 123.148 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: BHDrvx64 Device ID: ROOT\LEGACY_BHDRVX64\0000 Manufacturer: Name: BHDrvx64 PNP Device ID: ROOT\LEGACY_BHDRVX64\0000 Service: BHDrvx64 . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: IDSVia64 Device ID: ROOT\LEGACY_IDSVIA64\0000 Manufacturer: Name: IDSVia64 PNP Device ID: ROOT\LEGACY_IDSVIA64\0000 Service: IDSVia64 . ==== System Restore Points =================== . RP1449: 2/26/2016 3:00:11 AM - Windows Update RP1450: 3/3/2016 6:22:50 AM - Windows Update RP1451: 3/7/2016 12:29:54 PM - JRT Pre-Junkware Removal . ==== Installed Programs ====================== . 64 Bit HP CIO Components Installer 6500_E709_eDocs 6500_E709_Help 6500_E709a Adblock Plus for IE Adblock Plus for IE (32-bit and 64-bit) Adobe Acrobat Reader DC Adobe Flash Player 20 ActiveX Adobe Refresh Manager Apple Application Support (32-bit) Apple Application Support (64-bit) Apple Mobile Device Support Apple Software Update AVG 2014 AVG SafeGuard toolbar Bing Rewards Client Installer Bonjour bpd_scan BPDSoftware BPDSoftware_Ini BufferChm CCleaner Cisco Connect Compatibility Pack for the 2007 Office system Coupon Printer for Windows D3DX10 Destinations DeviceDiscovery DirectX for Managed Code Update (Summer 2004) DocMgr DocProc Fax Google Chrome Google Update Helper GPBaseService2 HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Imaging Device Functions 13.0 HP MAINSTREAM KEYBOARD HP MediaSmart Music/Photo/Video HP Odometer HP Officejet 6500 E709 Series HP Officejet 6500 E710n-z Basic Device Software HP Officejet 6500 E710n-z Help HP Setup HP Smart Web Printing 4.60 HP Solution Center 13.0 HP Support Information HPProductAssistant iTunes Java 7 Update 25 Java Auto Updater Junk Mail filter update LabelPrint Malwarebytes Anti-Malware version 2.2.0.1024 MarketResearch Mesh Runtime Messenger Companion Microsoft .NET Framework 4.5.2 Microsoft Application Error Reporting Microsoft Easy Assist v2 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Works Minute Menu Kids MSN MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Network64 OCR Software by I.R.I.S. 13.0 Picasa 3 Power2Go PowerDirector PowerRecover ProductContext Realtek High Definition Audio Driver Scan Security Update for Microsoft .NET Framework 4.5.2 (KB3023224) Security Update for Microsoft .NET Framework 4.5.2 (KB3035490) Security Update for Microsoft .NET Framework 4.5.2 (KB3037581) Security Update for Microsoft .NET Framework 4.5.2 (KB3074230) Security Update for Microsoft .NET Framework 4.5.2 (KB3074550) Security Update for Microsoft .NET Framework 4.5.2 (KB3097996) Security Update for Microsoft .NET Framework 4.5.2 (KB3098781) Security Update for Microsoft .NET Framework 4.5.2 (KB3122656) Security Update for Microsoft .NET Framework 4.5.2 (KB3127229) SolutionCenter Status Toolbox TrayApp Visual Studio 2012 x64 Redistributables Visual Studio 2012 x86 Redistributables WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Packages Windows Media Player Packages 57 Windows Resource Kit Tools - SubInAcl.exe . ==== Event Viewer Messages From Past Week ======== . 3/7/2016 9:54:56 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 3/7/2016 9:54:29 AM, Error: Service Control Manager [7031] - The Apple Mobile Device Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/7/2016 9:54:28 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:27 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:26 AM, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:26 AM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:26 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/7/2016 9:54:26 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 3/7/2016 9:54:13 AM, Error: Service Control Manager [7034] - The vToolbarUpdater19.2.0 service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:13 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 3/7/2016 9:54:12 AM, Error: Service Control Manager [7034] - The PasswordBox service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:11 AM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:11 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s). 3/7/2016 9:54:11 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 3/7/2016 9:54:11 AM, Error: Service Control Manager [7031] - The Coupon Printer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. 3/7/2016 9:54:10 AM, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 3/7/2016 12:46:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 IDSVia64 . ==== End Of File =========================== Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 Hi Lori, good to know that no threats were found with Malwarebytes ! Ok 1 more program to run Download OldTimer to your desk top ! Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr If you already have a copy of OTL delete it and use this version. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). * Double click OTL.exe to launch the program. * Check the following. o Scan all users. o Standard Output. o Lop check. o Purity check. oExtra Registry > Use SafeList * Under Extra Registry section, select Use SafeList * Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins). * When finished it will produce two logs. o OTL.txt (open on your desktop). o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. * Please post me both logs. This may have to be broken into more than one post ! Thanks Chuck Link to post Share on other sites
daycare6 Posted March 8, 2016 Author Report Share Posted March 8, 2016 OTL logfile created on: 3/7/2016 8:27:22 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lori\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.18204) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.99 Gb Total Physical Memory | 1.21 Gb Available Physical Memory | 40.45% Memory free 5.98 Gb Paging File | 3.93 Gb Available in Paging File | 65.72% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286.01 Gb Total Space | 184.29 Gb Free Space | 64.43% Space Free | Partition Type: NTFS Drive D: | 11.98 Gb Total Space | 2.18 Gb Free Space | 18.17% Space Free | Partition Type: NTFS Drive G: | 149.01 Gb Total Space | 123.15 Gb Free Space | 82.64% Space Free | Partition Type: FAT32 Computer Name: PC | User Name: Lori | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2016/03/07 20:26:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.scr PRC - [2016/02/17 21:15:35 | 000,746,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2016/02/05 10:12:36 | 003,260,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe PRC - [2016/02/05 10:12:00 | 005,212,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe PRC - [2016/02/05 10:11:10 | 001,443,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe PRC - [2016/02/05 10:05:24 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe PRC - [2016/02/01 20:12:06 | 000,252,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe PRC - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe PRC - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe PRC - [2015/10/05 09:48:34 | 009,832,760 | ---- | M] (Malwarebytes) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe PRC - [2014/05/14 12:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe PRC - [2009/08/05 14:45:22 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ========== Modules (No Company Name) ========== MOD - [2009/08/05 14:45:22 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2009/02/27 19:13:04 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe ========== Services (SafeList) ========== SRV:64bit: - [2016/01/21 23:27:40 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:64bit: - [2015/07/22 17:02:54 | 001,390,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2016/02/10 01:04:19 | 000,269,504 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2016/02/05 10:12:36 | 003,260,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent) SRV - [2016/02/05 10:11:10 | 001,443,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgfws.exe -- (avgfws) SRV - [2016/02/05 10:05:24 | 000,301,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd) SRV - [2015/12/13 23:48:02 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015/10/05 09:48:46 | 001,135,416 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2015/10/05 09:48:44 | 001,513,784 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2014/05/14 12:07:08 | 000,067,584 | ---- | M] (PasswordBox, Inc.) [Auto | Running] -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe -- (PasswordBox) SRV - [2014/04/11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014/03/20 15:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/09/23 21:59:36 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\hp\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms -- (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) DRV:64bit: - [2016/03/07 19:24:35 | 000,192,216 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) DRV:64bit: - [2015/10/05 09:50:18 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) DRV:64bit: - [2015/10/05 09:50:06 | 000,025,816 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2015/06/10 22:08:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2015/05/26 20:04:18 | 000,369,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2015/05/26 20:03:18 | 000,237,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2015/05/26 20:03:16 | 000,211,936 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2015/05/18 20:13:08 | 000,276,960 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2014/10/24 10:20:06 | 000,237,848 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2014/07/21 20:03:12 | 000,244,504 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2014/06/30 11:43:02 | 000,152,344 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska) DRV:64bit: - [2014/06/17 15:06:06 | 000,031,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2013/09/26 09:44:54 | 000,057,144 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/01/06 18:29:46 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2009/12/09 02:06:45 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\cchpx64.sys -- (ccHP) DRV:64bit: - [2009/12/02 23:08:32 | 000,504,880 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtsp64.sys -- (SRTSP) DRV:64bit: - [2009/12/02 23:08:32 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2009/11/25 23:41:48 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symefa64.sys -- (SymEFA) DRV:64bit: - [2009/11/25 23:41:22 | 000,148,528 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\ironx64.sys -- (SymIRON) DRV:64bit: - [2009/11/21 17:43:47 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symtdiv.sys -- (SYMTDIv) DRV:64bit: - [2009/11/05 15:06:13 | 000,433,200 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1105000.07F\symds64.sys -- (SymDS) DRV:64bit: - [2009/08/20 17:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/16 04:32:14 | 006,112,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{E2636FF9-110E-4CFA-9F56-102D26919EB8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{E2636FF9-110E-4CFA-9F56-102D26919EB8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.bing.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKCU\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=U147DF&PC=U147&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{B18B44C7-F204-4CB1-935D-57AB3DA53CA4}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7AURU_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) ========== Chrome ========== CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.10.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus) O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Adblock Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus) O3:64bit: - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (HopSurf toolbar) - {E9FAB13D-4600-49E1-90D1-EE961C859D39} - C:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O9:64bit: - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O9 - Extra Button: HopSurf - {ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - C:\Program Files (x86)\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll (Comodo Group, Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 69.144.127.53 71.10.216.1 71.10.216.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4186B085-0307-40BA-9FFE-C30ECABB12C9}: DhcpNameServer = 69.144.127.53 71.10.216.1 71.10.216.2 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{80036e5d-d270-11e1-998e-406186511e09}\Shell - "" = AutoRun O33 - MountPoints2\{80036e5d-d270-11e1-998e-406186511e09}\Shell\AutoRun\command - "" = F:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2016/03/07 20:27:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.com [2016/03/07 20:26:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.scr [2016/03/07 19:08:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Lori\Desktop\dds.scr [2016/03/07 13:46:25 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\Lori\Desktop\mbam-setup-2.2.0.1024 (1).exe [2016/03/07 12:42:08 | 022,908,888 | ---- | C] (Malwarebytes ) -- C:\Users\Lori\Desktop\mbam-setup-2.2.0.1024.exe [2016/03/07 12:29:31 | 001,609,216 | ---- | C] (Malwarebytes) -- C:\Users\Lori\Desktop\JRT.exe [2016/03/07 09:50:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AdwCleaner [2016/02/25 09:11:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2016/02/25 09:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2016/02/25 09:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2016/02/25 09:10:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2016/02/25 09:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2016/02/25 09:06:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2016/02/25 09:05:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2016/02/13 13:28:04 | 002,085,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2016/02/11 06:17:09 | 003,231,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2016/02/11 06:17:08 | 002,973,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2016/02/11 06:17:08 | 001,940,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2016/02/11 06:17:08 | 001,866,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll [2016/02/11 06:17:08 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2016/02/11 06:17:08 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll [2016/02/10 12:13:28 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll [2016/02/10 12:13:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll [2016/02/10 12:13:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll [2016/02/10 12:13:13 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll [2016/02/10 12:13:11 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll [2016/02/10 12:13:09 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll [2016/02/10 12:12:55 | 001,362,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll [2016/02/10 12:12:54 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2016/02/10 12:12:54 | 000,696,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll [2016/02/10 12:12:54 | 000,677,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll [2016/02/10 12:12:53 | 000,499,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll [2016/02/10 12:12:53 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\acmigration.dll [2016/02/10 12:12:53 | 000,025,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CompatTelRunner.exe [2016/02/10 12:12:29 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2016/02/10 12:12:26 | 000,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2016/02/10 12:12:26 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2016/02/10 12:12:23 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2016/02/10 12:10:44 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2016/02/10 12:10:43 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2016/02/10 12:10:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll [2016/02/10 12:10:43 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2016/02/10 12:10:43 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2016/02/10 12:10:43 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2016/02/10 12:10:43 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2016/02/10 12:10:42 | 000,718,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2016/02/10 12:10:42 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll [2016/02/10 12:10:41 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll [2016/02/10 12:10:41 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2016/02/10 12:10:40 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2016/02/10 12:10:36 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2016/02/10 12:10:36 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll [2016/02/10 12:10:36 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2016/02/10 12:10:35 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2016/02/10 12:10:34 | 000,663,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2016/02/10 12:10:34 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2016/02/10 12:10:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2016/02/10 12:10:32 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2016/02/10 12:10:32 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2016/02/10 12:10:31 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2016/02/10 12:10:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2016/02/10 12:10:28 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2016/02/10 12:10:27 | 002,123,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2016/02/10 12:10:24 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2016/02/10 12:10:23 | 000,571,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2016/02/10 12:10:22 | 000,341,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2016/02/10 12:10:22 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2016/02/10 12:10:22 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2016/02/10 12:10:20 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2016/02/10 12:10:16 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2016/02/10 12:10:16 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2016/02/10 12:10:14 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2016/02/10 12:10:13 | 006,052,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2016/02/10 12:10:13 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2016/02/10 12:10:08 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2016/02/10 12:10:07 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2016/02/10 12:10:06 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2016/02/10 12:07:22 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2016/02/10 12:07:22 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2016/02/10 12:07:22 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2016/02/10 12:07:22 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2016/02/10 12:07:22 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2016/02/10 12:07:21 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2016/02/10 12:07:21 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2016/02/10 12:07:21 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2016/02/10 12:07:21 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll [2016/02/10 12:07:21 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll [2016/02/10 12:07:21 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2016/02/10 12:07:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2016/02/10 12:07:21 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2016/02/10 12:07:21 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll [2016/02/10 12:07:21 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll [2016/02/10 12:00:13 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll [2016/02/10 12:00:12 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll [2016/02/10 12:00:11 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll [2016/02/10 12:00:11 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll [2016/02/10 12:00:10 | 005,573,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2016/02/10 12:00:09 | 001,733,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll [2016/02/10 12:00:07 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2016/02/10 12:00:06 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll [2016/02/10 12:00:05 | 003,993,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2016/02/10 12:00:03 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2016/02/10 12:00:02 | 003,938,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2016/02/10 12:00:02 | 000,880,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll [2016/02/10 12:00:01 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll [2016/02/10 12:00:01 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll [2016/02/10 11:59:56 | 001,461,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll [2016/02/10 11:59:55 | 001,214,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll [2016/02/10 11:59:54 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll [2016/02/10 11:59:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2016/02/10 11:59:54 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2016/02/10 11:59:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2016/02/10 11:59:54 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll [2016/02/10 11:59:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe [2016/02/10 11:59:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2016/02/10 11:59:53 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2016/02/10 11:59:53 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll [2016/02/10 11:59:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll [2016/02/10 11:59:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll [2016/02/10 11:59:53 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll [2016/02/10 11:59:53 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll [2016/02/10 11:59:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2016/02/10 11:59:52 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe [2016/02/10 11:59:52 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe [2016/02/10 11:59:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2016/02/10 11:59:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2016/02/10 11:59:52 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2016/02/10 11:59:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe [2016/02/10 11:59:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2016/02/10 11:59:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2016/02/10 11:59:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2016/02/10 11:59:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2016/02/10 11:59:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2016/02/10 11:59:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2016/02/10 11:59:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2016/02/10 11:59:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2016/02/10 11:59:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2016/02/10 11:59:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2016/02/10 11:59:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2016/02/10 11:59:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2016/02/10 11:59:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2016/02/10 11:59:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2016/02/10 11:59:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2016/02/10 11:59:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2016/02/10 11:59:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2016/02/10 11:59:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2016/02/10 11:59:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2016/02/10 11:59:47 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2016/02/10 11:59:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2016/02/10 11:59:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2016/02/10 11:59:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2016/02/10 11:59:46 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2016/02/10 11:59:46 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2016/02/10 11:59:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2016/02/10 11:59:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2016/02/10 11:59:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2016/02/10 11:59:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2016/02/10 11:59:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2016/02/10 11:59:45 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll [2016/02/10 11:59:45 | 000,686,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll [2016/02/10 11:59:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll [2016/02/10 11:59:45 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll [2016/02/10 11:59:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2016/02/10 11:59:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll [2016/02/10 11:59:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll [2016/02/10 11:59:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll [2016/02/10 11:59:44 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2016/03/07 20:27:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.com [2016/03/07 20:26:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lori\Desktop\OTL.scr [2016/03/07 20:17:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2016/03/07 20:17:02 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2016/03/07 20:04:21 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2016/03/07 19:24:35 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2016/03/07 19:21:08 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2016/03/07 19:08:39 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Lori\Desktop\dds.scr [2016/03/07 17:45:14 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2016/03/07 17:45:14 | 000,018,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2016/03/07 13:46:34 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\Lori\Desktop\mbam-setup-2.2.0.1024 (1).exe [2016/03/07 12:45:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2016/03/07 12:45:34 | 2407,407,616 | -HS- | M] () -- C:\hiberfil.sys [2016/03/07 12:42:14 | 022,908,888 | ---- | M] (Malwarebytes ) -- C:\Users\Lori\Desktop\mbam-setup-2.2.0.1024.exe [2016/03/07 12:29:33 | 001,609,216 | ---- | M] (Malwarebytes) -- C:\Users\Lori\Desktop\JRT.exe [2016/03/07 09:49:43 | 001,524,224 | ---- | M] () -- C:\Users\Lori\Desktop\adwcleaner_5.101.exe [2016/03/05 09:57:16 | 000,039,857 | ---- | M] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016 (2).pdf [2016/03/05 09:51:33 | 000,039,857 | ---- | M] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016 (1).pdf [2016/03/05 09:51:32 | 000,039,857 | ---- | M] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016.pdf [2016/03/05 09:47:57 | 000,039,859 | ---- | M] () -- C:\Users\Lori\Desktop\DDA and Savings Statements January 2016.pdf [2016/02/29 09:57:30 | 000,006,978 | ---- | M] () -- C:\Users\Lori\AppData\Roaming\wklnhst.dat [2016/02/25 09:11:21 | 000,001,755 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2016/02/20 15:47:25 | 000,000,365 | ---- | M] () -- C:\Users\Lori\Desktop\My Book (G) - Shortcut.lnk [2016/02/20 15:46:10 | 000,782,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2016/02/20 15:46:10 | 000,662,400 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2016/02/20 15:46:10 | 000,122,268 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2016/02/19 16:20:10 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2016/02/18 09:24:58 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk [2016/02/11 04:25:03 | 000,323,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2016/02/10 01:04:18 | 000,796,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2016/02/10 01:04:18 | 000,142,528 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2016/03/07 09:49:39 | 001,524,224 | ---- | C] () -- C:\Users\Lori\Desktop\adwcleaner_5.101.exe [2016/03/05 09:57:16 | 000,039,857 | ---- | C] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016 (2).pdf [2016/03/05 09:51:32 | 000,039,857 | ---- | C] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016.pdf [2016/03/05 09:51:32 | 000,039,857 | ---- | C] () -- C:\Users\Lori\Desktop\DDA and Savings Statements February 2016 (1).pdf [2016/03/05 09:47:56 | 000,039,859 | ---- | C] () -- C:\Users\Lori\Desktop\DDA and Savings Statements January 2016.pdf [2016/02/25 09:11:21 | 000,001,755 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2016/02/20 15:47:25 | 000,000,365 | ---- | C] () -- C:\Users\Lori\Desktop\My Book (G) - Shortcut.lnk [2014/12/01 13:05:38 | 000,291,801 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp003.JPG [2014/12/01 13:05:34 | 000,291,878 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp003.1 [2014/12/01 13:05:32 | 000,784,339 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp003.0 [2014/11/25 17:03:58 | 001,253,119 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp056.JPG [2014/11/25 17:03:57 | 006,193,600 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp056.0 [2014/11/25 16:52:01 | 001,293,279 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp207.JPG [2014/11/25 16:52:00 | 005,623,112 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp207.0 [2014/11/25 16:37:01 | 001,318,213 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp096.JPG [2014/11/25 16:37:00 | 006,217,990 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp096.0 [2014/11/25 16:35:24 | 002,143,491 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp092.JPG [2014/11/25 16:35:23 | 008,244,995 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp092.0 [2014/11/25 16:32:51 | 001,580,785 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp084.JPG [2014/11/25 16:32:50 | 006,803,687 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp084.0 [2014/11/25 16:30:36 | 001,588,313 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp075.JPG [2014/11/25 16:30:35 | 006,814,480 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp075.0 [2014/11/25 16:29:41 | 007,124,885 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp074.JPG [2014/11/25 16:25:44 | 001,209,689 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp052.JPG [2014/11/25 16:24:36 | 001,043,926 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp055.JPG [2014/11/25 16:24:35 | 005,828,447 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp055.0 [2014/11/25 16:22:52 | 001,243,944 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp054.JPG [2014/11/25 16:22:51 | 006,038,304 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp054.0 [2014/11/25 16:21:47 | 005,873,874 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp052.0 [2014/11/25 16:15:43 | 001,734,360 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp034.JPG [2014/11/25 16:15:42 | 006,872,045 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp034.0 [2014/11/25 16:07:46 | 006,426,331 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp014.JPG [2014/08/28 18:25:13 | 000,551,134 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140517_153434.JPG [2014/08/28 18:25:12 | 002,152,614 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140517_153434.0 [2014/08/28 18:23:43 | 003,039,534 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140610_091135.0 [2014/08/28 18:23:43 | 000,792,820 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140610_091135.JPG [2014/08/28 18:20:30 | 002,355,170 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140609_135457.0 [2014/08/28 18:20:30 | 000,572,084 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp20140609_135457.JPG [2014/07/25 15:43:40 | 000,006,978 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\wklnhst.dat [2014/04/12 18:21:21 | 000,630,402 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpIMG00251-20111202-1835.0 [2014/04/12 18:21:21 | 000,329,967 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpIMG00251-20111202-1835.JPG [2014/01/15 18:31:20 | 000,000,152 | ---- | C] () -- C:\Users\Lori\AppData\Roaming\WB.CFG [2013/02/21 14:37:24 | 000,871,283 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp102.0 [2013/02/21 14:37:24 | 000,390,759 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp102.JPG [2012/11/20 17:59:04 | 000,306,676 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.JPG [2012/11/20 17:58:55 | 000,306,671 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.9 [2012/11/20 17:58:53 | 000,306,695 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.8 [2012/11/20 17:58:51 | 000,306,624 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.7 [2012/11/20 17:58:48 | 000,306,654 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.6 [2012/11/20 17:58:46 | 000,306,627 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.5 [2012/11/20 17:58:43 | 000,698,253 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.4 [2012/11/20 17:55:37 | 000,316,984 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.3 [2012/11/20 17:55:35 | 000,309,161 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.2 [2012/11/20 17:55:34 | 000,310,867 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.1 [2012/11/20 17:55:33 | 000,698,253 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmp017.0 [2012/08/27 12:58:09 | 000,502,901 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpSCAN0001.JPG [2012/08/27 12:51:34 | 000,501,103 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpSCAN0001.2 [2012/08/27 12:51:33 | 000,457,638 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpSCAN0001.1 [2012/08/27 12:51:32 | 000,447,853 | ---- | C] () -- C:\Users\Lori\AppData\Local\tmpSCAN0001.0 ========== ZeroAccess Check ========== [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2016/01/21 23:19:58 | 014,179,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2016/01/21 23:05:58 | 012,877,824 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 We need to Run an OTL fix !!Warning This fix is only relevant for this system and no other, using on another computer may cause problems. Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot * Double-click OTL.exe to start the program. * Copy and Paste the following code into the . text box of the OTL tool/program ! Start with and include the colon plus :OTL Copy everthing in RED and Paste into the box in the OTL program !!:OTL IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{E2636FF9-110E-4CFA-9F56-102D26919EB8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes,DefaultScope = {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{E2636FF9-110E-4CFA-9F56-102D26919EB8}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPDTDF&pc=HPDTDF&src=IE-SearchBox IE - HKCU\..\URLSearchHook: {4c60e5ab-5c68-4c59-abaa-885010b24b32} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?FORM=U147DF&PC=U147&q={searchTerms}&src=IE-SearchBox IE - HKCU\..\SearchScopes\{B18B44C7-F204-4CB1-935D-57AB3DA53CA4}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7AURU_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.10.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.60_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.1_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Lori\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. :Commands [emptyjava] [emptyflash] [EMPTYTEMP] [RESETHOSTS] [CREATERESTOREPOINT] [Reboot] # Then click the Run Fix button at the top. # Click # Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format. Remember to enable your real time protection. Post that log next ! Thanks Chuck We are almost done Lori !! Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 3. click Run Fix Only: Link to post Share on other sites
flashh4 Posted March 8, 2016 Report Share Posted March 8, 2016 This topic has been locked due to a disagreement with user ! If you need this reopened please PM me or any Mod !! Thanks Chuck Link to post Share on other sites
Recommended Posts