Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Screen goes back to Low Resolution on Reboot


  • This topic is locked This topic is locked
19 replies to this topic

#1 drs723

drs723

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 23 March 2013 - 02:02 PM

My laptop screen after a reboot keeps going back to 800x600 screen resolution.  I have ran malwarebytes several times in safe mode and not in safe mode.  It found Adware.MultiPlug in my temporary internet files and a Trojan.Agent.H in my temporary internet files.  I put them in quarantined.  I also have gotten an error after I login to my machine that the module Cleanup.dll for malwarebytes could not be found (in the program data folder).
 
I have run Malwarebytes, Microsoft Security Essentials (didn't find anything), Dr. WebCure IT! (didn't find anything) and even Kaspersky's TDSS Killer (which also didn't find anything).
 
I'm worried that I am still infected some how so I ran OTL and am posting the log.
 
Also I have no idea why I am getting that error for Malwarebytes and the screen defaulting back to a low screen resolution after I log in after a reboot.
 
If anyone can help it would be greatly appreciated!


Is anyone able to help?

Logs posted by Oh My!

OTL logfile created on: 3/23/2013 2:43:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 91.58 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 217.83 Gb Total Space | 24.74 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive E: | 188.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/22 23:43:36 | 003,494,992 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe
PRC - [2013/01/20 15:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/08/20 04:18:20 | 007,065,224 | ---- | M] () -- C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe
PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/03/28 12:51:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
PRC - [2010/08/09 18:22:24 | 000,862,064 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/05/06 02:44:44 | 001,749,504 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2012/10/08 11:42:18 | 000,202,600 | ---- | M] (NVIDIA Corporation) -- c:\Windows\SysWOW64\nvinit.dll
MOD - [2011/03/28 12:51:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/10/25 15:51:28 | 000,341,288 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV:64bit: - [2010/04/16 17:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:38:59 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CISVC.EXE -- (CISVC)
SRV - [2013/03/12 23:51:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/08 11:42:54 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/17 13:49:44 | 000,616,408 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe -- (AntiSpywareService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/10/08 11:42:36 | 000,030,056 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2012/04/10 14:12:08 | 000,641,328 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011/09/01 16:28:36 | 000,032,048 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/08/31 18:06:36 | 000,059,184 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klfltdev.sys -- (KLFLTDEV)
DRV:64bit: - [2011/08/18 18:12:00 | 000,013,616 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/08/18 18:11:56 | 000,464,176 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2011/07/03 22:53:38 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2011/04/01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 250(UVC)
DRV:64bit: - [2011/04/01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 12:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 18:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/19 21:10:38 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/21 06:45:54 | 000,287,232 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/04/27 03:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/03/30 20:35:26 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2010/02/26 20:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/26 14:32:58 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/12/14 16:46:56 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/28 05:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV - [2011/03/18 12:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2010/09/29 16:47:37 | 000,015,144 | ---- | M] (Windows ® 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://us.mc1114.mail.yahoo.com/mc/welcome?.gx=1&.tm=1297615528&.rand=9274ack6kf0i3#_pg=showFolder&fid=Inbox&order=down&tt=4838&pSize=200&.rand=1824199603&hash=9d6864856f272b139b9e27f0235d8526&.jsrand=4997218
IE - HKCU\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "WebSearch"
FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US&l=1&q="
FF - prefs.js..browser.search.selectedEngine: "WebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US"
FF - prefs.js..keyword.URL: "http://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US&l=1&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..browser.search.order.1: "WebSearch"
FF - prefs.js..browser.search.order.1,S: "WebSearch"
FF - prefs.js..browser.search.defaultenginename,S: "WebSearch"
FF - prefs.js..browser.search.selectedEngine,S: "WebSearch"


FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected] [2013/03/16 23:30:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected] [2013/03/16 23:30:35 | 000,000,000 | ---D | M]

[2011/03/26 00:33:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions
[2013/03/23 11:40:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions
[2011/10/26 19:53:11 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2011/10/03 15:55:11 | 000,000,000 | ---D | M] (XFINITY Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
[2011/10/09 13:07:45 | 000,000,000 | ---D | M] (vshare.tv Bar Community Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
[2013/03/16 23:30:35 | 000,000,000 | ---D | M] (SeaRch-NeWTab) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected]
[2013/03/16 23:30:07 | 000,000,000 | ---D | M] (BroWse2ssave) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected]
[2011/06/08 07:38:53 | 000,002,354 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\aol-web-search.xml
[2011/05/15 11:54:12 | 000,001,919 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\bing-zugo.xml
[2011/10/05 11:37:28 | 000,000,929 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\conduit.xml
[2013/03/16 23:30:28 | 000,000,621 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\WebSearch.xml
[2011/12/16 12:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/06/22 15:29:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
File not found (No name found) -- C:\USERS\DAVE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MNM701OD.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2011/08/31 06:38:58 | 000,082,944 | ---- | M] (vShare.tv ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
[2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found
O2:64bit: - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (Updater For XFIN_PORTAL) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Backup Assistant Plus\V CAST Backup Scheduler.exe ()
O4 - Startup: C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: vizzed.com ([www] * in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {315581D7-2DE9-4685-A31D-FDE263FF2FB5} http://lagunalakesfrontgate.dyndns.org:81/template/pWebView1.cab (pWebView1 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll c:\progra~2\websea~1\sprote~1.dll) - c:\windows\syswow64\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe ()
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe ()
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/10 02:04:54 | 000,000,085 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2f8500f7-55f4-11e1-91d7-002454cede72}\Shell - "" = AutoRun
O33 - MountPoints2\{2f8500f7-55f4-11e1-91d7-002454cede72}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\{33695bea-b68d-11e1-a000-002454cede72}\Shell - "" = AutoRun
O33 - MountPoints2\{33695bea-b68d-11e1-a000-002454cede72}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{8e7dd304-f3da-11e1-b980-002454cede72}\Shell - "" = AutoRun
O33 - MountPoints2\{8e7dd304-f3da-11e1-b980-002454cede72}\Shell\AutoRun\command - "" = H:\TL-Bootstrap.exe -- [2011/01/21 11:14:35 | 000,462,848 | R--- | M] ()
O33 - MountPoints2\{f3ac23f0-f60a-11e1-860d-002454cede72}\Shell - "" = AutoRun
O33 - MountPoints2\{f3ac23f0-f60a-11e1-860d-002454cede72}\Shell\AutoRun\command - "" = G:\TL-Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/23 14:15:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/03/23 14:15:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/03/23 13:49:05 | 000,000,000 | ---D | C] -- C:\windows\pss
[2013/03/23 02:08:17 | 000,000,000 | ---D | C] -- C:\Users\Dave\Doctor Web
[2013/03/22 23:35:43 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Programs
[2013/03/22 20:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/03/17 22:23:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/03/17 22:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/03/17 22:23:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/03/17 22:20:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/03/17 00:43:17 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\calibre-cache
[2013/03/16 23:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SeaRch-NeWTab
[2013/03/16 23:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\BroWse2ssave
[2013/03/16 23:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/03/07 00:16:08 | 000,000,000 | ---D | C] -- C:\Users\Dave\Documents\SimCity
[2013/03/07 00:13:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity
[2013/03/07 00:13:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013/03/07 00:07:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013/03/07 00:07:01 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Origin
[2013/03/07 00:06:52 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Origin
[2013/03/07 00:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013/03/07 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013/03/07 00:05:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013/03/07 00:05:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013/03/06 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameFly
[2013/03/06 23:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameFly
[2011/07/03 22:53:38 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dave\AppData\Roaming\pcouffin.sys
[1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/23 14:44:44 | 000,020,032 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:44:44 | 000,020,032 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/23 14:42:27 | 000,734,906 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/03/23 14:42:27 | 000,629,826 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/03/23 14:42:27 | 000,108,870 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/03/23 14:37:35 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/23 14:37:12 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2013/03/23 14:36:52 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/03/23 14:36:44 | 4081,569,792 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/23 14:30:05 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-537737778-4178684207-3077562398-1001UA.job
[2013/03/23 14:15:54 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2013/03/23 14:11:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/23 01:16:57 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2013/03/22 23:35:52 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/22 22:51:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/03/22 20:56:14 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-537737778-4178684207-3077562398-1001Core.job
[2013/03/17 22:23:33 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/03/17 14:04:20 | 016,895,109 | ---- | M] () -- C:\Users\Dave\Documents\0214131442.mp4
[2013/03/17 11:44:38 | 000,000,064 | ---- | M] () -- C:\Users\Dave\Desktop\Call Center Database FE.laccdb
[2013/03/16 23:41:09 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/16 23:31:10 | 002,519,870 | ---- | M] () -- C:\Users\Dave\Desktop\tools v5.6.2.zip
[2013/03/13 23:08:20 | 000,002,080 | -H-- | M] () -- C:\Users\Dave\Documents\Default.rdp
[2013/03/13 22:54:52 | 003,731,456 | ---- | M] () -- C:\Users\Dave\Desktop\Call Center Database FE.accdb
[2013/03/13 22:50:56 | 008,257,536 | ---- | M] () -- C:\Users\Dave\Desktop\Call Center Database_be.accdb
[2013/03/13 21:29:05 | 000,002,358 | ---- | M] () -- C:\Users\Dave\Desktop\Google Chrome.lnk
[2013/03/07 00:13:39 | 000,001,232 | ---- | M] () -- C:\Users\Public\Desktop\SimCity.lnk
[2013/03/07 00:05:26 | 000,000,939 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/03/06 23:58:31 | 000,001,825 | ---- | M] () -- C:\Users\Dave\Desktop\GameFly.lnk
[1 C:\Users\Dave\*.tmp files -> C:\Users\Dave\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/23 14:36:00 | 000,001,047 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/03/23 14:15:54 | 000,001,945 | ---- | C] () -- C:\windows\epplauncher.mif
[2013/03/23 14:15:44 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/03/23 01:16:57 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2013/03/17 22:23:33 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/03/17 22:20:51 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/03/17 14:04:20 | 016,895,109 | ---- | C] () -- C:\Users\Dave\Documents\0214131442.mp4
[2013/03/16 23:41:09 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/03/16 23:30:55 | 002,519,870 | ---- | C] () -- C:\Users\Dave\Desktop\tools v5.6.2.zip
[2013/03/13 22:46:29 | 000,000,064 | ---- | C] () -- C:\Users\Dave\Desktop\Call Center Database FE.laccdb
[2013/03/07 00:13:39 | 000,001,232 | ---- | C] () -- C:\Users\Public\Desktop\SimCity.lnk
[2013/03/07 00:05:26 | 000,000,939 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013/03/06 23:58:31 | 000,001,825 | ---- | C] () -- C:\Users\Dave\Desktop\GameFly.lnk
[2012/12/20 00:33:00 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\ff_vfw.dll
[2012/08/20 04:18:30 | 000,602,112 | ---- | C] () -- C:\windows\SysWow64\xvid.dll
[2012/02/29 13:57:04 | 000,175,616 | ---- | C] () -- C:\windows\SysWow64\unrar.dll
[2011/12/14 13:12:34 | 000,118,813 | ---- | C] () -- C:\windows\Photo Pos Pro Classic Frames Pack Uninstaller.exe
[2011/12/14 13:10:36 | 000,118,366 | ---- | C] () -- C:\windows\Photo Pos Pro Collage Templates Pack Uninstaller.exe
[2011/07/16 21:26:41 | 000,109,216 | ---- | C] () -- C:\windows\SysWow64\EasyHook64.dll
[2011/07/16 21:26:41 | 000,090,784 | ---- | C] () -- C:\windows\SysWow64\EasyHook32.dll
[2011/07/03 22:53:38 | 000,099,384 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\inst.exe
[2011/07/03 22:53:38 | 000,007,859 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.cat
[2011/07/03 22:53:38 | 000,001,167 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\pcouffin.inf
[2011/07/03 22:38:08 | 000,235,581 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\vso_ts_preview.xml
[2011/06/22 12:56:35 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2011/05/15 11:55:16 | 000,000,096 | -HS- | C] () -- C:\windows\WSYS049.SYS
[2011/05/15 11:53:52 | 000,215,422 | ---- | C] () -- C:\windows\Photo Pos Pro Uninstaller.exe
[2011/04/10 03:34:29 | 000,009,216 | ---- | C] () -- C:\Users\Dave\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/10 01:58:45 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/04/02 14:08:26 | 000,011,955 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/04/01 05:07:02 | 010,877,272 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2011/04/01 05:07:02 | 000,102,744 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe
[2011/04/01 05:06:56 | 000,331,608 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2011/02/24 21:09:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/02/11 17:15:04 | 000,007,615 | ---- | C] () -- C:\Users\Dave\AppData\Local\Resmon.ResmonCfg
[2011/02/10 00:03:48 | 000,000,326 | ---- | C] () -- C:\windows\primopdf.ini
[2011/01/12 16:44:44 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/01/12 16:23:27 | 000,000,426 | ---- | C] () -- C:\windows\BRWMARK.INI
[2011/01/12 16:23:27 | 000,000,034 | ---- | C] () -- C:\windows\SysWow64\BD2070N.DAT
[2011/01/10 16:26:45 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/09/16 15:09:14 | 000,870,560 | ---- | C] () -- C:\windows\SysWow64\igkrng575.bin
[2010/09/16 15:09:14 | 000,208,896 | ---- | C] () -- C:\windows\SysWow64\iglhsip32.dll
[2010/09/16 15:09:14 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\iglhcp32.dll
[2010/09/16 15:09:13 | 000,104,796 | ---- | C] () -- C:\windows\SysWow64\igfcg575m.bin
[2010/09/16 15:09:12 | 000,127,868 | ---- | C] () -- C:\windows\SysWow64\igcompkrng575.bin
[2010/09/15 23:50:15 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe
[2010/09/15 23:19:51 | 000,001,963 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/04/06 06:10:15 | 000,225,411 | ---- | C] () -- C:\windows\SysWow64\PosPrKpLib.dll
[2010/04/06 06:10:07 | 000,020,480 | ---- | C] () -- C:\windows\SysWow64\PosTickerLib.dll
[2009/11/05 20:50:52 | 000,077,824 | ---- | C] () -- C:\windows\SysWow64\AdpcmIVNet.dll
[2009/09/25 12:49:54 | 000,199,680 | ---- | C] () -- C:\windows\SysWow64\MyAVCD.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin
[2009/07/13 17:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin
[2009/07/13 17:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin
[2009/07/13 17:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2009/06/08 22:43:44 | 000,069,632 | ---- | C] () -- C:\windows\SysWow64\G711Codec.dll
[2008/01/23 16:59:38 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\AdpcmCodec.dll
[2008/01/23 16:48:40 | 000,073,728 | ---- | C] () -- C:\windows\SysWow64\G723Codec.dll
[2008/01/23 16:41:30 | 000,692,224 | ---- | C] () -- C:\windows\SysWow64\M4VAPDec.dll
[2007/03/02 06:26:16 | 000,126,976 | ---- | C] () -- C:\windows\SysWow64\SaveImage2.dll
[2005/09/23 07:52:14 | 000,078,848 | ---- | C] () -- C:\windows\SysWow64\OneWay.dll
[2002/06/02 10:05:40 | 000,038,912 | ---- | C] () -- C:\windows\SysWow64\1Way.dll

========== LOP Check ==========

[2012/12/18 01:29:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Applian FLV and Media Player
[2011/03/06 18:41:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Audacity
[2011/03/12 14:52:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Avanquest
[2011/07/25 10:24:56 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Binreader
[2013/03/23 00:02:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\BitTorrent
[2011/02/04 18:46:29 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\biu software
[2011/01/12 16:45:14 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Blackberry Desktop
[2011/06/25 15:54:01 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\BSD
[2013/03/17 00:43:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\calibre
[2012/11/13 13:34:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Canneverbe Limited
[2011/06/26 11:44:35 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Canon
[2011/10/28 13:41:16 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Downloaded Installations
[2013/03/23 14:39:43 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Dropbox
[2011/02/20 21:57:13 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\FreeBurner
[2012/01/09 00:49:53 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\GameFly
[2011/02/18 21:41:46 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\GrabIt
[2011/02/27 01:43:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\ImgBurn
[2011/02/18 21:01:11 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mimo
[2012/05/22 00:17:28 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Nitro PDF
[2013/03/08 17:22:48 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Origin
[2013/02/20 12:29:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PrimoPDF
[2011/01/12 16:27:02 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Research In Motion
[2013/03/23 00:03:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spotify
[2011/03/20 13:32:05 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\StreamTorrent
[2012/01/08 13:02:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab
[2013/01/10 21:29:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Vso
[2013/01/05 13:25:19 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\webex
[2013/03/22 23:41:42 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:E965A533
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >


OTL Extras logfile created on: 3/23/2013 2:43:18 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Dave\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 179.00 Gb Total Space | 91.58 Gb Free Space | 51.16% Space Free | Partition Type: NTFS
Drive D: | 217.83 Gb Total Space | 24.74 Gb Free Space | 11.36% Space Free | Partition Type: NTFS
Drive E: | 188.84 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 5.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{5CF37F1F-7C84-421C-8E7A-C8859CCFEBD3}" = Nitro Reader 2
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}" = DAP Plug-in for 64 Bit IE
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Ace Utilities_is1" = Ace Utilities
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"EPSON Artisan 830 Series" = EPSON Artisan 830 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35DC9F1E-5E88-4E69-A49A-9F4C2B33DDF3}" = Web Easy Professional
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D9F35D2-1D6F-4E17-A79F-991A7BD24AAD}" = Vizzed Retro Game Room
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A6806D86-BFF3-49CD-8E2B-87BB3507E53F}" = Web Easy Professional 8
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ADAA0C25-2E61-452B-895D-D2190C4C651D}" = CDBurnerXP
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE4CAD46-3F3F-4248-B0F2-6B0FAFBE40B1}_is1" = WMPCDText 1.2
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.19.365
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2D09AC2-4153-4817-AAEB-24F92A8BCE88}" = Windows Media Center Add-in for Flash
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F9BD2B85-0EF1-4ACB-86EC-A616671EEADA}" = calibre
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"AviSynth" = AviSynth 2.5
"Backup Assistant Plus" = Backup Assistant Plus
"Belarc Advisor" = Belarc Advisor 8.2
"BitTorrent" = BitTorrent
"DVDStyler_is1" = DVDStyler v1.8.2.1
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"GameFly" = GameFly
"HTC_WModemDriver" = WModem Driver Installer
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Marvell Miniport Driver" = Marvell Miniport Driver
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.SingleImage" = Microsoft Office Professional 2010
"Origin" = Origin
"Photo Pos Pro" = Photo Pos Pro
"Photo Pos Pro Classic Frames Pack" = Photo Pos Pro Classic Frames Pack
"Photo Pos Pro Collage Templates Pack" = Photo Pos Pro Collage Templates Pack
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"SpeedFan" = SpeedFan (remove only)
"StreamTorrent 1.0" = StreamTorrent 1.0
"SystemRequirementsLab" = System Requirements Lab
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Sportsbook Poker" = Sportsbook Poker
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/6/2012 3:12:25 AM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

Error - 11/8/2012 9:01:16 PM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

Error - 11/9/2012 1:17:43 AM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

Error - 11/9/2012 1:17:43 AM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

Error - 11/9/2012 9:43:05 PM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: nmsrvc.exe, version: 11.0.8268.0, time
stamp: 0x48dac758 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting process
id: 0x8bc Faulting application start time: 0x01cdbee05013b312 Faulting application
path: C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
Faulting
module path: C:\windows\SysWOW64\ntdll.dll Report Id: f81f5537-2ad7-11e2-b5da-002454cede72

Error - 11/11/2012 7:23:20 PM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/13/2012 10:34:19 AM | Computer Name = Dave-PC | Source = Application Error | ID = 1000
Description = Faulting application name: NitroPdfThumbnailHelper.exe, version: 1.0.0.1,
time stamp: 0x4e9de0ee Faulting module name: npdf.dll_unloaded, version: 0.0.0.0,
time stamp: 0x4e9de1a5 Exception code: 0xc0000005 Fault offset: 0x101b50e6 Faulting
process id: 0xff8 Faulting application start time: 0x01cdc1abf6218f40 Faulting application
path: C:\Program Files (x86)\Nitro PDF\Reader\NitroPdfThumbnailHelper.exe Faulting
module path: npdf.dll Report Id: 3505ee64-2d9f-11e2-85eb-002454cede72

Error - 11/13/2012 11:08:05 AM | Computer Name = Dave-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "C:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 11/16/2012 12:43:04 AM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

Error - 11/16/2012 12:43:04 AM | Computer Name = Dave-PC | Source = Kaspersky Endpoint Security 8 for Windows | ID = 135732
Description =

[ Media Center Events ]
Error - 4/11/2011 12:11:07 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 12:11:07 PM - Error connecting to the internet. 12:11:07 PM - Unable
to contact server..

Error - 4/11/2011 12:11:19 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 12:11:12 PM - Error connecting to the internet. 12:11:12 PM - Unable
to contact server..

Error - 9/2/2011 3:57:50 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 3:57:50 PM - Error connecting to the internet. 3:57:50 PM - Unable
to contact server..

Error - 9/2/2011 3:57:59 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 3:57:55 PM - Error connecting to the internet. 3:57:55 PM - Unable
to contact server..

Error - 10/19/2011 4:34:19 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 4:34:19 PM - Error connecting to the internet. 4:34:19 PM - Unable
to contact server..

Error - 10/19/2011 4:35:04 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 4:34:24 PM - Error connecting to the internet. 4:34:24 PM - Unable
to contact server..

Error - 10/19/2011 5:36:46 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 5:36:46 PM - Error connecting to the internet. 5:36:46 PM - Unable
to contact server..

Error - 10/19/2011 5:37:19 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 5:37:14 PM - Error connecting to the internet. 5:37:14 PM - Unable
to contact server..

Error - 4/11/2012 5:22:36 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 5:22:36 PM - Error connecting to the internet. 5:22:36 PM - Unable
to contact server..

Error - 4/11/2012 5:22:54 PM | Computer Name = Dave-PC | Source = MCUpdate | ID = 0
Description = 5:22:42 PM - Error connecting to the internet. 5:22:42 PM - Unable
to contact server..

[ System Events ]
Error - 3/23/2013 1:42:11 PM | Computer Name = Dave-PC | Source = DCOM | ID = 10005
Description =

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:42:12 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The Network List Service service depends on the Network Location Awareness
service which failed to start because of the following error: %68

Error - 3/23/2013 1:43:03 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7001
Description = The PnP-X IP Bus Enumerator service depends on the Function Discovery
Provider Host service which failed to start because of the following error: %68

Error - 3/23/2013 1:51:10 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The npkusvc service failed to start due to the following error: %%2

Error - 3/23/2013 2:37:15 PM | Computer Name = Dave-PC | Source = Service Control Manager | ID = 7000
Description = The npkusvc service failed to start due to the following error: %%2


< End of report >

Attached Files


Edited by Oh My, 27 March 2013 - 02:24 PM.
Moved from Win 7 to Malware Removal Logs - Hamluis, merged posts.


BC AdBot (Login to Remove)

 


#2 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 02:21 PM

Greetings and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the StartNewTopic.gif button but use the AddReply.gif button instead.
  • In the upper right hand corner of the topic you will see the WatchTopic.gif button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 02:43 PM

Greetings,

Thank you for allowing me some time to review your logs. Please do this for me.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run Combofix in Vista/7

--------------------

Combofix is a very powerful tool and special attention must be taken to allow it to work properly. Please pay careful attention to the following instructions.

sUBs, the author of Combofix, recommends you to uninstall AVG or CA Internet Security before running the program. If you have either of these programs on your computer please uninstall them using AppRemover which can be downloaded here. We will be sure to reinstall the Antivirus program once we are finished using Combofix.
  • Please download ComboFix from one of these locations:

BleepingComputer
ForoSpyware

  • Save Combofix.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts. It is important you do not mouseclick while the program is running or it may stall.
Note #1: Often times it may appear as if ComboFix has stopped working. To verify it is still running please do one of the following below. If, based on the below, you have concluded ComboFix has stopped running please stop and advise me.
  • Check your computer clock. If it is still running then so is ComboFix
  • Open Task Manager and select the Applications Tab. If the status of AutoScan is Running, then ComboFix is running
  • Open Task Manager and select the Processes Tab. Under Image Name look for files ending in .3xe. If there are fluctuating numbers under CPU and Mem Usage then ComboFix is running
Note #2: If you receive the following error "Illegal operation attempted on a registery key that has been marked for deletion" please just restart your computer to resolve this issue

If Combofix fails to run properly using the above instructions please attempt the following:
  • Right click on the Combofix icon on your desktop and select Delete
  • Download a new copy but rename it to freshcopy.exe first, then save it to your desktop
  • Now download RKill.exe (or RKill renamed as iExplore.exe if the first one doesn't work properly) and save it to your desktop
  • Restart your computer in Safe Mode
  • Right click on RKill (or iExplore) and select Run as Administrator. If you are using Windows XP simply double click the icon
  • A black DOS screen should flash and disappear. If not, try to launch the program with the second file. If neither works please stop and let me know
  • When RKill is finished running you will be presented with a text file and a copy will be saved on your desktop. Copy and paste the contents of this report in your reply
  • Do not reboot your computer
  • Double click the freshcopy.exe icon (renamed Combofix file)
  • When finished, it will produce a log. Please copy and paste the C:\Combofix.txt log information in your next reply
  • If you disabled your antivirus please enable it again. If you uninstalled it please wait for instructions to reinstall it
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Combofix log

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 27 March 2013 - 03:46 PM

AWS Cleaner:

# AdwCleaner v2.115 - Logfile created 03/27/2013 at 15:58:09

# Updated 17/03/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Dave - DAVE-PC
# Boot Mode : Normal
# Running from : C:\Users\Dave\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files (x86)\Mozilla Firefox\Plugins\npvsharetvplg.dll
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\aol-web-search.xml
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\WebSearch.xml
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Search-NewTab
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\Dave\AppData\Local\Conduit
Folder Deleted : C:\Users\Dave\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Dave\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\ConduitCommon
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\CT2818425
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f}
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\WinampToolbarData
Folder Deleted : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\xfin_portal
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\websea~1\sprote~1.dll,C:\windows\SysWOW64\nvinit.dll
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16470
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://us.mc1114.mail.yahoo.com/mc/welcome?.gx=1&.tm=1297615528&.rand=9274ack6kf0i3#_pg=showFolder&fid=Inbox&order=down&tt=4838&pSize=200&.rand=1824199603&hash=9d6864856f272b139b9e27f0235d8526&.jsrand=4997218 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US --> hxxp://www.google.com
 
-\\ Mozilla Firefox v [Unable to get version]
 
File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\prefs.js
 
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\user.js ... Deleted !
 
Deleted : user_pref("CT2818425..clientLogIsEnabled", true);
Deleted : user_pref("CT2818425..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2818425..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2818425.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2818425.CTID", "CT2818425");
Deleted : user_pref("CT2818425.CurrentServerDate", "27-10-2011");
Deleted : user_pref("CT2818425.DSInstall", true);
Deleted : user_pref("CT2818425.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2818425.DialogsGetterLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT2818425.DownloadReferralCookieData", "");
Deleted : user_pref("CT2818425.EMailNotifierPollDate", "Wed Oct 26 2011 23:58:13 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2818425.FirstServerDate", "9-10-2011");
Deleted : user_pref("CT2818425.FirstTime", true);
Deleted : user_pref("CT2818425.FirstTimeFF3", true);
Deleted : user_pref("CT2818425.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2818425.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2818425.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2818425.HPInstall", false);
Deleted : user_pref("CT2818425.HasUserGlobalKeys", true);
Deleted : user_pref("CT2818425.HomePageProtectorEnabled", true);
Deleted : user_pref("CT2818425.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=[...]
Deleted : user_pref("CT2818425.Initialize", true);
Deleted : user_pref("CT2818425.InitializeCommonPrefs", true);
Deleted : user_pref("CT2818425.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2818425.InstallationId", "ConduitStubGeneric");
Deleted : user_pref("CT2818425.InstallationType", "ConduitStubIntegration");
Deleted : user_pref("CT2818425.InstalledDate", "Sun Oct 09 2011 13:08:12 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2818425.InvalidateCache", false);
Deleted : user_pref("CT2818425.IsAlertDBUpdated", true);
Deleted : user_pref("CT2818425.IsGrouping", false);
Deleted : user_pref("CT2818425.IsInitSetupIni", true);
Deleted : user_pref("CT2818425.IsMulticommunity", false);
Deleted : user_pref("CT2818425.IsOpenThankYouPage", false);
Deleted : user_pref("CT2818425.IsOpenUninstallPage", true);
Deleted : user_pref("CT2818425.IsProtectorsInit", true);
Deleted : user_pref("CT2818425.LanguagePackLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (Eastern Dayligh[...]
Deleted : user_pref("CT2818425.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2818425.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2818425.LastLogin_3.7.0.6", "Wed Oct 26 2011 23:53:13 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2818425.LatestVersion", "3.7.0.6");
Deleted : user_pref("CT2818425.Locale", "en");
Deleted : user_pref("CT2818425.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2818425.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2818425.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2818425.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2818425.OriginalFirstVersion", "3.7.0.6");
Deleted : user_pref("CT2818425.RadioIsPodcast", false);
Deleted : user_pref("CT2818425.RadioLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2818425.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2818425.RadioLastUpdateServer", "129330101464100000");
Deleted : user_pref("CT2818425.RadioMediaID", "21515677");
Deleted : user_pref("CT2818425.RadioMediaType", "Media Player");
Deleted : user_pref("CT2818425.RadioMenuSelectedID", "EBRadioMenu_CT281842521515677");
Deleted : user_pref("CT2818425.RadioShrinkedFromSetup", false);
Deleted : user_pref("CT2818425.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2818425.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2818425.SavedHomepage", "hxxp://www.xfinity.com/customer/start/?attr=mm&cid=insDate1003[...]
Deleted : user_pref("CT2818425.SearchCaption", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CT2818425.SearchEngineBeforeUnload", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CT2818425.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2818425.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT281[...]
Deleted : user_pref("CT2818425.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2818425.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2818425.SearchInNewTabLastCheckTime", "Wed Oct 26 2011 19:53:12 GMT-0400 (Eastern Dayli[...]
Deleted : user_pref("CT2818425.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2818425.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2818425.SearchProtectorEnabled", true);
Deleted : user_pref("CT2818425.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2818425.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2818425.ServiceMapLastCheckTime", "Wed Oct 26 2011 19:53:12 GMT-0400 (Eastern Daylight [...]
Deleted : user_pref("CT2818425.SettingsLastCheckTime", "Wed Oct 26 2011 19:53:12 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2818425.SettingsLastUpdate", "1314770452");
Deleted : user_pref("CT2818425.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2818425&SearchSource=13");
Deleted : user_pref("CT2818425.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2818425.ThirdPartyComponentsLastCheck", "Sun Oct 09 2011 13:08:09 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2818425.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2818425.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2818425.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2818425");
Deleted : user_pref("CT2818425.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2818425.UserID", "UN50350691528733350");
Deleted : user_pref("CT2818425.alertChannelId", "1210492");
Deleted : user_pref("CT2818425.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2818425.globalFirstTimeInfoLastCheckTime", "Wed Oct 26 2011 23:53:13 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2818425.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2818425.initDone", true);
Deleted : user_pref("CT2818425.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2818425.isFirstRadioInstallation", false);
Deleted : user_pref("CT2818425.myStuffEnabled", true);
Deleted : user_pref("CT2818425.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2818425.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2818425.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2818425.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2818425.oldAppsList", "129320401456081839,129320401456081840,111,7071898492715082350,12[...]
Deleted : user_pref("CT2818425.revertSettingsEnabled", false);
Deleted : user_pref("CT2818425.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2818425.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2818425.testingCtid", "");
Deleted : user_pref("CT2818425.toolbarAppMetaDataLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2818425.toolbarContextMenuLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (Eastern D[...]
Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2818425&Search[...]
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1210492/1206165/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2818425", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2818425",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2818425&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"c88[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Dave\\AppData\\Roaming\\Mozilla\\Fi[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.7.0.6");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/redi[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2818425");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2818425");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2818425");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Oct 26 2011 19:53:12 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "30149fc7-7666-49d4-8ab3-5e4f59f0b67c");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Oct 26 2011 19:53:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Oct 26 2011 19:53:21 GMT-040[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Oct 26 2011 19:53:13 GMT-0400 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "230a7997-9d06-4170-b2d2-b12c18f7b14a");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.xfinity.com/customer/start/?attr=mm&cid=i[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "AOL Web Search");
Deleted : user_pref("FirstSearch.winamp_toolbar.search.hasDoneFirst", 35);
Deleted : user_pref("aol_toolbar.surf.date", "1");
Deleted : user_pref("aol_toolbar.surf.lastDate", "27");
Deleted : user_pref("aol_toolbar.surf.lastMonth", "9");
Deleted : user_pref("aol_toolbar.surf.lastYear", "2011");
Deleted : user_pref("aol_toolbar.surf.month", "167");
Deleted : user_pref("aol_toolbar.surf.prevMonth", "996");
Deleted : user_pref("aol_toolbar.surf.total", "2475");
Deleted : user_pref("aol_toolbar.surf.week", "52");
Deleted : user_pref("aol_toolbar.surf.year", "2439");
Deleted : user_pref("browser.search.defaultenginename", "WebSearch");
Deleted : user_pref("browser.search.defaultthis.engineName", "vshare.tv Bar Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3[...]
Deleted : user_pref("browser.search.selectedEngine", "WebSearch");
Deleted : user_pref("browser.startup.homepage", "hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=36[...]
Deleted : user_pref("keyword.URL", "hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=E[...]
Deleted : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_335[...]
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.guid", "{DA9649D6-8AC8-259E-67C5-D9399D4C763B}");
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.14.1");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "26");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "9");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "8");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "11");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "38");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "6");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "50");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Deleted : user_pref("winamp_toolbar.remote.publish.xml", "1319673191568");
Deleted : user_pref("winamp_toolbar.search.cid", "26-10-2011");
Deleted : user_pref("winamp_toolbar.search.focusnewtab", false);
Deleted : user_pref("winamp_toolbar.search.instd", "20110603231533744");
Deleted : user_pref("winamp_toolbar.search.newtab", false);
Deleted : user_pref("winamp_toolbar.search.oid", "08-06-2011");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.savehistory", true);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Deleted : user_pref("winamp_toolbar.skin.custom", true);
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.button.focus", true);
Deleted : user_pref("winamp_toolbar.winamp.button.forward", true);
Deleted : user_pref("winamp_toolbar.winamp.button.open", true);
Deleted : user_pref("winamp_toolbar.winamp.button.pause", true);
Deleted : user_pref("winamp_toolbar.winamp.button.play", true);
Deleted : user_pref("winamp_toolbar.winamp.button.rewind", true);
Deleted : user_pref("winamp_toolbar.winamp.button.stop", false);
Deleted : user_pref("winamp_toolbar.winamp.button.volume", true);
Deleted : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Deleted : user_pref("winamp_toolbar.winamp.ticker.show", true);
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.volume", "0");
Deleted : user_pref("browser.search.order.1", "WebSearch");
Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.1772] : homepage = "hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=3625199389&lg=EN&cc=US",
Deleted [l.2405] : urls_to_restore_on_startup = [ "hxxp://websearch.pu-results.info/?pid=377&r=2013/03/17&hid=36[...]
 
*************************
 
AdwCleaner[R1].txt - [24794 octets] - [27/03/2013 15:57:41]
AdwCleaner[S1].txt - [25026 octets] - [27/03/2013 15:58:09]
 
########## EOF - C:\AdwCleaner[S1].txt - [25087 octets] ##########
 
 
 
JRT:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Home Premium x64
Ran by Dave on Wed 03/27/2013 at 16:09:16.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} 
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Program Files (x86)\comcasttb"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 03/27/2013 at 16:17:42.55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
COMBO FIX:
ComboFix 13-03-27.01 - Dave 03/27/2013  16:23:33.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3892.2213 [GMT -4:00]
Running from: c:\users\Dave\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\BroWse2ssave
c:\programdata\BroWse2ssave\514538553d1f3.dll
c:\programdata\BroWse2ssave\514538553d1f3.tlb
c:\programdata\BroWse2ssave\settings.ini
c:\programdata\FullRemove.exe
c:\users\Dave\AppData\Local\assembly\tmp
c:\users\Dave\AppData\Roaming\inst.exe
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\dailytips.ini
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\twcache.ini
c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\searchplugins\bing-zugo.xml
c:\users\Dave\AppData\Roaming\vso_ts_preview.xml
D:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-02-27 to 2013-03-27  )))))))))))))))))))))))))))))))
.
.
2013-03-27 20:33 . 2013-03-27 20:33 -------- d-----w- c:\users\Mcx1-DAVE-PC.Dave-PC\AppData\Local\temp
2013-03-27 20:33 . 2013-03-27 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-27 20:09 . 2013-03-27 20:09 -------- d-----w- c:\windows\ERUNT
2013-03-27 20:08 . 2013-03-27 20:08 -------- d-----w- C:\JRT
2013-03-27 19:54 . 2013-03-27 19:54 -------- d-----w- c:\windows\SysWow64\NV
2013-03-27 19:54 . 2013-03-27 19:54 -------- d-----w- c:\windows\system32\NV
2013-03-27 11:40 . 2013-03-15 03:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E47F60C2-C854-438A-9491-9E2CA761E0B0}\mpengine.dll
2013-03-26 03:32 . 2013-03-27 19:54 -------- d-----w- c:\programdata\NVIDIA
2013-03-26 03:32 . 2013-03-26 03:32 -------- d-----w- c:\users\UpdatusUser
2013-03-26 03:32 . 2013-03-26 03:32 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-03-26 03:32 . 2013-03-15 04:16 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-26 03:32 . 2013-03-15 04:16 76064 ----a-w- c:\windows\system32\nv3dappshextr.dll
2013-03-26 03:32 . 2013-03-15 04:16 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-26 03:32 . 2013-03-15 04:16 1016096 ----a-w- c:\windows\system32\nv3dappshext.dll
2013-03-26 03:32 . 2013-03-15 04:16 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-26 03:32 . 2013-03-15 04:16 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-26 03:32 . 2013-03-15 04:16 2555680 ----a-w- c:\windows\system32\nvsvcr.dll
2013-03-26 03:32 . 2013-03-15 04:16 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-26 03:32 . 2013-03-13 16:24 3065455 ----a-w- c:\windows\system32\nvcoproc.bin
2013-03-26 03:31 . 2013-03-26 03:31 -------- d-----w- c:\programdata\NVIDIA Corporation
2013-03-26 03:22 . 2013-03-15 03:28 9311288 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-03-26 03:21 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-23 18:17 . 2013-03-23 18:17 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3475C341-4A90-4B06-9972-CE7617FEE25C}\gapaengine.dll
2013-03-23 18:15 . 2013-03-23 18:15 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-03-23 18:15 . 2013-03-23 18:15 -------- d-----w- c:\program files\Microsoft Security Client
2013-03-23 06:08 . 2013-03-23 06:08 -------- d-----w- c:\users\Dave\Doctor Web
2013-03-23 03:35 . 2013-03-23 03:35 -------- d-----w- c:\users\Dave\AppData\Local\Programs
2013-03-23 01:08 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5A211FD4-BAD0-4F49-898D-7D2B79A5BDA6}\mpengine.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-03-18 02:23 . 2013-03-18 02:23 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-03-18 02:23 . 2013-03-18 02:23 -------- d-----w- c:\program files (x86)\QuickTime
2013-03-18 02:23 . 2013-03-18 02:23 -------- d-----w- c:\programdata\Apple Computer
2013-03-18 02:20 . 2013-03-18 02:20 -------- d-----w- c:\program files (x86)\Apple Software Update
2013-03-17 04:43 . 2013-03-17 04:43 -------- d-----w- c:\users\Dave\AppData\Local\calibre-cache
2013-03-07 04:13 . 2013-03-07 04:13 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-03-07 04:07 . 2013-03-08 21:22 -------- d-----w- c:\users\Dave\AppData\Roaming\Origin
2013-03-07 04:07 . 2013-03-07 04:10 -------- d-----w- c:\program files (x86)\Origin Games
2013-03-07 04:06 . 2013-03-07 04:06 -------- d-----w- c:\users\Dave\AppData\Local\Origin
2013-03-07 04:05 . 2013-03-07 04:16 -------- d-----w- c:\programdata\Origin
2013-03-07 04:05 . 2013-03-07 04:16 -------- d-----w- c:\programdata\Electronic Arts
2013-03-07 04:05 . 2013-03-26 03:13 -------- d-----w- c:\program files (x86)\Origin
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 03:51 . 2012-04-01 02:09 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-13 03:51 . 2011-05-20 22:21 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-15 20:13 . 2011-01-12 16:51 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 05:45 . 2013-03-14 01:26 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-14 01:26 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-14 01:26 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-14 01:26 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-14 01:26 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-14 01:26 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-30 10:53 . 2011-01-10 21:03 273840 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-05 05:53 . 2013-02-13 18:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-13 18:52 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 18:52 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-13 18:52 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-13 18:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-13 18:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-13 18:52 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-13 18:52 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-13 18:52 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-13 18:52 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-13 18:52 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-13 18:52 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-13 18:52 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HLBackupScheduler"="c:\program files\Backup Assistant Plus\V CAST Backup Scheduler.exe" [2012-08-20 7065224]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-26 3497552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
.
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Dave\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
"UpdatePPShortCut"="c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\program files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"VMM Mode Selection"=c:\program files\HTC\ModeSelection\VMMModeSelection.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 npkusvc;npkusvc;c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\21630_13185\npkusvc.exe  [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-04-01 341856]
R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-04-01 4184672]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-07-04 82816]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-12 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [x]
R4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2013-03-15 30496]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-08-18 13616]
S1 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2011-08-31 59184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-09-01 32048]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2010-03-31 13824]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-10-25 341288]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]
S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-04-01 428640]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-21 287232]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 03:51]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 17:51]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-20 17:51]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-537737778-4178684207-3077562398-1001Core.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:34]
.
2013-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-537737778-4178684207-3077562398-1001UA.job
- c:\users\Dave\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-22 00:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Dave\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-09-08 11465832]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-06 415256]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-06 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-06 386584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: vizzed.com\www
TCP: DhcpNameServer = 10.0.0.1 10.0.0.5
DPF: {315581D7-2DE9-4685-A31D-FDE263FF2FB5} - hxxp://lagunalakesfrontgate.dyndns.org:81/template/pWebView1.cab
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
SafeBoot-SolutoService
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files (x86)\DAP\DAPIELoader64.dll
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{4022A9E3-81D8-1851-40AF-1C7ABF52028B} - c:\progra~3\INSTAL~1\{32A4A~1\Setup.exe
AddRemove-{DAE8464A-4E33-D569-BF57-10BB16F77506} - c:\progra~3\INSTAL~1\{98809~1\Setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-03-27  16:42:54
ComboFix-quarantined-files.txt  2013-03-27 20:42
.
Pre-Run: 97,787,703,296 bytes free
Post-Run: 97,655,300,096 bytes free
.
- - End Of File - - 8A31FF4F9B46697DA098A93804C3F9CB


#5 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 05:54 PM

Greetings,

Thanks for the information. There is a suspicious file I would like us to follow up on. In addition, I have another step I would like you to complete to extract some display driver information.

Please do this for me.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

c:\users\Dave\AppData\Roaming\Microsoft\Windows\Templates\21630_13185\npkusvc.exe

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Exporting System Properties Information

--------------------
  • Please provide me with the manufacturer and model number of your computer
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Expand the Components by clicking on the + sign
  • Left click on Display and allow the system to refresh the information
  • Click File, Export, and name the file Display
  • Copy and paste the contents in your reply, adding the requested computer information
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal link
  • Display driver information
  • How is your computer running?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 27 March 2013 - 09:54 PM

I tried to upload the npkusvc.exe file to that website but it wasn't in that folder.  I have show all hidden files and folders checked in windows explorer so if it was a hidden file it would show.

 

The pc seems to be working fine now.  

 

Here is all the information from msinfo32:

 

 

System Information report written at: 03/27/13 22:49:16
System Name: DAVE-PC
[Display]
 
Item Value
Name Intel® HD Graphics
PNP Device ID PCI\VEN_8086&DEV_0046&SUBSYS_C094144D&REV_02\3&11583659&0&10
Adapter Type Intel® HD Graphics (Core i5), Intel Corporation compatible
Adapter Description Intel® HD Graphics
Adapter RAM 1.68 GB (1,805,903,872 bytes)
Installed Drivers igdumd64.dll,igd10umd64.dll,igdumdx32,igd10umd32
Driver Version 8.15.10.2182
INF File oem1.inf (iILKM0 section)
Color Planes Not Available
Color Table Entries Not Available
Resolution Not Available
Bits/Pixel Not Available
Memory Address 0xF7400000-0xF77FFFFF
Memory Address 0xE0000000-0xEFFFFFFF
I/O Port 0x00001800-0x00001807
IRQ Channel IRQ 4294967294
I/O Port 0x000003B0-0x000003BB
I/O Port 0x000003C0-0x000003DF
Memory Address 0xA0000-0xBFFFF
 
Name NVIDIA GeForce 310M
PNP Device ID PCI\VEN_10DE&DEV_0A70&SUBSYS_C094144D&REV_A2\4&1C428D20&0&0008
Adapter Type GeForce 310M, NVIDIA compatible
Adapter Description NVIDIA GeForce 310M
Adapter RAM 512.00 MB (536,870,912 bytes)
Installed Drivers nvd3dumx.dll,nvwgf2umx.dll,nvwgf2umx.dll,nvd3dum,nvwgf2um,nvwgf2um
Driver Version 9.18.13.1422
INF File oem29.inf (Section047 section)
Color Planes Not Available
Color Table Entries 4294967296
Resolution 1366 x 768 x 59 hertz
Bits/Pixel 32
Memory Address 0xBC000000-0xBDEFFFFF
Memory Address 0xC0000000-0xCFFFFFFF
Memory Address 0xBE000000-0xCFFFFFFF
I/O Port 0x00002C80-0x00002CFF
IRQ Channel IRQ 16


#7 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 10:07 PM

Excellent!

Let's run a couple of scans. Please do this.

===================================================

Malwarebytes

--------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download. You can also right click on the link and select Save Link As
  • Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings except to uncheck any offer for a free Pro trial version .
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.
    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

    ===================================================

    ESET Online Scanner

    --------------------

    I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Copy and paste the information in your next reply. Note: If no malware was found you will not be presented with a log.
    • Click the Back button.
    • Click the Finish button.
    ===================================================

    Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
    • MBAM results
    • ESET results
    • How is your computer running now? Any issues?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 27 March 2013 - 10:11 PM

ok I am doing all of this right now as we speak... do you know what the name of the malware/virus I had?  I wanted to look up more information on it and how or why I would have gotten it.

 

Thank you for your help its greatly appreciated! I will post the logs when they are done running.



#9 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 10:42 PM

do you know what the name of the malware/virus I had?

 

I am unable to tell you for certain.  I suspect it had at least something to do with the file we were looking for but you were unable to locate. 

Here is some initial information about the file.  If you notice it references Trojan-Dropper.Win32.Agent.frql .  In doing further research Securelist indicates it may be a Backdoor Trojan.  Currently there is no other evidence in your logs to justify that type of conclusion.  However it wouldn't hurt to keep an eye on your accounts (see Securelist information).  Had you not asked, I would not have raised the Backdoor issue because I would need to see more malicious entries before raising that red flag.  But you asked......


Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 27 March 2013 - 10:43 PM

What is the most likely scenario on how I could have gotten it?

 

Also, my yahoo account was compromised about two weeks ago.  It sent out a lot of emails with a link in it.  Would this have something to do with it?



#11 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 27 March 2013 - 11:03 PM

There are various ways. Clicking on an unknown link, like one sent to you via email by someone you know but they didn't really send it (like your Yahoo account sending something out)... Launching of an infected file, Peer to Peer downloads, like uTorrent, vulnerabilities in programs like Adobe and Java, etc...

At this point our primary focus will be on making sure your computer is clean and setting a course of action to keep you that way. When we declare your computer to be clean I will be providing you a lot of information you can review to confirm what you already know and possibly provide additional information which will prove to be valuable in your effort to avoid this situation again.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 28 March 2013 - 07:42 AM

Malwarebytes Log

 

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org
 
Database version: v2013.03.23.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Dave :: DAVE-PC [administrator]
 
3/27/2013 11:10:09 PM
mbam-log-2013-03-27 (23-10-09).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 278131
Time elapsed: 3 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
ESET Online Scanner Log
C:\Qoobox\Quarantine\C\ProgramData\BroWse2ssave\514538553d1f3.dll.vir a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mnm701od.default\extensions\[email protected]\content\bg.js Win32/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\Users\Dave\Downloads\Rocket_Download_Manager_Setup.exe a variant of Win32/Adware.iBryte.G application cleaned by deleting - quarantined
C:\Users\Dave\Downloads\tools v5.6.2 (1).exe Win32/InstalleRex.I.Gen application cleaned by deleting - quarantined
C:\Users\Dave\Downloads\tools v5.6.2.exe Win32/InstalleRex.I.Gen application cleaned by deleting - quarantined
 


#13 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 28 March 2013 - 08:03 AM

That looks very nice, nothing of real concern there. Now let's update your Java.

Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck Install the Ask Toolbar and make Ask my default search provider
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.

To disable the JQS service if you don't want to use it:
  • Click Start, Control Panel, Java, then Advanced
  • Scroll down to Miscellaneous then uncheck the box for Java Quick Starter.
  • Click OK and reboot your computer.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install properly?
  • One last check, is all well?

Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 drs723

drs723
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:13 PM

Posted 28 March 2013 - 08:08 AM

My question is why would that software pull up some malware and yet malwarebytes and some of the others showed none?



#15 Oh My

Oh My

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 12,831 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:13 AM

Posted 28 March 2013 - 08:43 AM

Because not Antivirus program is perfect. And also, since we do not have the actual file to test we can't be 100% sure it was malware. It is an educated guess that file was a problem. It is not uncommon for some Antivirus programs to flag a file as malicious while some others do not. The databases and updates to those databases do not track each other.
Regards,
Gary

If I do not respond to you within 24 hours of your post please send me a Personal Message .


"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users