Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe


  • This topic is locked This topic is locked
36 replies to this topic

#1 zaphryn78

zaphryn78

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 25 April 2013 - 01:46 PM

i have an issue where my dllhost.exe file is using 10-15 million k of my ram. I end the process tree in my task manager and everything runs smoothly until an hour or so and then it its back up. Its causing the loss of images to appear on my desktop, files disappearing/not loading, browser crashes etc. 

 

I ran Symantec professional edition in safe mode with all the latest definitions and found nothing. I also ran malware bytes and Microsoft security. Found nothing. 

 

I just ran hijackthis and this is whats showing in the log file. 

 

Help me please. 

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:34:58 PM, on 4/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Thommy Kane\Downloads\HijackThis (2).exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?affil=7&uid=fbc68970-9168-11e2-afd9-c8600079fc93
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?affil=7&uid=fbc68970-9168-11e2-afd9-c8600079fc93
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: (no name) - {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ACC01A56-70E3-472E-9C4F-83B1DA817DD8} - (no file)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
O4 - HKLM\..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - Startup: CurseClientStartup.ccip
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: D_Link_DWA-125 Service (D_Link_DWA-125) - Wireless Service - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe
O23 - Service: D_Link_DWA-125_WPS Service (D_Link_DWA-125_WPS) - Unknown owner - C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10917 bytes

Edited by zaphryn78, 25 April 2013 - 01:48 PM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:45 AM

Posted 26 April 2013 - 02:17 AM

Hello zaphryn78 and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:
 

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply

===================================================

Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download one of these to your desktop:

for a 32-bt system download this version.
for 64-bit use this one

  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2013 - 07:39 AM

Thank you so much for the prompt response. 

 

I did everything you instructed to the letter. 

 

AdwCleaner results: 

 

 

# AdwCleaner v2.202 - Logfile created 04/26/2013 at 08:27:41
# Updated 23/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Thommy Kane - ELISE
# Boot Mode : Normal
# Running from : C:\Users\Thommy Kane\Downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
File Deleted : C:\END
File Deleted : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Thommy Kane\AppData\Local\APN
Folder Deleted : C:\Users\Thommy Kane\AppData\Local\Conduit
Folder Deleted : C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Folder Deleted : C:\Users\Thommy Kane\AppData\Local\PackageAware
Folder Deleted : C:\Users\Thommy Kane\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Thommy Kane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
Folder Deleted : C:\Users\Thommy Kane\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Thommy Kane\Documents\ShopToWin
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Key Deleted : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Key Deleted : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3198785
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dknkjnkhedbanphkkpbpcgoblmkbfhlf
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0DF56869-BA25-4E8E-82F9-AF48EA6BCC7E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ACC01A56-70E3-472E-9C4F-83B1DA817DD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16476
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://www.ask.com/?l=dis&o=14196 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v20.0 (en-US)
 
File : C:\Users\Thommy Kane\AppData\Roaming\Mozilla\Firefox\Profiles\xn99ms2v.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v26.0.1410.64
 
File : C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [9357 octets] - [26/04/2013 08:27:41]
 
########## EOF - C:\AdwCleaner[S1].txt - [9417 octets] ##########
 

Rogue Killer Results:

 

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Thommy Kane [Admin rights]
Mode : Scan -- Date : 04/26/2013 08:37:02
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED] ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
 
127.0.0.1 activate.adobe.com
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: WDC WD1001FALS-00Y6A0 ATA Device +++++
--- User ---
[MBR] 06c5c461a4b01d72f04999a35e7991db
[BSP] 2928af4022876821526478baf32fd7f1 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
+++++ PhysicalDrive1: WDC WD740GLFS-01F8U0 ATA Device +++++
--- User ---
[MBR] 30eff53acbdb83b52794a970832051c9
[BSP] 98fb419d8e489bac6c1dfe3ad48effa6 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 70809 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[2]_S_04262013_02d0837.txt >>
RKreport[1]_S_04262013_02d0835.txt ; RKreport[2]_S_04262013_02d0837.txt

Edited by zaphryn78, 26 April 2013 - 07:43 AM.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:45 AM

Posted 26 April 2013 - 09:58 AM

Good – that got rid of some junk.

Download and run OTL
 

  • download OTL to your desktop.
  • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • click Scan all users.
  • under Custom Scan paste this in


    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT


     

  • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
  • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • you may need two posts to fit them both in.

===================================================

Run aswMBR
 

  • download aswMBR.exe to your desktop.
  • double click the aswMBR.exe to run it
  • if asked, accept the AVAST virus definition download
  • click the "Scan" button to start scan
  • on completion of the scan click Save log, save it to your desktop and post in your next reply. Note - do NOT attempt any Fix yet.

===================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.
 

  • doubleclick CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

Logs to include with next post:

OTL.txt
Extras.txt
aswMBR log
CKFiles.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2013 - 11:09 AM

Here is the information you requested. I ran all scans in the order you posted them. Below are the results you requested. 

 

OTL: 

 

 

OTL logfile created on: 4/26/2013 11:37:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thommy Kane\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.95 Gb Total Physical Memory | 14.55 Gb Available Physical Memory | 91.26% Memory free
33.89 Gb Paging File | 31.65 Gb Available in Paging File | 93.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.15 Gb Total Space | 8.57 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 815.81 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
 
Computer Name: ELISE | User Name: Thommy Kane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/26 11:35:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Thommy Kane\Downloads\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/07/01 17:16:46 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
PRC - [2010/05/06 17:21:54 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/10/19 19:03:50 | 000,995,328 | ---- | M] (D-Link Corp.) -- C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe
PRC - [2009/10/19 18:39:38 | 000,122,880 | ---- | M] (Wireless Service) -- C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe
PRC - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/04/04 09:20:33 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANPDApi.dll
MOD - [2009/10/19 18:59:12 | 000,274,432 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-125 revA\wlanapp.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/08/06 12:24:22 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/27 22:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/26 22:18:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/12 21:31:03 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/08/05 19:11:38 | 003,234,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/07/01 17:17:24 | 001,832,072 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/07/01 16:25:32 | 000,425,800 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/05/06 17:21:14 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/17 10:53:18 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/08/21 09:27:26 | 000,126,976 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWZCSdS.exe -- (D_Link_DWA-125)
SRV - [2009/07/07 19:49:20 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-125 revA\ANIWConnService.exe -- (D_Link_DWA-125_WPS)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/30 18:05:08 | 000,233,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wpshelper.sys -- (WpsHelper)
DRV:64bit: - [2012/07/28 00:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/07/27 21:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/05/19 21:33:50 | 000,173,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/05/14 02:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/05 19:11:32 | 000,052,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\WPSDRVnt.sys -- (WPS)
DRV:64bit: - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
DRV:64bit: - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/12/28 12:42:26 | 000,064,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Teefer2.sys -- (Teefer2)
DRV:64bit: - [2009/09/15 12:36:48 | 001,061,888 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Dnetr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/06 18:10:10 | 000,015,872 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\anodlwfx.sys -- (anodlwf)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2013/01/17 05:00:00 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130425.003\ex64.sys -- (NAVEX15)
DRV - [2013/01/17 05:00:00 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20130425.003\eng64.sys -- (NAVENG)
DRV - [2012/12/17 05:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/09 04:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/08 12:59:16 | 000,482,352 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
DRV - [2010/03/08 12:59:16 | 000,447,536 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
DRV - [2010/03/08 12:59:16 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?affil=7&uid=fbc68970-9168-11e2-afd9-c8600079fc93
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{E2071C94-92ED-42E3-AF4E-90C974589B87}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchou.com/?affil=7&uid=fbc68970-9168-11e2-afd9-c8600079fc93
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 5E E6 DF 66 12 CD 01  [binary data]
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\URLSearchHook: {b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14} - No CLSID value found
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\SearchScopes\{D36C0E65-809F-4D30-B2B2-34FB8B9C7ED4}: "URL" = http://search.yahoo.com/?ourmark=4&p={searchTerms}
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\SearchScopes\{E2071C94-92ED-42E3-AF4E-90C974589B87}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=2&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\..\SearchScopes\{E27955BC-B684-476A-AADC-8F55501D35A9}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?hspart=w3i&hsimp=yhs-geneiotransfer&type=W3i_IA,206,0_0,StartPage,20120102,18482,0,0,6434&p={searchTerms}
IE - HKU\S-1-5-21-3672244602-1110161311-1925886221-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Thommy Kane\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Thommy Kane\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fbdownloader@KMcore: C:\Program Files (x86)\fbDownloader\_browser_extensions\xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/03 09:22:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 14:24:35 | 000,000,000 | ---D | M]
 
[2013/04/03 09:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thommy Kane\AppData\Roaming\Mozilla\Extensions
[2013/04/10 10:40:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Thommy Kane\AppData\Roaming\Mozilla\Firefox\Profiles\xn99ms2v.default\extensions
[2013/04/10 10:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/06 03:08:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/20 19:08:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions
[2013/04/20 19:08:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/20 19:09:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/03/26 22:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/03/26 22:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/26 22:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Thommy Kane\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Amazon for Chrome = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam\2.2.2012.276_0\
CHR - Extension: Gmail = C:\Users\Thommy Kane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/04/06 13:56:56 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [D-Link D-Link DWA-125] C:\Program Files (x86)\D-Link\DWA-125 revA\AirGCFG.exe (D-Link Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WZCSLDR2] C:\Program Files (x86)\D-Link\DWA-125 revA\WZCSLDR2.exe (Wireless Service)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Thommy Kane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
CREATERESTOREPOINT 
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/26 08:34:04 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\RK_Quarantine
[2013/04/24 14:40:42 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\SplashPage.v1.0.1
[2013/04/24 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\Global Forum Message 1.1.0 (IP.Board 3.2 & 3.3)
[2013/04/22 10:52:57 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\hooks
[2013/04/22 10:02:13 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\UFC IMAGES
[2013/04/22 09:37:48 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\(SOS33) Enhanced Gallery Images in Board Index 3.0.2
[2013/04/22 09:36:11 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\Twitter Widget Box 1.0.0 (IP.Board 3.0, 3.1, 3.2 & 3.3)
[2013/04/22 08:55:01 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\Genesis_3_4_2
[2013/04/21 10:05:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/19 14:53:44 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\SoccerGames
[2013/04/17 10:58:50 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Roaming\.minecraft
[2013/04/17 10:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/04/17 10:52:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/16 16:06:34 | 000,000,000 | ---D | C] -- C:\ProgramData\22237
[2013/04/14 11:47:12 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Roaming\Malwarebytes
[2013/04/14 11:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/14 11:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/14 11:47:09 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/14 11:47:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/14 11:47:02 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Local\Programs
[2013/04/14 11:16:17 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/04/14 11:16:13 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Roaming\IObit
[2013/04/14 11:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/04/14 11:01:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/14 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Roaming\LockHunter
[2013/04/14 10:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\LockHunter
[2013/04/14 10:11:31 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\upload
[2013/04/14 09:37:29 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\wuvm
[2013/04/14 09:36:04 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\Desktop\footballwebsitetemplate
[2013/04/13 19:18:57 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Local\sms.at
[2013/04/13 19:18:55 | 001,018,880 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2013/04/13 19:18:55 | 000,208,384 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2013/04/13 19:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mysms
[2013/04/11 03:00:59 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 03:00:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 03:00:57 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 03:00:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 03:00:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 03:00:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 03:00:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 03:00:56 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 03:00:54 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 03:00:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 03:00:53 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 03:00:53 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 03:00:51 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 03:00:51 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 03:00:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 10:43:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/04/10 08:41:18 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 08:41:17 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 08:41:16 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 08:41:16 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 08:41:15 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 08:41:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 08:40:56 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 08:40:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 08:40:55 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 08:40:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 08:40:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 08:40:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/04 13:14:35 | 000,000,000 | ---D | C] -- C:\Users\Thommy Kane\AppData\Roaming\Curse Advertising
[2013/04/03 09:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/26 11:30:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/26 11:13:02 | 000,002,794 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Capture.GIF
[2013/04/26 11:04:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3672244602-1110161311-1925886221-1000UA.job
[2013/04/26 10:57:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/26 10:57:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/26 09:58:16 | 000,013,061 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\f567bb77e2de3bfcf2695e8f7debec18.png
[2013/04/26 09:48:20 | 000,001,456 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/04/26 09:48:19 | 000,000,268 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\nhnews_bg.png
[2013/04/26 09:46:29 | 000,000,996 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\primarynav_active_hover_bg.png
[2013/04/26 09:46:18 | 000,001,109 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\primarynav_hover_bg.png
[2013/04/26 09:44:17 | 000,001,122 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\generalbox_bg.png
[2013/04/26 08:39:14 | 000,019,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 08:39:14 | 000,019,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 08:35:57 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/26 08:35:57 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/26 08:35:57 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/26 08:31:54 | 000,003,284 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCS{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}
[2013/04/26 08:31:54 | 000,003,284 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Roaming\ANIWZCS{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}
[2013/04/26 08:31:45 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME
[2013/04/26 08:31:00 | 000,000,007 | ---- | M] () -- C:\Windows\SysWow64\ANIWZCSUSERNAME{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}
[2013/04/26 08:30:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/26 08:29:54 | 4251,987,966 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/26 08:28:10 | 000,000,178 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/26 08:27:50 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3672244602-1110161311-1925886221-1000Core.job
[2013/04/25 13:49:04 | 000,034,068 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltimpsSdb1r0wqrdo1_500.jpg
[2013/04/25 13:47:40 | 000,038,593 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltjhxRDIA1r0wqrdo1_500.jpg
[2013/04/25 13:47:03 | 000,095,613 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltn8cJPBg1r0wqrdo1_500.jpg
[2013/04/25 07:08:34 | 000,002,283 | ---- | M] () -- C:\Users\Thommy Kane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/23 12:54:45 | 000,070,643 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\ufc-x10-4.jpg
[2013/04/23 11:18:07 | 000,174,993 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Community Involvement.jpg
[2013/04/23 11:17:13 | 000,174,943 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Fighting events & schedules.jpg
[2013/04/23 10:42:29 | 005,164,713 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Nutrition & Supplements.jpg
[2013/04/23 10:41:38 | 001,514,635 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Health & physical Training.jpg
[2013/04/23 10:38:15 | 000,279,828 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Exclusive Interviews.jpg
[2013/04/23 10:36:09 | 000,285,611 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Champions.jpg
[2013/04/23 10:34:46 | 001,127,627 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\Interviews.jpg
[2013/04/23 10:33:31 | 001,751,781 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\action packed.jpg
[2013/04/23 10:32:46 | 000,309,296 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\boxing.jpg
[2013/04/23 10:31:52 | 000,771,852 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\mma.jpg
[2013/04/21 10:19:40 | 000,000,611 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\topicViewSidebar.lnk
[2013/04/20 09:52:44 | 000,005,158 | ---- | M] () -- C:\Users\Thommy Kane\Documents\gun laws.rtf
[2013/04/19 19:42:19 | 000,026,539 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\305717_10151540651984781_937767417_n.jpg
[2013/04/18 09:29:22 | 000,048,607 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\drinking-roulette-539x461.jpg
[2013/04/16 21:22:20 | 000,090,112 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\photo-2.JPG
[2013/04/16 18:28:24 | 000,980,274 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Local\census.cache
[2013/04/16 18:28:15 | 000,179,824 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Local\ars.cache
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\MSVCP71.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\ATL71.DLL
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdva.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiumdag.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\atiu9pag.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\aticfx32.dll
[2013/04/16 18:16:52 | 000,000,036 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Local\housecall.guid.cache
[2013/04/16 15:49:24 | 000,007,602 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Local\resmon.resmoncfg
[2013/04/14 13:10:32 | 000,038,799 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\med_gallery_3_6_10581.png
[2013/04/14 11:47:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 11:02:01 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/13 10:10:39 | 000,009,504 | -HS- | M] () -- C:\Users\Thommy Kane\Desktop\Folder.jpg
[2013/04/13 10:10:39 | 000,009,504 | -HS- | M] () -- C:\Users\Thommy Kane\Desktop\AlbumArt_{947B186D-14F9-4366-9CD5-7F6557E29AC9}_Large.jpg
[2013/04/13 10:10:39 | 000,002,164 | -HS- | M] () -- C:\Users\Thommy Kane\Desktop\AlbumArtSmall.jpg
[2013/04/13 10:10:39 | 000,002,164 | -HS- | M] () -- C:\Users\Thommy Kane\Desktop\AlbumArt_{947B186D-14F9-4366-9CD5-7F6557E29AC9}_Small.jpg
[2013/04/13 05:26:50 | 001,153,613 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\images-red-base.xml.gz
[2013/04/13 05:26:29 | 000,046,695 | ---- | M] () -- C:\Users\Thommy Kane\Desktop\redbase.xml.gz
[2013/04/12 15:47:50 | 000,000,300 | ---- | M] () -- C:\Users\Thommy Kane\Documents\Document.rtf
[2013/04/11 03:23:41 | 004,878,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 10:47:07 | 000,000,693 | ---- | M] () -- C:\Users\Thommy Kane\Documents\proposals.rtf
[2013/04/09 14:14:10 | 000,000,600 | ---- | M] () -- C:\Users\Thommy Kane\AppData\Roaming\winscp.rnd
[2013/04/05 07:37:52 | 000,019,263 | ---- | M] () -- C:\Users\Thommy Kane\Documents\group permissions..rtf
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/04 09:51:22 | 000,002,492 | ---- | M] () -- C:\Users\Thommy Kane\Documents\insertion order.rtf
[2013/03/31 10:09:00 | 000,018,519 | ---- | M] () -- C:\Users\Thommy Kane\Documents\group%20permissions..rtf_0.odt
 
========== Files Created - No Company Name ==========
 
[2013/04/26 11:13:02 | 000,002,794 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Capture.GIF
[2013/04/26 09:58:16 | 000,013,061 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\f567bb77e2de3bfcf2695e8f7debec18.png
[2013/04/26 09:48:19 | 000,000,268 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\nhnews_bg.png
[2013/04/26 09:46:28 | 000,000,996 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\primarynav_active_hover_bg.png
[2013/04/26 09:46:17 | 000,001,109 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\primarynav_hover_bg.png
[2013/04/26 09:43:31 | 000,001,122 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\generalbox_bg.png
[2013/04/26 08:27:54 | 000,000,178 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/04/25 13:49:04 | 000,034,068 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltimpsSdb1r0wqrdo1_500.jpg
[2013/04/25 13:47:40 | 000,038,593 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltjhxRDIA1r0wqrdo1_500.jpg
[2013/04/25 13:47:03 | 000,095,613 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\tumblr_mltn8cJPBg1r0wqrdo1_500.jpg
[2013/04/23 12:54:45 | 000,070,643 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\ufc-x10-4.jpg
[2013/04/23 11:18:07 | 000,174,993 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Community Involvement.jpg
[2013/04/23 11:17:13 | 000,174,943 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Fighting events & schedules.jpg
[2013/04/23 10:42:29 | 005,164,713 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Nutrition & Supplements.jpg
[2013/04/23 10:41:38 | 001,514,635 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Health & physical Training.jpg
[2013/04/23 10:38:15 | 000,279,828 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Exclusive Interviews.jpg
[2013/04/23 10:36:09 | 000,285,611 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Champions.jpg
[2013/04/23 10:34:46 | 001,127,627 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\Interviews.jpg
[2013/04/23 10:33:31 | 001,751,781 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\action packed.jpg
[2013/04/23 10:32:46 | 000,309,296 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\boxing.jpg
[2013/04/23 10:31:52 | 000,771,852 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\mma.jpg
[2013/04/22 09:22:03 | 001,153,613 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\images-red-base.xml.gz
[2013/04/22 09:22:03 | 000,046,695 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\redbase.xml.gz
[2013/04/21 10:19:40 | 000,000,611 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\topicViewSidebar.lnk
[2013/04/20 09:52:44 | 000,005,158 | ---- | C] () -- C:\Users\Thommy Kane\Documents\gun laws.rtf
[2013/04/19 19:42:19 | 000,026,539 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\305717_10151540651984781_937767417_n.jpg
[2013/04/18 09:29:22 | 000,048,607 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\drinking-roulette-539x461.jpg
[2013/04/17 10:53:00 | 000,002,283 | ---- | C] () -- C:\Users\Thommy Kane\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/17 10:52:27 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/17 10:52:26 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 21:22:20 | 000,090,112 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\photo-2.JPG
[2013/04/16 18:28:24 | 000,980,274 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\census.cache
[2013/04/16 18:28:15 | 000,179,824 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\ars.cache
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\OLEPRO32.DLL
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCR71.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\MSVCP71.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\ATL71.DLL
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdva.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiumdag.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\atiu9pag.dll
[2013/04/16 18:22:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\aticfx32.dll
[2013/04/16 18:16:52 | 000,000,036 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\housecall.guid.cache
[2013/04/14 13:10:32 | 000,038,799 | ---- | C] () -- C:\Users\Thommy Kane\Desktop\med_gallery_3_6_10581.png
[2013/04/14 11:47:10 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/14 11:02:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/14 11:01:57 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/13 19:18:55 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\libgcc_s_dw2-1.dll
[2013/04/13 19:18:55 | 000,011,362 | ---- | C] () -- C:\Windows\SysWow64\mingwm10.dll
[2013/04/13 10:10:39 | 000,009,504 | -HS- | C] () -- C:\Users\Thommy Kane\Desktop\Folder.jpg
[2013/04/13 10:10:39 | 000,009,504 | -HS- | C] () -- C:\Users\Thommy Kane\Desktop\AlbumArt_{947B186D-14F9-4366-9CD5-7F6557E29AC9}_Large.jpg
[2013/04/13 10:10:39 | 000,002,164 | -HS- | C] () -- C:\Users\Thommy Kane\Desktop\AlbumArtSmall.jpg
[2013/04/13 10:10:39 | 000,002,164 | -HS- | C] () -- C:\Users\Thommy Kane\Desktop\AlbumArt_{947B186D-14F9-4366-9CD5-7F6557E29AC9}_Small.jpg
[2013/04/10 10:47:07 | 000,000,693 | ---- | C] () -- C:\Users\Thommy Kane\Documents\proposals.rtf
[2013/04/06 08:10:54 | 000,000,600 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Roaming\winscp.rnd
[2013/04/05 07:37:42 | 000,018,519 | ---- | C] () -- C:\Users\Thommy Kane\Documents\group%20permissions..rtf_0.odt
[2013/04/04 09:48:00 | 000,002,492 | ---- | C] () -- C:\Users\Thommy Kane\Documents\insertion order.rtf
[2013/04/03 09:22:32 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/03/30 13:32:44 | 000,019,263 | ---- | C] () -- C:\Users\Thommy Kane\Documents\group permissions..rtf
[2013/01/05 17:13:33 | 000,003,584 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/28 15:51:08 | 000,000,282 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Roaming\ANICONFIG_{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}.ini
[2012/11/25 09:42:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/09/15 11:22:57 | 019,162,696 | ---- | C] () -- C:\Users\Thommy Kane\povwade.wav
[2012/07/29 06:08:10 | 000,000,600 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\PUTTY.RND
[2012/05/15 09:59:56 | 000,772,558 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/07 10:52:09 | 000,007,602 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\resmon.resmoncfg
[2012/04/06 14:14:10 | 000,001,456 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/04 09:25:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/04/04 09:21:18 | 000,003,284 | ---- | C] () -- C:\Users\Thommy Kane\AppData\Roaming\ANIWZCS{24CDAAC8-65CA-46C0-B4C2-9738D73189CC}
[2012/04/04 09:20:10 | 000,302,080 | ---- | C] () -- C:\Windows\lwd.exe
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 02:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 01:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 21:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 01:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 02:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 02:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 08:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 02:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 01:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 01:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 09:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 02:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 01:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 21:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 02:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 02:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 02:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 21:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 21:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 21:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 08:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 21:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 21:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 09:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 09:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 21:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 03:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< %systemroot%\*. /rp /s >
 
========== Drive Information ==========
 
Physical Drives
---------------
 
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD1001FALS-00Y6A0 ATA Device
Partitions: 1
Status: OK
Status Info: 0
 
Drive: \\\\.\\PHYSICALDRIVE1 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD740GLFS-01F8U0 ATA Device
Partitions: 2
Status: OK
Status Info: 0
 
Partitions
---------------
 
DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 932.00GB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 100.00MB
Starting Offset: 1048576
Hidden sectors: 0
 
 
DeviceID: Disk #1, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 69.00GB
Starting Offset: 105906176
Hidden sectors: 0
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 16 bytes -> C:\Users\Thommy Kane\Downloads:Shareaza.GUID
 
< End of report >

Extras.txt:

 

 

OTL Extras logfile created on: 4/26/2013 11:37:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Thommy Kane\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.95 Gb Total Physical Memory | 14.55 Gb Available Physical Memory | 91.26% Memory free
33.89 Gb Paging File | 31.65 Gb Available in Paging File | 93.41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 69.15 Gb Total Space | 8.57 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive D: | 931.51 Gb Total Space | 815.81 Gb Free Space | 87.58% Space Free | Partition Type: NTFS
 
Computer Name: ELISE | User Name: Thommy Kane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_USERS\S-1-5-21-3672244602-1110161311-1925886221-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{138F7349-9E2E-4D33-8270-2A31CAA485E4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{31C0E536-F0FF-4936-8389-E4E1B21AD1F3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3B17E3E5-3211-43FD-867D-A0F4EFE6A307}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3DA432D7-6D38-49FD-B7F6-653178359751}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{401AC30D-6321-40E7-968A-FB319C86D8A5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{439D02E1-85AF-4857-9400-70C9EC9CB277}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{596DFAE2-22DC-4EE9-B267-03511D728F2A}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5D0630FB-E529-4A3A-AA40-D113AFA38CF6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{802C7701-35BB-439B-9476-A1D3F1B7F0A5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{8C13B471-DCD5-42D7-9E77-35776BAD5BE1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{97A5346B-9485-44E1-A7C5-EC7EE7E2A872}" = rport=138 | protocol=17 | dir=out | app=system | 
"{A4839CB0-3115-48F7-91E8-6BA811163A2D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B19DB717-B5CF-46CC-B258-93686D30D221}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B8809F36-C60C-4CA8-9AC6-B91EFF5CD7AE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C090CE68-A8C8-4F71-AE60-554D66CD041A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C86A6D93-9820-4901-AA14-F433108BA2D0}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{CC7C0C94-0222-42CE-829A-F4104680F402}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D9D5C426-3349-4085-9BC1-8B0686DF6237}" = lport=1886 | protocol=6 | dir=in | name=genieo | 
"{DF6327FF-0A1D-4252-AE09-8DF5CDC5F5A3}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E85AD42D-BEA3-49BF-87B6-8F70FCABDDB0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F032676A-2962-444F-8E40-BBE02568BCFB}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F0DC3264-D065-4BDB-8D74-1027D1401BD3}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F43113A3-5858-48DC-8F1E-D8594C0ADA59}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F6FA31E4-10BE-45FA-B26D-86AF0B7D4234}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C40A0E-91B5-4739-A804-8D6249653659}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{05882FF8-1473-495B-8F69-C3E78FCB0A34}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{067D77C6-E29C-478D-9DAA-C6ACBF832FEC}" = protocol=6 | dir=out | app=system | 
"{0A1CA243-461D-4542-874E-AAB05AA847A9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0B474379-F6D6-4A93-B321-A4B87204F2E6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0C34D10B-7EB9-4B68-B182-0F92237672A7}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{0CA4588E-45BB-4C4C-B721-A5A0A24B7FC9}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{20467F7F-DA44-41D6-B58C-FF2D3B0223F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{210634DA-F9C5-45CE-9A74-051F170C6A6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{344AE8E6-D05E-45D1-AB30-854FCFF338E2}" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe | 
"{37B39143-AC84-47A7-AF89-D19D0A48C923}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{390535D1-87DA-4E0E-9022-6F0E2DB48DFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{39093ED4-66B3-430D-ABC0-9EFA3BE03E78}" = protocol=6 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe | 
"{41C4421A-ABEB-4426-910A-F54063C79D3A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{41FD7A5D-F472-4342-839F-9EB02390E69F}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{47F5991A-116D-4E79-821B-6FC076BE6849}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe | 
"{54A374F6-6921-45F3-AAA9-AF06161B5F29}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{57F7477A-C3B2-4233-89B6-562C40A794FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5A4A1C0D-E9DA-4CC5-8D04-3B2955BA5329}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5ACA103C-9C73-4CE8-AD6B-91837E3BBD9C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5AFB1FA2-C7E3-439E-924B-AC531722700C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{64F87067-8DDD-43AC-BFF4-6E8923312D8A}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\snac64.exe | 
"{67E2D2AC-223F-4DCF-9B44-6821E1BB2082}" = protocol=17 | dir=in | app=c:\users\thommy kane\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{703CEB35-FC91-4449-86F9-867F98B5B434}" = protocol=6 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{76CE4FB0-6092-454B-93D8-01030A0C2672}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{79BE5BB8-632D-4A08-A77B-CAB7F8FA1B1D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{89122345-B51E-4EBD-A180-8410F407D5A6}" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe | 
"{89966447-3E31-454F-AB03-758BCD6593E8}" = protocol=17 | dir=in | app=c:\program files (x86)\symantec\symantec endpoint protection\smc.exe | 
"{95970464-D5FE-4184-AE8D-A951CD652ACA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{96026132-6D5B-4070-B2D5-42E7170BBB2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{980FEEB2-C967-4140-BE84-546420032D90}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{9E9957A6-F70D-4441-A193-C941D821DB32}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{A0A3EC59-EE62-4E99-B618-B17E3C17CBC2}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{AF544D90-E35A-43E5-9A3C-96BFB6606662}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B72CC6BD-5205-47F6-8A7C-864134CAA885}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{BDEB40A9-9C82-41C2-844B-6B38C038B381}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C31FF25D-6172-4ED3-9B92-132A9800A225}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\symantec shared\ccapp.exe | 
"{C4B902DE-5B0B-48E2-B0D5-158B67AD28D5}" = protocol=17 | dir=in | app=c:\program files (x86)\shareaza applications\shareaza\shareaza.exe | 
"{CAE83DFF-1B85-425E-9D1B-4F7C14604020}" = protocol=6 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
"{CC7C2D90-6198-48CC-BF52-4A58E17A888D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CD496E6A-4302-4A90-AEFC-6328F4B8422A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D0A34289-A446-452D-AFA4-8FA843A4AB1A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{D500A671-4E34-4DDD-B851-C19251F29E24}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{E5E9C108-200E-493F-858C-EEF06858EDB4}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{F70CF29C-F4D1-448E-85C2-565747ED4581}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F8658FD2-1170-491F-B460-BB4C92458EB9}" = protocol=6 | dir=in | app=c:\users\thommy kane\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{F9BEEF79-C0CF-4468-B0B8-7EA35F2703C6}" = protocol=17 | dir=in | app=d:\star wars-the old republic\launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{73CA0462-DD49-495D-A6E5-AC4CF6F5FAC1}" = Symantec Endpoint Protection
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9387E5ED-7D5D-A744-6BDC-8F6CB26DE09A}" = AMD Fuel
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4956225B-6763-4944-9B70-E31403D1DFC9}" = Shareaza
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = AMD VISION Engine Control Center
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E320B23C-E9DC-377C-837E-D6D4BD27B169}" = Google Talk Plugin
"{E45CACFE-0576-4375-A84F-C34B99A7B652}" = D-Link DWA-125
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SMPlayer" = SMPlayer 0.6.9
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/16/2013 6:13:43 PM | Computer Name = Elise | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Tracking Cookies in File: Cookie:thommy kane@atdmt.com/
 by: Startup scan.  Action: Quarantine failed : Leave Alone failed.  Action Description:
 The file was deleted successfully.    
 
Error - 4/16/2013 8:37:32 PM | Computer Name = Elise | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
 time stamp: 0x4f97642d  Faulting module name: JavaScriptCore.dll, version: 7534.57.3.3,
 time stamp: 0x4f973ed0  Exception code: 0xc0000005  Fault offset: 0x00089357  Faulting
 process id: 0xc88  Faulting application start time: 0x01ce3aefe1681602  Faulting application
 path: C:\Program Files (x86)\Safari\Apple Application Support\WebKit2WebProcess.exe
Faulting
 module path: C:\Program Files (x86)\Safari\Apple Application Support\JavaScriptCore.dll
Report
 Id: fcf041c2-a6f6-11e2-b8db-c8600079fc93
 
Error - 4/17/2013 11:19:17 AM | Computer Name = Elise | Source = Application Hang | ID = 1002
Description = The program javaw.exe version 7.0.170.2 stopped interacting with Windows
 and was closed. To see if more information about the problem is available, check
 the problem history in the Action Center control panel.    Process ID: 1598    Start Time:
 01ce3b7d30d6a7f2    Termination Time: 82    Application Path: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
 
Report
 Id:   
 
Error - 4/21/2013 10:05:15 AM | Computer Name = Elise | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Application or service 'Google Chrome' could not be shut down.
 
Error - 4/22/2013 11:34:10 PM | Computer Name = Elise | Source = Symantec AntiVirus | ID = 16711720
Description =       Symantec Endpoint Protection has determined that the virus definitions
 are missing on this computer. This computer will remain unprotected from viruses
 until virus definitions are downloaded to this computer.Application has encountered
 
 
Error - 4/24/2013 6:27:40 PM | Computer Name = Elise | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Windows\system32\taskmgr.exe".Error
 in manifest or policy file "C:\Windows\system32\taskmgr.exe" on line 0.  Invalid 
Xml syntax.
 
Error - 4/24/2013 6:27:42 PM | Computer Name = Elise | Source = SideBySide | ID = 16842811
Description = Activation context generation failed for "C:\Windows\system32\ndfapi.dll".Error
 in manifest or policy file "C:\Windows\system32\ndfapi.dll" on line 0.  Invalid Xml
 syntax.
 
Error - 4/25/2013 3:16:08 AM | Computer Name = Elise | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
 stamp: 0x501fefb5  Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
 0x4f55e10b  Exception code: 0xc0000005  Fault offset: 0x00000000000033c1  Faulting process
 id: 0x848  Faulting application start time: 0x01ce3aeefcb6c663  Faulting application
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe  Faulting module
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll  Report Id: ff6e8994-ad77-11e2-b8db-c8600079fc93
 
Error - 4/25/2013 7:11:30 AM | Computer Name = Elise | Source = Symantec AntiVirus | ID = 16711731
Description =       Security Risk Found!Tracking Cookies in File: Cookie:thommy kane@realmedia.com/
 by: Startup scan.  Action: Quarantine failed : Leave Alone failed.  Action Description:
 The file was deleted successfully.    
 
Error - 4/26/2013 8:23:35 AM | Computer Name = Elise | Source = SescLU | ID = 13
Description =   LiveUpdate returned a non-critical error.  Available content updates
 may have failed to install.
 
Error - 4/26/2013 8:28:53 AM | Computer Name = Elise | Source = Application Error | ID = 1000
Description = Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time
 stamp: 0x501fefb5  Faulting module name: Device.dll, version: 4.1.0.0, time stamp:
 0x4f55e10b  Exception code: 0xc0000005  Fault offset: 0x00000000000033c1  Faulting process
 id: 0x64c  Faulting application start time: 0x01ce418507e0f1dd  Faulting application
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe  Faulting module
 path: C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll  Report Id: dabcd0b5-ae6c-11e2-be0c-c8600079fc93
 
[ System Events ]
Error - 12/6/2012 8:52:36 AM | Computer Name = Elise | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 12/6/2012 8:46:12 PM | Computer Name = Elise | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 12/7/2012 7:42:29 AM | Computer Name = Elise | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 12/7/2012 7:21:30 PM | Computer Name = Elise | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
Error - 12/8/2012 12:02:42 PM | Computer Name = Elise | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 12/12/2012 3:27:40 AM | Computer Name = Elise | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
 storage could not grow due to a user imposed limit.
 
Error - 12/12/2012 8:54:58 AM | Computer Name = Elise | Source = Service Control Manager | ID = 7034
Description = The AMD FUEL Service service terminated unexpectedly.  It has done
 this 1 time(s).
 
Error - 12/12/2012 8:54:58 AM | Computer Name = Elise | Source = Service Control Manager | ID = 7038
Description = The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService
 with the currently configured password due to the following error:   %%1352    To ensure
 that the service is configured properly, use the Services snap-in in Microsoft 
Management Console (MMC).
 
Error - 12/12/2012 8:54:58 AM | Computer Name = Elise | Source = Service Control Manager | ID = 7000
Description = The WinHTTP Web Proxy Auto-Discovery Service service failed to start
 due to the following error:   %%1069
 
Error - 12/12/2012 8:00:02 PM | Computer Name = Elise | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!
 
 
< End of report >

Edited by zaphryn78, 26 April 2013 - 11:09 AM.


#6 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2013 - 11:11 AM

aswMBR:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software

Run date: 2013-04-26 11:51:31
-----------------------------
11:51:31.362    OS Version: Windows x64 6.1.7601 Service Pack 1
11:51:31.362    Number of processors: 6 586 0x102
11:51:31.363    ComputerName: ELISE  UserName: 
11:51:32.610    Initialize success
11:56:00.499    AVAST engine defs: 13042600
11:56:38.213    Disk 0  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-9
11:56:38.215    Disk 0 Vendor: WDC_WD1001FALS-00Y6A0 05.01D05 Size: 953869MB BusType: 11
11:56:38.217    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-8
11:56:38.219    Disk 1 Vendor: WDC_WD740GLFS-01F8U0 03.03V01 Size: 70911MB BusType: 11
11:56:38.274    Disk 1 MBR read successfully
11:56:38.277    Disk 1 MBR scan
11:56:38.282    Disk 1 Windows 7 default MBR code
11:56:38.294    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
11:56:38.324    Disk 1 Partition 2 00     07    HPFS/NTFS NTFS        70809 MB offset 206848
11:56:38.389    Disk 1 scanning C:\Windows\system32\drivers
11:56:50.977    Service scanning
11:57:30.194    Modules scanning
11:57:30.200    Disk 1 trace - called modules:
11:57:30.537    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
11:57:30.541    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0xfffffa800e28e060]
11:57:30.545    3 CLASSPNP.SYS[fffff880018fc43f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa800decc1f0]
11:57:31.082    AVAST engine scan C:\Windows
11:57:32.597    AVAST engine scan C:\Windows\system32
12:01:16.755    AVAST engine scan C:\Windows\system32\drivers
12:01:30.108    AVAST engine scan C:\Users\Thommy Kane
12:04:35.070    Disk 1 MBR has been saved successfully to "C:\Users\Thommy Kane\Desktop\MBR.dat"
12:04:35.124    The log file has been saved successfully to "C:\Users\Thommy Kane\Desktop\aswMBR.txt"

 

 

CKFILES

 

 

CKScanner 2.2 - Additional Security Risks - These are not necessarily bad
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.NA.11.GKAPVR
 ----- EOF ----- 


#7 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:45 AM

Posted 26 April 2013 - 04:29 PM

Hi zaphryn78

Can you tell me if this is a corporate/company computer or a home business computer? Working on a corporate computer can sometimes change settings and potentially harm your system which your company might not be too pleased about and could leave us liable for a lawsuit. Please let me know if this is the case.

Meanwhile:

 

Run Security Check

Download Security Check by screen317 from here or here.
 

  • save it to your Desktop.
  • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • a Notepad document should open automatically called checkup.txt; please post the contents of that document.

Can you tell me what the current problems are.

 

Satchfan
 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2013 - 05:52 PM

this is a personal computer. I do handle a lot of business on it though. I run two companies. 

 

I'll be working on that next scan for you now. Info will be up shortly. 



#9 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 26 April 2013 - 06:06 PM

Well here it is. I think something we've done may have gotten rid of it. I'm not too positive as it hides and returns often. 

 

But the main issue was just a dllhost file that kept reappearing and using 10-15 million of my RAM. I think it may be solved though. I haven't had an issue since the last list of scans you asked me to run. We'll see. 

 

Here is the data you asked for from security check: 

 

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Symantec Endpoint Protection    
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 32  
 Java 7 Update 17  
 Java version out of Date!
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.3 Adobe Reader out of Date!
 Mozilla Firefox (20.0) 
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log``````````````````````

Edited by zaphryn78, 26 April 2013 - 06:06 PM.


#10 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:45 AM

Posted 27 April 2013 - 10:50 AM

You have Symantic Endpoint Protection, (SEP), AND Microsoft Security Essentials, (MSE) running on your computer. You cannot run two antiviruses.

 

ccapp.exe, which is seen in your log as a running process, is an application that launches Norton’s Antivirus. It calls a host of DLLs that are needed to run SEP.

 

I suggest you either uninstall either SEP or MSE.

 

If you uninstall MSE, you will also need to disable Windows firewall, which is enabled at the moment, as SEP also has a firewall and you cannot run two firewall either.

 

Please do this and run SecurityCheck again.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 27 April 2013 - 12:13 PM

It appears that the dllhost.exe file is at it again. It started again this afternoon using 15 million of my RAM again. So apparently the problem still isn't solved. 

I removed MSE, got rid of the firewall and re-scanned security check as you requested.

 

I downloaded MSE after the problem began as another attempt to try to find it and remove the issue. Probably wasn't a good idea. but it's all gone now. Here is the latest SecurityCheck results:

 

 

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Symantec Endpoint Protection    
Microsoft Security Essentials   
  (On Access scanning disabled!) 
 Error obtaining update status for antivirus!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 JavaFX 2.1.1    
 Java™ 6 Update 32  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.3 Adobe Reader out of Date!  
 Mozilla Firefox (20.0) 
 Google Chrome 26.0.1410.64  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 1% 
````````````````````End of Log`````````````````````` 


#12 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 27 April 2013 - 12:15 PM

I couldn't find MSE in my programs folder to uninstall it. So I ran a Microsoft Fix it to help me uninstall it and according to this latest Security Check it appears to still be there...just disabled. Let me know if I'm doing something wrong here. 



#13 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:45 AM

Posted 27 April 2013 - 12:35 PM

It will be listed as Microsoft Security Client in Control Panel > Programs & features.

 

If you don't see it, please do this:

 

Run HijackThis

 

  • click on Config and then on the Misc Tools button
  • if you're viewing HijackThis from the Main Menu, click on Open the Misc Tools Section
  • click on the Open Uninstall Manager button
  • click the Save List button.

Copy and paste that list here.

 

You still have Windows firewall enabled. Please disable it.

 

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 28 April 2013 - 10:57 AM

Here is the list. I do not see Microsoft security client in list of programs. 

 

My windows firewall options are being controlled by Symantec Endpoint

 

 

Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.3)
Apple Application Support
Apple Software Update
Audacity 2.0.2
Catalyst Control Center - Branding
D3DX10
D-Link DWA-125
FileZilla Client 3.6.0.2
Google Chrome
Google Talk Plugin
Google Update Helper
Java 7 Update 17
Java™ 6 Update 32
JavaFX 2.1.1
LiveUpdate 3.3 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 20.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
OpenOffice.org 3.4
PDF Settings CS5
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Shareaza
Skype Click to Call
Skype™ 6.1
SMPlayer 0.6.9
Star Wars: The Old Republic
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
World of Warcraft


#15 zaphryn78

zaphryn78
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 28 April 2013 - 06:56 PM

It looks like dllhost.exe file is reappearing again. it happened early this morning. Just keeping you posted.

 

also, I really appreciate all of the time you have spent helping me out here. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users