Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected-Systweak RegClean Pro & Advanced System Protector


  • This topic is locked This topic is locked
41 replies to this topic

#1 jens3

jens3

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 03 August 2013 - 10:22 AM

Hello,

 

I am trying to fix my grandmother's computer. She opened a spam email from a friend and now her computer is badly infected. I think the root of the infection is the Systweak RegClean Pro and Advanced System Protector which are installed on her computer and cannot be removed. I previously ran Malwarebytes which removed 60+ malware infections, but these programs are still there and the computer is still infected. I really can only run the computer in 'safe mode with networking', because its extremely slow and freezes in normal mode. Please help!

My DDS is below:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16496
Run by Jackson at 11:08:48 on 2013-08-03
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4003.3098 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\Explorer.EXE
C:\windows\system32\ctfmon.exe
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: Flip - Connect with Friends: {4DA729A4-684A-4034-A45B-6D56CEAAE92B} - C:\Program Files (x86)\Discovery Tools\ietb.dll
uURLSearchHooks: InternetHelper3 Toolbar: {b920380d-fbe7-45c7-96ab-37e9870a566c} - C:\Program Files (x86)\InternetHelper3\prxtbInt0.dll
uURLSearchHooks: MixiDJ V33 Toolbar: {06aedb90-98b2-4989-ad0f-39d53551f6ad} - C:\Program Files (x86)\MixiDJ_V33\prxtbMixi.dll
mURLSearchHooks: InternetHelper3 Toolbar: {b920380d-fbe7-45c7-96ab-37e9870a566c} - C:\Program Files (x86)\InternetHelper3\prxtbInt0.dll
mURLSearchHooks: MixiDJ V33 Toolbar: {06aedb90-98b2-4989-ad0f-39d53551f6ad} - C:\Program Files (x86)\MixiDJ_V33\prxtbMixi.dll
mWinlogon: Userinit = userinit.exe,
BHO: MixiDJ V33 Toolbar: {06aedb90-98b2-4989-ad0f-39d53551f6ad} - C:\Program Files (x86)\MixiDJ_V33\prxtbMixi.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Flip BHO: {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} - C:\Program Files (x86)\Discovery Tools\ietb.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627173644.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: InternetHelper3 Toolbar: {b920380d-fbe7-45c7-96ab-37e9870a566c} - C:\Program Files (x86)\InternetHelper3\prxtbInt0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FoxyLyrics: {E531F534-7220-4615-ABDF-91A55447FE4C} - C:\Program Files (x86)\FoxyLyrics\125.dll
TB: InternetHelper3 Toolbar: {B920380D-FBE7-45C7-96AB-37E9870A566C} - C:\Program Files (x86)\InternetHelper3\prxtbInt0.dll
TB: MixiDJ V33 Toolbar: {06AEDB90-98B2-4989-AD0F-39D53551F6AD} - C:\Program Files (x86)\MixiDJ_V33\prxtbMixi.dll
TB: InternetHelper3 Toolbar: {b920380d-fbe7-45c7-96ab-37e9870a566c} - C:\Program Files (x86)\InternetHelper3\prxtbInt0.dll
TB: MixiDJ V33 Toolbar: {06aedb90-98b2-4989-ad0f-39d53551f6ad} - C:\Program Files (x86)\MixiDJ_V33\prxtbMixi.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
dRun: [SearchProtect] \SearchProtect\bin\cltmng.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{042BE752-CB95-46C7-A46A-7A07C50355CE} : DHCPNameServer = 10.0.0.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\SystemCore\ScriptSn.20120627173644.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2011-3-13 771536]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2011-3-13 340216]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-12-6 55856]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-12-6 218760]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2011-12-6 182752]
R3 cfwids;McAfee Inc. cfwids;C:\windows\System32\drivers\cfwids.sys [2011-3-13 70112]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-6-21 25496]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2011-3-13 515968]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-12-6 406632]
S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
S1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-6 89600]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-8-8 1166848]
S2 BackupStack;Computer Backup (MyPC Backup);C:\Program Files (x86)\MyPC Backup\BackupStack.exe [2013-5-22 32808]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-6 13336]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-7-29 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-7-29 701512]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
S2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
S2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-12-6 241456]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-6 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-6 2655768]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-8-8 299008]
S3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
S3 btmaudio;Intel Bluetooth Audio Service;C:\windows\System32\drivers\btmaud.sys [2011-5-19 51712]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-5-19 53248]
S3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-7-19 282624]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-12-6 176096]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2012-10-26 196440]
S3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-7-19 59904]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-6-21 34200]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-6 317440]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-7-29 25928]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-12-6 224704]
S3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2011-3-13 309840]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2011-3-13 106552]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-6 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-12-28 1255736]
S4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2012-10-26 201304]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
S4 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-4-28 23552]
.
=============== Created Last 30 ================
.
2013-08-03 13:41:59 -------- d-----w- C:\MATS
2013-08-03 13:40:55 -------- d-----w- C:\Users\Jackson\AppData\Local\ElevatedDiagnostics
2013-08-02 02:27:26 -------- d-----w- C:\Program Files (x86)\Max Uninstaller
2013-08-02 01:43:58 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-07-30 00:54:41 -------- d-----w- C:\ProgramData\Kaspersky Lab
2013-07-30 00:28:43 -------- d-----w- C:\Users\Jackson\AppData\Roaming\SUPERAntiSpyware.com
2013-07-30 00:28:42 -------- d-----w- C:\Users\Jackson\AppData\Local\Google
2013-07-30 00:28:34 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-07-30 00:28:34 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-07-29 23:57:51 -------- d-----w- C:\Users\Jackson\AppData\Local\NPE
2013-07-29 23:57:51 -------- d-----w- C:\ProgramData\Norton
2013-07-29 23:49:58 -------- d-----w- C:\Users\Jackson\AppData\Roaming\Malwarebytes
2013-07-29 23:49:38 -------- d-----w- C:\ProgramData\Malwarebytes
2013-07-29 23:49:35 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-07-29 23:49:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-29 00:39:59 -------- d-----w- C:\Program Files (x86)\FoxyLyrics
2013-07-29 00:33:14 -------- d-----w- C:\SearchProtect
2013-07-13 16:51:35 3153920 ----a-w- C:\windows\System32\win32k.sys
2013-07-13 16:25:11 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL
2013-07-13 16:25:10 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-13 16:25:09 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll
2013-07-13 16:25:08 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll
2013-07-13 16:25:07 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-12 19:45:30 1643520 ----a-w- C:\windows\System32\DWrite.dll
2013-07-12 19:45:29 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll
.
==================== Find3M  ====================
.
2013-06-18 21:48:52 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-18 21:48:52 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-05-29 05:43:16 2312704 ----a-w- C:\windows\System32\jscript9.dll
2013-05-29 05:35:44 1392128 ----a-w- C:\windows\System32\wininet.dll
2013-05-29 05:34:14 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
2013-05-29 05:29:56 173056 ----a-w- C:\windows\System32\ieUnatt.exe
2013-05-29 05:29:02 599040 ----a-w- C:\windows\System32\vbscript.dll
2013-05-29 05:25:09 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2013-05-29 01:50:14 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-05-29 01:41:52 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-05-29 01:41:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2013-05-29 01:37:15 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2013-05-29 01:36:09 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2013-05-29 01:33:22 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51:01 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-05-13 05:51:00 1464320 ----a-w- C:\windows\System32\crypt32.dll
2013-05-13 05:51:00 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-05-13 05:50:40 52224 ----a-w- C:\windows\System32\certenc.dll
2013-05-13 04:45:55 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55 1160192 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-05-13 04:45:55 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55 1192448 ----a-w- C:\windows\System32\certutil.exe
2013-05-13 03:08:10 903168 ----a-w- C:\windows\SysWow64\certutil.exe
2013-05-13 03:08:06 43008 ----a-w- C:\windows\SysWow64\certenc.dll
2013-05-10 05:49:27 30720 ----a-w- C:\windows\System32\cryptdlg.dll
2013-05-10 03:20:54 24576 ----a-w- C:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39:01 1910632 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 11:10:24.52 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 03 August 2013 - 04:17 PM

Hello jens3,
 
My name is Cody and I'll be helping you clean up your computer.
 
What's below is very important information. Please take the time to read it before we get started.
 
I will reply as soon as possible (typically within 24 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, I just ask for notice ahead of time.
 
I am in Orlando, Florida at GMT-5 Hours (Eastern Standard Time). As previously stated, I normally respond within 24 hours, but I am a university student currently working full time. If I do not respond within 48 hours, feel free to send me a private message.
 
Some points for you to keep in mind:
 
-Do NOT run any tools unless instructed to do so.
-We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
-Do not attach logs or use code boxes, just copy and paste the text.
-I cannot see your computer.
-Periodically update me on the condition of your computer, and provide detail in every post.
-Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
 
NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
 
NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#3 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 03 August 2013 - 07:45 PM

Hi Cody, thank you for your response. I am actually in Orlando as well. Go knights! I appreciate your time, thank you!

#4 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 04 August 2013 - 08:48 PM

Hello jens3,

Please download AdwCleaner by Xplode onto your desktop.

Double click on AdwCleaner.exe to run the tool.

Click on Search.

A logfile will automatically open after the scan has finished.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[R1].txt as well.

 

----------------------------------------------------------------------------------------

 

I am actually in Orlando as well. Go knights! I appreciate your time, thank you!

You're welcome. Go Knights!


:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#5 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 05 August 2013 - 06:51 PM

See log file below:

 

# AdwCleaner v2.306 - Logfile created 08/05/2013 at 19:49:08
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jackson - JACKSON-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jackson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X8UHWJSU\AdwCleaner.exe
# Option [Search]

***** [Services] *****

Found : Yontoo Desktop Updater

***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\windows\Tasks\RegClean Pro_DEFAULT.job
File Found : C:\windows\Tasks\RegClean Pro_UPDATES.job
Folder Found : C:\Program Files (x86)\Advanced System Protector
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\InternetHelper3
Folder Found : C:\Program Files (x86)\LyricsTube
Folder Found : C:\Program Files (x86)\MixiDJ_V33
Folder Found : C:\Program Files (x86)\RegClean Pro
Folder Found : C:\Program Files (x86)\SingAlong
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Found : C:\Users\Jackson\AppData\Local\Conduit
Folder Found : C:\Users\Jackson\AppData\Local\SwvUpdater
Folder Found : C:\Users\Jackson\AppData\Local\Temp\AirInstaller
Folder Found : C:\Users\Jackson\AppData\LocalLow\Conduit
Folder Found : C:\Users\Jackson\AppData\LocalLow\InternetHelper3
Folder Found : C:\Users\Jackson\AppData\LocalLow\MixiDJ_V33
Folder Found : C:\Users\Jackson\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Jackson\AppData\LocalLow\WhiteSmoke_New
Folder Found : C:\Users\Jackson\AppData\Roaming\Yontoo

***** [Registry] *****

Key Found : HKCU\Software\Alexa Internet
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\InternetHelper3
Key Found : HKCU\Software\AppDataLow\Software\MixiDJ_V33
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Found : HKCU\Software\MixiDJ_V33
Key Found : HKCU\Software\systweak
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\InternetHelper3
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\MixiDJ_V33
Key Found : HKLM\Software\systweak
Key Found : HKLM\Software\WhiteSmoke_New
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA03FF-C40D-492A-BF5A-0DD1E97CD32E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A5D047-FEB7-479C-A837-B670141E1F40}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB5EC09D-78E5-400A-A0DF-940AA5C0A45D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B98FFCF9-CCA0-4787-BB40-23FDA023F926}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0DCEB48-0851-4123-994C-E75135A9D62A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E78D017C-EFDF-4E9A-AFE9-4CC6F85BD7F9}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V33 Toolbar
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Settings
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B920380D-FBE7-45C7-96AB-37E9870A566C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [7950 octets] - [05/08/2013 19:49:08]

########## EOF - C:\AdwCleaner[R1].txt - [8010 octets] ##########



#6 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 06 August 2013 - 09:07 AM

Hello jens3,
 
Close all open programs and internet browsers.
 
Double click on adwcleaner.exe to run the tool.
 
Click on Delete.
 
Confirm each time with Ok.
 
You will be prompted to restart your computer. A text file will open after the restart.
 
Please post the contents of that logfile with your next reply.
 
You can find the logfile at C:\AdwCleaner[S1].txt as well.

:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#7 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 06 August 2013 - 08:07 PM

Hello Cody, See log file below:

# AdwCleaner v2.306 - Logfile created 08/06/2013 at 21:01:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jackson - JACKSON-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jackson\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\windows\Tasks\RegClean Pro_UPDATES.job
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\InternetHelper3
Folder Deleted : C:\Program Files (x86)\LyricsTube
Folder Deleted : C:\Program Files (x86)\MixiDJ_V33
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SingAlong
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Users\Jackson\AppData\Local\Conduit
Folder Deleted : C:\Users\Jackson\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jackson\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\InternetHelper3
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\MixiDJ_V33
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\WhiteSmoke_New
Folder Deleted : C:\Users\Jackson\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V33
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\MixiDJ_V33
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InternetHelper3
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\MixiDJ_V33
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA03FF-C40D-492A-BF5A-0DD1E97CD32E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A5D047-FEB7-479C-A837-B670141E1F40}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB5EC09D-78E5-400A-A0DF-940AA5C0A45D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B98FFCF9-CCA0-4787-BB40-23FDA023F926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0DCEB48-0851-4123-994C-E75135A9D62A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E78D017C-EFDF-4E9A-AFE9-4CC6F85BD7F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V33 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B920380D-FBE7-45C7-96AB-37E9870A566C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [8075 octets] - [05/08/2013 19:49:08]
AdwCleaner[S1].txt - [8134 octets] - [06/08/2013 21:01:26]

########## EOF - C:\AdwCleaner[S1].txt - [8194 octets] ##########



#8 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 06 August 2013 - 09:26 PM

Hello jens3,

 

How are things now?

 

----------------------------

 

Also, let's see this:

 

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:

  • Save it to your desktop.

  • Double click on the otlicon.png icon on your desktop.

  • Click the "Scan All Users" checkbox.

  • Push the runscan.png button.

  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened

    • Extra.txt <-- Will be minimized



Edited by TheShooter93, 06 August 2013 - 09:33 PM.

:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#9 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 09 August 2013 - 08:34 AM

Hello jens3,

 

It has been at least 72 hours since my last post, are you still with me?

 

If you need more time, just let me know.

 

If you do not reply to this post within 48 hours, this thread will be closed due to inactivity.


:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#10 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 09 August 2013 - 03:24 PM

Hello,

Sorry it took me awhile to get back to you. I noticed RegClean Pro doesn't show up in the programs anymore woohoo. However, Advanced System Protector by Systweak is still there and the computer still seems to run weird. (i.e. while on the internet, popups open new tabs every so often without me clicking them, and windows is asking me to configure its automatic updates but I get an error when I select the 'automatically update' option). I will run the OTL report and reply with that. Thank you!



#11 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 09 August 2013 - 06:36 PM

Hello, here is the OTL report:

 

OTL logfile created on: 8/9/2013 4:33:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jackson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.52% Memory free
7.82 Gb Paging File | 6.09 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 397.12 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
 
Computer Name: JACKSON-PC | User Name: Jackson | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/08/09 16:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jackson\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/02/19 13:56:14 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2013/02/19 13:53:32 | 000,218,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2013/02/19 13:51:54 | 000,241,456 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2012/11/16 22:10:22 | 000,383,608 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/08/08 09:39:18 | 001,166,848 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3)
SRV:64bit: - [2011/07/27 23:04:48 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/07/27 22:48:34 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/07/27 22:44:18 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/06/03 14:51:38 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr)
SRV:64bit: - [2011/03/08 19:00:50 | 000,224,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\mcafee\msc\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/18 17:48:52 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/22 18:17:01 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Stopped] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 16:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/18 12:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/19 03:16:48 | 000,995,392 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/05/19 03:16:46 | 001,335,360 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/05/19 03:16:36 | 000,921,664 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2011/03/24 10:08:04 | 000,148,360 | ---- | M] (Dell Products, LP.) [Auto | Stopped] -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe -- (DellDigitalDelivery)
SRV - [2010/11/25 07:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 07:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/11/06 01:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/10/05 23:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/10/05 23:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/08/25 22:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/19 13:59:06 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2013/02/19 13:56:26 | 000,340,216 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2013/02/19 13:55:14 | 000,106,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2013/02/19 13:54:32 | 000,771,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2013/02/19 13:53:42 | 000,515,968 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2013/02/19 13:53:02 | 000,309,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2013/02/19 13:52:44 | 000,179,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2012/04/20 16:40:58 | 000,196,440 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP)
DRV:64bit: - [2011/08/08 09:32:08 | 000,299,008 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL)
DRV:64bit: - [2011/08/03 19:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/19 20:54:06 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/07/19 17:13:42 | 000,282,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/21 17:19:14 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/06/21 17:19:12 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/05/19 03:17:04 | 000,053,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/05/19 03:17:02 | 000,051,712 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:64bit: - [2011/05/13 04:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/04/10 15:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/20 13:20:46 | 000,176,096 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/12/10 17:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 17:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/06 19:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/29 20:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/26 15:08:08 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/09/21 11:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/03/19 05:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 14:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {4DA729A4-684A-4034-A45B-6D56CEAAE92B} - C:\Program Files (x86)\Discovery Tools\ietb.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = infoaxe_google
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{255A5A34-1D89-4A3E-957F-30FD482DACA8}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\..\SearchScopes\{AA93B10C-8533-49BC-B4ED-71F2FD125152}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300024&SearchSource=45&UM=2&q={searchTerms}
IE - HKCU\..\SearchScopes\{C55D4FA5-9F2E-4F42-A823-B7817B8149DC}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298569&CUI=UN18683011621209813&UM=2
IE - HKCU\..\SearchScopes\infoaxe_google: "URL" = http://static.flipora.com/enhancedsearch_v.html?cx=partner-pub-6808396145675874:scfw9ganq4h&cof=FORID:10&ie=ISO-8859-1&q={searchTerms}&sa=Search&ref_type=sp&src_type=sp&u=15659983&gl=&t=2.0.0.1&tv=v23&dummyRnd=10735
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013/06/28 18:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/07/06 17:50:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\FoxyLyrics@SHBRT.co: C:\Program Files (x86)\FoxyLyrics\125.xpi [2013/07/28 20:39:59 | 000,009,651 | ---- | M] ()
 
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20120627173644.dll (McAfee, Inc.)
O2 - BHO: (Flip BHO) - {63E60077-EDE9-427a-BAD0-2ED15FADA0A8} - C:\Program Files (x86)\Discovery Tools\ietb.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20120627173644.dll (McAfee, Inc.)
O2 - BHO: (FoxyLyrics) - {E531F534-7220-4615-ABDF-91A55447FE4C} - C:\Program Files (x86)\FoxyLyrics\125.dll (SHBRT Apps)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{042BE752-CB95-46C7-A46A-7A07C50355CE}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\cozi - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/09 16:24:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jackson\Desktop\OTL.exe
[2013/08/07 21:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/08/07 20:14:18 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/08/07 20:14:18 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/08/07 20:14:18 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/08/07 20:14:18 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/08/07 20:14:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/07 20:14:18 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/08/07 20:14:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/07 20:14:18 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/08/07 20:14:18 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/08/07 20:14:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/08/07 20:14:18 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/08/07 20:14:18 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/08/07 20:14:18 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/08/07 20:14:18 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/08/07 20:14:18 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/08/07 20:14:18 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/08/07 20:14:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/08/07 20:14:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/08/07 20:14:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/07 20:14:18 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/08/07 20:14:18 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/08/07 20:14:18 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/08/07 20:14:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/07 20:14:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/08/07 20:14:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/08/07 20:14:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/07 20:14:18 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/08/07 20:14:18 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/08/07 20:14:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/07 20:14:18 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/08/07 20:14:18 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/08/07 20:14:13 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/07 20:14:12 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/07 20:14:12 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/08/07 20:14:12 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/08/07 20:14:12 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/08/07 20:14:12 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/07 20:14:12 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/08/07 20:14:12 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/07 20:14:12 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/08/07 20:14:12 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/07 20:14:12 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/08/07 20:14:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/08/07 20:14:12 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/08/07 20:14:12 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/08/07 20:14:12 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/08/07 20:14:12 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/08/07 20:14:12 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/08/07 20:14:12 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/08/07 20:14:12 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/08/07 20:14:12 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/08/07 20:14:12 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/07 20:14:12 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/08/07 20:14:12 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/08/07 20:14:12 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/08/07 20:14:12 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/08/07 20:14:12 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/08/07 20:14:12 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/08/07 20:14:12 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/08/07 20:14:12 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/07 20:14:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/08/07 20:14:12 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/07 20:14:12 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/08/07 20:14:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/08/07 20:14:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/07 20:14:12 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/08/07 20:14:12 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/08/07 20:14:12 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/08/03 11:07:35 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Jackson\Desktop\dds.com
[2013/08/03 09:41:59 | 000,000,000 | ---D | C] -- C:\MATS
[2013/08/03 09:40:55 | 000,000,000 | ---D | C] -- C:\Users\Jackson\AppData\Local\ElevatedDiagnostics
[2013/08/01 22:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller
[2013/08/01 22:27:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Max Uninstaller
[2013/07/29 20:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/07/29 20:28:43 | 000,000,000 | ---D | C] -- C:\Users\Jackson\AppData\Roaming\SUPERAntiSpyware.com
[2013/07/29 20:28:42 | 000,000,000 | ---D | C] -- C:\Users\Jackson\AppData\Local\Google
[2013/07/29 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/29 20:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/07/29 20:28:34 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/07/29 20:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/07/29 20:27:24 | 026,743,048 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Jackson\Desktop\SUPERAntiSpyware.exe
[2013/07/29 19:57:51 | 000,000,000 | ---D | C] -- C:\Users\Jackson\AppData\Local\NPE
[2013/07/29 19:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/07/29 19:49:58 | 000,000,000 | ---D | C] -- C:\Users\Jackson\AppData\Roaming\Malwarebytes
[2013/07/29 19:49:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/29 19:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/07/29 19:49:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/07/29 19:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/29 19:48:46 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jackson\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/28 20:45:04 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qedit.dll
[2013/07/28 20:45:04 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qedit.dll
[2013/07/28 20:45:03 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WMVDECOD.DLL
[2013/07/28 20:45:03 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WMVDECOD.DLL
[2013/07/28 20:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FoxyLyrics
[2013/07/28 20:33:14 | 000,000,000 | ---D | C] -- C:\SearchProtect
[2013/07/12 15:45:30 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/09 16:29:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/08/09 16:29:25 | 3148,226,560 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/09 16:24:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jackson\Desktop\OTL.exe
[2013/08/07 23:52:30 | 000,000,390 | ---- | M] () -- C:\windows\tasks\FoxyLyrics Update.job
[2013/08/07 21:46:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/08/07 21:17:25 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 21:17:25 | 000,020,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/07 20:23:50 | 554,506,209 | ---- | M] () -- C:\windows\MEMORY.DMP
[2013/08/07 20:14:18 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2013/08/07 20:14:18 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dat
[2013/08/07 20:14:18 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2013/08/07 20:14:18 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmlmedia.dll
[2013/08/07 20:14:18 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2013/08/07 20:14:18 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2013/08/07 20:14:18 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2013/08/07 20:14:18 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\html.iec
[2013/08/07 20:14:18 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
[2013/08/07 20:14:18 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\elshyph.dll
[2013/08/07 20:14:18 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\elshyph.dll
[2013/08/07 20:14:18 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2013/08/07 20:14:18 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iexpress.exe
[2013/08/07 20:14:18 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wextract.exe
[2013/08/07 20:14:18 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2013/08/07 20:14:18 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\occache.dll
[2013/08/07 20:14:18 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iepeers.dll
[2013/08/07 20:14:18 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\IEAdvpack.dll
[2013/08/07 20:14:18 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll
[2013/08/07 20:14:18 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\inseng.dll
[2013/08/07 20:14:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
[2013/08/07 20:14:18 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\SetIEInstalledDate.exe
[2013/08/07 20:14:18 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/07 20:14:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\icardie.dll
[2013/08/07 20:14:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\tdc.ocx
[2013/08/07 20:14:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2013/08/07 20:14:18 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\pngfilt.dll
[2013/08/07 20:14:18 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmler.dll
[2013/08/07 20:14:18 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2013/08/07 20:14:18 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/07 20:14:18 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\licmgr10.dll
[2013/08/07 20:14:18 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msfeedssync.exe
[2013/08/07 20:14:13 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe
[2013/08/07 20:14:12 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2013/08/07 20:14:12 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2013/08/07 20:14:12 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dat
[2013/08/07 20:14:12 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmlmedia.dll
[2013/08/07 20:14:12 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2013/08/07 20:14:12 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2013/08/07 20:14:12 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2013/08/07 20:14:12 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2013/08/07 20:14:12 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2013/08/07 20:14:12 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2013/08/07 20:14:12 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\html.iec
[2013/08/07 20:14:12 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2013/08/07 20:14:12 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
[2013/08/07 20:14:12 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msls31.dll
[2013/08/07 20:14:12 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2013/08/07 20:14:12 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2013/08/07 20:14:12 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iexpress.exe
[2013/08/07 20:14:12 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\occache.dll
[2013/08/07 20:14:12 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\wextract.exe
[2013/08/07 20:14:12 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll
[2013/08/07 20:14:12 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iepeers.dll
[2013/08/07 20:14:12 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\IEAdvpack.dll
[2013/08/07 20:14:12 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\inseng.dll
[2013/08/07 20:14:12 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
[2013/08/07 20:14:12 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\SetIEInstalledDate.exe
[2013/08/07 20:14:12 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\icardie.dll
[2013/08/07 20:14:12 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\tdc.ocx
[2013/08/07 20:14:12 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2013/08/07 20:14:12 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\pngfilt.dll
[2013/08/07 20:14:12 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2013/08/07 20:14:12 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\imgutil.dll
[2013/08/07 20:14:12 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshtmler.dll
[2013/08/07 20:14:12 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2013/08/07 20:14:12 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\licmgr10.dll
[2013/08/07 20:14:12 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/07 20:14:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\mshta.exe
[2013/08/07 20:14:12 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msfeedssync.exe
[2013/08/07 20:10:30 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/08/07 20:10:30 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/08/07 20:10:30 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/08/06 20:59:26 | 000,666,633 | ---- | M] () -- C:\Users\Jackson\Desktop\AdwCleaner.exe
[2013/08/03 11:07:35 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Jackson\Desktop\dds.com
[2013/08/03 10:08:42 | 000,001,350 | ---- | M] () -- C:\Users\Jackson\Desktop\Clean Registry for Free!.lnk
[2013/08/03 09:48:10 | 000,000,123 | ---- | M] () -- C:\Users\Jackson\Desktop\Microsoft Fix it.url
[2013/08/01 21:28:51 | 000,003,591 | ---- | M] () -- C:\Users\Jackson\Desktop\Msirepair.reg
[2013/07/30 14:35:20 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce8d538b0bb1eb.job
[2013/07/29 20:28:55 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task ba059586-2a1d-463d-ac3b-d765895b371d.job
[2013/07/29 20:28:55 | 000,000,514 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task a45c5c0e-b1fe-4029-848d-85306d8ed296.job
[2013/07/29 20:28:38 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/29 20:28:21 | 026,743,048 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Jackson\Desktop\SUPERAntiSpyware.exe
[2013/07/29 19:49:43 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/29 19:49:04 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jackson\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/29 06:55:03 | 177,123,520 | ---- | M] () -- C:\Users\Jackson\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
[2013/07/28 20:25:42 | 000,461,464 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013/08/07 20:14:18 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/08/07 20:14:12 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2013/08/06 20:59:26 | 000,666,633 | ---- | C] () -- C:\Users\Jackson\Desktop\AdwCleaner.exe
[2013/08/03 09:48:10 | 000,000,123 | ---- | C] () -- C:\Users\Jackson\Desktop\Microsoft Fix it.url
[2013/08/01 21:28:51 | 000,003,591 | ---- | C] () -- C:\Users\Jackson\Desktop\Msirepair.reg
[2013/08/01 21:03:25 | 000,001,350 | ---- | C] () -- C:\Users\Jackson\Desktop\Clean Registry for Free!.lnk
[2013/07/30 14:35:19 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore1ce8d538b0bb1eb.job
[2013/07/29 20:28:55 | 000,000,514 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task ba059586-2a1d-463d-ac3b-d765895b371d.job
[2013/07/29 20:28:55 | 000,000,514 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task a45c5c0e-b1fe-4029-848d-85306d8ed296.job
[2013/07/29 20:28:38 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/07/29 19:49:43 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/28 21:44:42 | 177,123,520 | ---- | C] () -- C:\Users\Jackson\Desktop\setup_11.0.0.1245.x01_2013_07_23_10_15.exe
[2013/04/30 18:10:38 | 000,000,258 | RHS- | C] () -- C:\Users\Jackson\ntuser.pol
[2011/12/06 06:19:05 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011/12/06 06:19:04 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011/12/06 06:19:04 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011/12/06 06:19:04 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011/12/06 06:19:03 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011/12/06 06:18:27 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011/12/06 06:18:21 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011/12/06 06:18:21 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011/12/06 06:18:21 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011/12/06 06:18:21 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011/12/06 06:18:21 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011/12/06 05:05:21 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011/12/06 05:01:09 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/06 04:56:52 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013/05/06 17:19:21 | 000,000,040 | ---- | M] ()(C:\windows\SysNative\?Ã) -- C:\windows\SysNative\웠Ã
[2013/05/06 17:19:21 | 000,000,040 | ---- | C] ()(C:\windows\SysNative\?Ã) -- C:\windows\SysNative\웠Ã

< End of report >

 

 

 

Extras Report:

 

OTL Extras logfile created on: 8/9/2013 4:33:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Jackson\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.91 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 55.52% Memory free
7.82 Gb Paging File | 6.09 Gb Available in Paging File | 77.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 397.12 Gb Free Space | 88.05% Space Free | Partition Type: NTFS
 
Computer Name: JACKSON-PC | User Name: Jackson | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{112B6952-CA4A-4E5A-A22C-85AB536F9D44}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{33EC5EAC-5278-431C-8AC7-62C447CF04FC}" = lport=9700 | protocol=6 | dir=in | name=syncup_tcp_9700 |
"{49BF20EA-314C-4E3B-BBFD-DD93B0FFD301}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BD908B5E-43E6-47C4-BC09-93B48A203C3C}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DA371584-B01A-45C0-B321-55DA8FA0A6A8}" = lport=9701 | protocol=6 | dir=in | name=syncup_tcp_9701 |
"{DBC9A535-B3E6-4236-A671-119B4A18DA16}" = lport=9700 | protocol=17 | dir=in | name=syncup_udp_9700 |
"{FDFA34CC-9189-4583-8144-898409E8DE0C}" = lport=9702 | protocol=6 | dir=in | name=syncup_tcp_9702 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07850164-245A-4491-B195-C0521387F9EA}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{22ED3B92-A1EA-4594-8546-3E55F7444BAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{37407434-B8C0-4D1A-94C1-A887E8F499DE}" = dir=in | app=c:\program files (x86)\dell\videostage\videostage.exe |
"{4F1359A7-05AF-46BF-8245-C1E48AB70BC7}" = dir=in | app=c:\program files\dell stage\musicstage\musicstageengine.exe |
"{503B66F8-BDA7-4645-B77B-296C46E21D37}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{57FF0370-DF80-4CC2-9F9F-CC9DBB8DDF9A}" = dir=in | app=c:\program files\dell stage\dell stage\stage_primary.exe |
"{58CF5FA7-5E13-4A10-ABAC-1E5DB400B550}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |
"{600F1533-D2AA-4DA2-87E5-FE150228BEA5}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\nero\bdcore\nero blu-ray player\blu-rayplayer.exe |
"{709F4B9C-BCCC-43B6-B7FC-6064A72AC81C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{78F371BD-CA24-4DE9-8247-9A59F021EDBE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{829AE55D-FEDF-4B49-B3A9-53C152E0B91E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{82FA332D-456D-4659-BBB6-300FEC129613}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{85948635-0FCE-436E-AABC-5CF026C25F2C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8AD205DF-E574-4FA6-8E90-858A27CF2731}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9A038B95-6B12-4A70-85E6-0940C2E6E339}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9DE21C9C-9C26-45F6-B69F-A3A9492C2F91}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{D2EADC08-D314-4507-A337-E4BBFC6533AA}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EC720F32-07DF-491C-8373-32A6BBD08C54}" = dir=in | app=c:\program files\dell stage\dell stage\accuweather\accuweather.exe |
"{EE6B2504-A11C-40DC-80F3-99A80B8B4B97}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F4D8D136-689D-4BC3-A949-0E71A0B6E971}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{25FBDA9A-E868-4B3B-B9FF-D923818511A1}" = Intel® PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java™ 6 Update 27 (64-bit)
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel® PROSet/Wireless Software for Bluetooth® Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Dell Support Center" = Dell Support Center
"Download_Manager_and_Options" = Download Manager and Options
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MyPC Backup" = MyPC Backup
"ProInst" = Intel PROSet Wireless
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ECFCB07-9BFE-4970-ACA1-D568D982760B}" = Complete Care Business Service Agreement
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EEBAFB5-CB0F-4E1A-A33F-4ECAF15CE2F9}" = Dell Digital Delivery
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java™ 6 Update 27
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{400182B4-CA55-46A9-9D88-F8413DCFB36D}" = Blio
"{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software (x86)
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
"{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel® WiDi
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
"{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91AF2672-F5BC-42CF-8037-A9D2F92BBCC0}" = Dell MusicStage
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.6) MUI
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{C16A92EF-017B-4839-9C75-FBADB5A1FA27}" = TrustedID
"{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}" = Premium Service Agreement
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7022C9B-4DE0-4A57-B395-ED3BFDB78D73}_is1" = Max Uninstaller version 2.0
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
"{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
"{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F47C37A4-7189-430A-B81D-739FF8A7A554}" = Consumer In-Home Service Agreement
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Dell Webcam Central" = Dell Webcam Central
"Discovery Tools" = Discovery Tools
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MSC" = McAfee SecurityCenter
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"ProInst" = Intel PROSet Wireless
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT089409" = Bejeweled 2 Deluxe
"WT089410" = Blackhawk Striker 2
"WT089411" = Build-a-lot 2
"WT089412" = Cake Mania
"WT089413" = Chuzzle Deluxe
"WT089414" = Diner Dash 2 Restaurant Rescue
"WT089415" = Dora's World Adventure
"WT089418" = FATE
"WT089420" = Jewel Quest
"WT089422" = Jewel Quest Solitaire 2
"WT089426" = Poker Superstars III
"WT089430" = Virtual Villagers 4 - The Tree of Life
"WT089433" = Polar Golfer
"WT089434" = Escape Whisper Valley ™
"WT089440" = Namco All-Stars PAC-MAN
"WT089443" = Bounce Symphony
"WT089444" = Final Drive Nitro
"WT089445" = Penguins!
"WT089446" = Wedding Dash - Ready, Aim, Love!
"WT089448" = Zuma Deluxe
"WT089450" = Farm Frenzy
"WT089452" = Plants vs. Zombies - Game of the Year
"WT089499" = Final Drive Fury
"WT089503" = Samantha Swift
"WT089507" = Luxor
"WT089508" = Polar Bowler
"ZinioReader4" = Zinio Reader 4
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/12/2013 3:29:55 PM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/12/2013 3:37:25 PM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/12/2013 3:46:25 PM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/13/2013 7:24:53 AM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/13/2013 7:31:10 AM | Computer Name = Jackson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c1  Faulting module name: ntdll.dll, version: 6.1.7601.17725, time
 stamp: 0x4ec4aa8e  Exception code: 0xc0000005  Fault offset: 0x000000000004e4b4  Faulting
 process id: 0x24c  Faulting application start time: 0x01ce7fbb429119f1  Faulting application
 path: C:\windows\system32\svchost.exe  Faulting module path: C:\windows\SYSTEM32\ntdll.dll
Report
 Id: b70413ad-ebaf-11e2-bd9a-4c80934d2820
 
Error - 7/13/2013 7:31:20 AM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/13/2013 7:38:51 AM | Computer Name = Jackson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c1  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7c92c  Exception code: 0xc0000005  Fault offset: 0x0000000000007624  Faulting
 process id: 0x4c8  Faulting application start time: 0x01ce7fbc7c92351c  Faulting application
 path: C:\windows\system32\svchost.exe  Faulting module path: C:\windows\system32\ole32.dll
Report
 Id: c97c7737-ebb0-11e2-bd9a-4c80934d2820
 
Error - 7/13/2013 12:19:49 PM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/13/2013 12:29:53 PM | Computer Name = Jackson-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 7/13/2013 12:35:55 PM | Computer Name = Jackson-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
 stamp: 0x4a5bc3c1  Faulting module name: ole32.dll, version: 6.1.7601.17514, time
 stamp: 0x4ce7c92c  Exception code: 0xc0000005  Fault offset: 0x0000000000007624  Faulting
 process id: 0x13cc  Faulting application start time: 0x01ce7fe5f475304d  Faulting application
 path: C:\windows\system32\svchost.exe  Faulting module path: C:\windows\system32\ole32.dll
Report
 Id: 496999e1-ebda-11e2-b9b1-4c80934d2820
 
[ System Events ]
Error - 8/9/2013 4:38:05 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7031
Description = The Extensible Authentication Protocol service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
120000 milliseconds: Restart the service.
 
Error - 8/9/2013 4:38:05 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7031
Description = The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
120000 milliseconds: Restart the service.
 
Error - 8/9/2013 4:38:05 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7031
Description = The User Profile Service service terminated unexpectedly.  It has
done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds:
 Restart the service.
 
Error - 8/9/2013 4:38:05 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
  It has done this 1 time(s).  The following corrective action will be taken in
120000 milliseconds: Restart the service.
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 8/9/2013 4:40:08 PM | Computer Name = Jackson-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
 
< End of report >
 



#12 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 10 August 2013 - 12:09 PM

Hello jens3,

 

We need to remove some programs with Revo Uninstaller Free:

Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Advanced System Protector
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

--------------------------------------------------------------------------------------------------------------

 

After you've done this, please reboot your computer and check to see if Advanced System Care is still installed. Let me know either way.

 

Also, please re-run adwCleaner using the instructions I gave you in post #6 and include the results in your next reply.


:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 


#13 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 12 August 2013 - 07:41 PM

Hello! Ok the Advanced System Protector by Systweak program seems to be removed.  :) . Below is the adwCleaner log:

 

# AdwCleaner v2.306 - Logfile created 08/06/2013 at 21:01:26
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jackson - JACKSON-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Jackson\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Yontoo Desktop Updater

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\windows\Tasks\RegClean Pro_DEFAULT.job
File Deleted : C:\windows\Tasks\RegClean Pro_UPDATES.job
Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\InternetHelper3
Folder Deleted : C:\Program Files (x86)\LyricsTube
Folder Deleted : C:\Program Files (x86)\MixiDJ_V33
Folder Deleted : C:\Program Files (x86)\RegClean Pro
Folder Deleted : C:\Program Files (x86)\SingAlong
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Folder Deleted : C:\Users\Jackson\AppData\Local\Conduit
Folder Deleted : C:\Users\Jackson\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Jackson\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\InternetHelper3
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\MixiDJ_V33
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jackson\AppData\LocalLow\WhiteSmoke_New
Folder Deleted : C:\Users\Jackson\AppData\Roaming\Yontoo

***** [Registry] *****

Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\InternetHelper3
Key Deleted : HKCU\Software\AppDataLow\Software\MixiDJ_V33
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_New
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKCU\Software\MixiDJ_V33
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3277370
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298569
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\InternetHelper3
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\MixiDJ_V33
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\WhiteSmoke_New
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0D21C336-3CFD-421C-B27D-796A2518AC3C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6F89054E-27B3-45BB-A3D6-E26D00838F00}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0BDA03FF-C40D-492A-BF5A-0DD1E97CD32E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10A5D047-FEB7-479C-A837-B670141E1F40}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB5EC09D-78E5-400A-A0DF-940AA5C0A45D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B98FFCF9-CCA0-4787-BB40-23FDA023F926}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D0DCEB48-0851-4123-994C-E75135A9D62A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E78D017C-EFDF-4E9A-AFE9-4CC6F85BD7F9}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06AEDB90-98B2-4989-AD0F-39D53551F6AD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B920380D-FBE7-45C7-96AB-37E9870A566C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InternetHelper3 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MixiDJ_V33 Toolbar
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Search Settings
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B920380D-FBE7-45C7-96AB-37E9870A566C}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{06AEDB90-98B2-4989-AD0F-39D53551F6AD}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{B920380D-FBE7-45C7-96AB-37E9870A566C}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [8075 octets] - [05/08/2013 19:49:08]
AdwCleaner[S1].txt - [8134 octets] - [06/08/2013 21:01:26]

########## EOF - C:\AdwCleaner[S1].txt - [8194 octets] ##########


Edited by jens3, 12 August 2013 - 07:43 PM.


#14 jens3

jens3
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:08:58 AM

Posted 12 August 2013 - 07:53 PM

That log is wrong I think. That's the [S1] file from the last time I ran it. Here is the [S2] log file which I think is the right one.

 

# AdwCleaner v2.306 - Logfile created 08/12/2013 at 20:16:24
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Jackson - JACKSON-PC
# Boot Mode : Normal
# Running from : C:\Users\Jackson\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16635

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [8075 octets] - [05/08/2013 19:49:08]
AdwCleaner[S1].txt - [8259 octets] - [06/08/2013 21:01:26]
AdwCleaner[S2].txt - [642 octets] - [12/08/2013 20:16:24]

########## EOF - C:\AdwCleaner[S2].txt - [701 octets] ##########



#15 TheShooter93

TheShooter93

    Cody


  • Malware Study Hall Senior
  • 4,447 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:07:58 AM

Posted 13 August 2013 - 08:48 PM

Hello jens3,

 

Glad to hear that did the job!   :thumbup2:

 

How is the computer running now?

 

---------------------------------------------------------------------------------------

 

Let's see a final DDS log to make sure your computer is clean:

 

Please download  DDS by sUBs from one of the following links.  Save it to your desktop.
 
 
Double click on the DDS icon, allow it to run.

 

Mark the option attach.txt.

 

Click on Start.

 

After the scan has finished, confirm the message with Ok.

 

DDS will automatically open both logfiles.

 

You can find them on your desktop as well.

 

Please post the content of those logfiles with your next answer.

 
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  
 
Information on A/V control HERE.

Edited by TheShooter93, 13 August 2013 - 08:49 PM.

:santa:  Network+ Certified | Senior at UCF pursuing Information Technology B.S. | System Administrator  :santa: 

Please note that I am currently in training. All malware related posts must first be approved by an instructor. This may cause a delay.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users